TOP CYBER NEWS

  • HOME
  • ATTACKS
  • MALWARES
  • STRATEGIES
  • THREATS
    • Threat Defense
    • Threats Analysis

Securing IoT with Dynamic Segmentation

by Top Cyber News / Thursday, 30 May 2019 / Published in Strategies

The idea of the pending influx of Internet of Things (IoT) devices just waiting to jump on my network is starting to give me heartburn. Sure, you could probably think of all the crazy thermostats and speakers and lightbulbs in your house right now. But what about enterprise or industrial IoT devices? Gas pumps. Badge readers. Healthcare devices like insulin pumps. Even the microwave in the break room!

The hardest thing about IoT is how dumb it really is. Sure, we bill these devices as “smart” when we sell them. But most IoT devices are about as unintelligent as they come. They have the most rudimentary chipsets possible to make them as cheap to manufacture as they can get. So most of them support bare-bones 802.11n chipsets in the 2.4GHz range and have very few additional security features built into the chipsets.

The way to secure IoT devices isn’t to make them smarter. Instead, we have to make our networks smarter and ensure that the right decisions are made by our infrastructure to keep things safe when the devices can’t do it themselves. That’s where Aruba is starting to make some great strides. During Aruba Atmosphere 2019 there was a great session on dynamically securing IoT devices with Aruba ClearPass and IntroSpect.

Dynamic Segmentation Solution

The dynamic segmentation process that Aruba has developed has a few key features that are very important for these unintelligent IoT devices. One example is MAC pinning. You’d think that keeping a device connected to a switch port authenticated would be easy, right? Except when that device is designed to be as unobtrusive as possible and does things like not responding to pings sent to verify the device is still alive on the other side of the link. Aruba has figured out how to pin the IoT device MAC address to the port so that it’s always authenticated until it’s unplugged or removed. And because the MAC address of the device is used to ensure authentication you can protect yourself from someone plugging in a different device and trying to hijack the port into more critical systems, like Electronic Medical Records (EMR), for example.

Profile Prowess

The other big key for IoT devices in your network is visibility, which comes from the discovery and profiling features that ClearPass offers. Aruba announced some significant enhancements to these capabilities at Atmosphere 2019 with a new member of the ClearPass family called ClearPass Device Insight. ClearPass Device Insight uses deep packet inspection and machine learning to intelligently identify the full-spectrum of devices connected to the network. On the enforcement side, if you have a device that answers calls to authenticate via a protocol like 802.1X, ClearPass will accept it. When the devices aren’t that smart, ClearPass will authenticate the devices using MAC authentication. But ClearPass can also work with IntroSpect to start profiling the traffic to ensure that the profiles built into the solution only allow the proper device traffic on the network.

Imagine, for example, that I’m in a hospital room with someone. I’m bored, so I decide to play around a little on the network. I notice an insulin pump plugged into the network but not in use right now. So I grab it and clone the MAC address for my laptop. I plug in and start doing a little recon work to figure out how far I can get. IntroSpect sees the insulin pump MAC address on the network and notices that my traffic profile is way out of line for what that device should be doing. Instead of talking to a server at a nurse’s station or reporting to another device, my formerly-trusted MAC address is reaching out to different subnets and sending the wrong kind of traffic. IntroSpect could then trigger ClearPass to perform a change of authorization for this particular IoT device and quarantine it until someone can figure out why an insulin pump is a port scanning the network.

Tunnel Ahead

The last important piece of dynamic segmentation is User-Based Tunnels through Aruba’s Policy Enforcement Firewall (PEF) technology. Just like the infrastructure in a mobility controller that tunnels user traffic back to to the device, so too can User-Based Tunneling send all the traffic from an IoT device back to PEF, built into the Mobility Controller – and this can be done over the wireless APs as well as the wired switches.

Why would you want to do that? Well, you could authenticate the traffic for one thing. You could also fingerprint devices with better accuracy than the edge switch. You could do deep packet inspection on the traffic coming from the device to ensure that it’s not being used as an attack vector. You could even firewall the traffic to ensure that things that aren’t supposed to be flooding your network are stopped close to the edge, like security cameras being used to launch a DDoS attack.

User-Based Tunnels are great for policy enforcement. When your user travels from one side of the campus to the other, the policies defined in ClearPass can follow them. When an IoT device moves from one side of the hospital to the other the same policies can follow it as well. That means that polices are sticky to devices and not to wiring closets. That’s a huge win for your network admins, as they will spend less time configuring edge cases on the edges of your network and more time on making sure your policies are in place to handle any kind of devices that they might find.

IoT doesn’t have to be scary. With the right infrastructure in place, you can easily handle any devices that pop up, from lightbulbs to blood pressure monitors. You can ensure they’re capable of communicating with the right locations in the network and only the right devices can do that communication. Dynamic segmentation ensures that the network as a whole is much more secure and more capable than ever of weathering the coming IoT storm.

Related Content
See Aruba CTO Partha Narasimhan talk about dynamic segmentation.

Learn more about how Dynamic Segmentation can support IoT.

About the Author

tom

Tom Hollingsworth Blog Contributor

Tom Hollingsworth, CCIE #29213, is an event lead for the Tech Field Day events series. He also writes about networking and related technologies on his blog at http://networkingnerd.net. With over 10 years…

Full bio

Post Views: 356
Tagged under: Dynamic, IoT, Securing, Segmentation

What you can read next

How to use Azure Automation to issue Let’s Encrypt certificates
Enterprise Data Encryption Hits All-time High
Criminals Move Markets to Remain in the Shadows

43 Comments to “ Securing IoT with Dynamic Segmentation”

  1. Best Realtor Tallahassee says :Reply
    June 17, 2019 at 5:21 AM

    771027 901670My California Weight Loss diet invariably is an cost effective and versatile staying on your diet tv show made for individuals who find themselves preparing to drop extra pounds and furthermore ultimately keep a a lot healthier habits. la weight loss 575870

  2. roofing contractors providence ri says :Reply
    June 19, 2019 at 5:38 PM

    283848 468652I believe this web web site has got quite exceptional indited articles content . 176551

  3. water clean up near me says :Reply
    June 19, 2019 at 6:28 PM

    222080 284678Wow What excellent details. Thank you for the time you spent on this post. 424251

  4. jasmine perfume oil says :Reply
    June 19, 2019 at 7:45 PM

    403824 667777Ive been absent for a even though, but now I remember why I used to enjoy this internet site. Thank you, I will try and check back much more often. How regularly you update your website? 694982

  5. Application of silicon carbide in the field of electric vehicles says :Reply
    June 24, 2019 at 4:02 PM

    617601 582383You must participate in a contest for among the best blogs on the web. I will suggest this internet site! 171830

  6. GCLUB says :Reply
    June 26, 2019 at 6:17 AM

    898119 171559so significantly great details on here, : D. 462682

  7. judi poker says :Reply
    June 27, 2019 at 12:57 PM

    45255 20463The other day, while I was at work, my cousin stole my iphone and tested to see if it can survive a 25 foot drop, just so she can be a youtube sensation. My iPad is now destroyed and she has 83 views. I know this is entirely off topic but I had to share it with someone! 589506

  8. 호스트바 says :Reply
    June 28, 2019 at 6:06 AM

    108856 835023really good publish, i certainly adore this web web site, carry on it 176058

  9. blockchain says :Reply
    June 28, 2019 at 12:01 PM

    45058 761127Naturally I like your web-site, even so you require to check the spelling on several of your posts. Several of them are rife with spelling issues and I locate it really silly to inform you. On the other hand I will certainly come again once again! 728497

  10. Istanaimpian2 says :Reply
    June 30, 2019 at 1:59 AM

    89329 377044Aw, this became an incredibly nice post. In idea I would like to set up writing like that additionally – taking time and actual effort to create a great article but what / points I say I procrastinate alot by means of no indicates appear to get something completed. 87949

  11. IM Jetset says :Reply
    June 30, 2019 at 11:56 PM

    694635 428394The electronic cigarette uses a battery and a small heating component the vaporize the e-liquid. This vapor can then be inhaled and exhaled 696217

  12. friv.run/ says :Reply
    July 1, 2019 at 2:03 AM

    187831 417829TeenVogue? Looking for fashion advice, celebrity buzz or beauty trends? Uncover it all in Teen Vogue 738338

  13. tree service says :Reply
    July 2, 2019 at 4:45 PM

    204478 282256I respect your piece of work, appreciate it for all the interesting content . 994267

  14. abstract artwork says :Reply
    July 3, 2019 at 5:29 AM

    776567 186599Exceptional weblog here! Additionally your site rather a lot up rapidly! What host are you the usage of? Can I get your affiliate link to your host? I wish my site loaded up as rapidly as yours lol 560664

  15. special info says :Reply
    July 4, 2019 at 3:19 AM

    395585 943595Cheapest player speeches and toasts, or perhaps toasts. continue to be brought about real estate . during evening reception tend to be likely to just be comic, witty and therefore instructive as well. best man speeches free of charge 133429

  16. Your Dream Home Improvements says :Reply
    July 5, 2019 at 9:07 AM

    840842 756701Right after study a few of the blog posts on your own site now, we truly like your way of blogging. I bookmarked it to my bookmark internet internet site list and are checking back soon. Pls consider my web-site likewise and make me aware in the event you agree. 449553

  17. บาคาร่า says :Reply
    July 7, 2019 at 5:27 AM

    398417 526467Oh my goodness! an exceptional post dude. Numerous thanks However We are experiencing issue with ur rss . Dont know why Not able to sign up to it. Could there be anybody getting identical rss dilemma? Anyone who knows kindly respond. Thnkx 101382

  18. onion wiki says :Reply
    July 7, 2019 at 6:36 AM

    630572 578535Hey, are you having issues along with your hosting? I needed to refresh the page about million times to get the page to load. Just saying 150038

  19. Best Realtor Tallahassee says :Reply
    July 8, 2019 at 5:50 AM

    261471 910872educator, Sue. Although Sue had a list of discharge instructions in her hand, she paused and 296843

  20. Charlotte Johansson says :Reply
    July 8, 2019 at 7:17 PM

    497312 1584I want reading by way of and I conceive this website got some actually utilitarian stuff on it! . 42809

  21. บาคาร่า says :Reply
    July 10, 2019 at 6:03 AM

    250270 154591Very intriguing info !Perfect just what I was searching for! 910185

  22. Hydrographic Coatings says :Reply
    July 10, 2019 at 10:37 AM

    919440 909120Companion, this internet website will likely be fabolous, i merely like it 723639

  23. https://aboutbuyingtraintickets.sitey.me/blog/what-you-need-to-know-about-finding- says :Reply
    July 11, 2019 at 3:24 AM

    235614 994883I discovered your weblog website internet web site on the internet and appearance some of your early posts. Continue to keep within the wonderful operate. I just now additional increase your Rss to my MSN News Reader. Seeking toward reading far much more from you discovering out at a later date! 479030

  24. Dental products Athens Greece Novamind says :Reply
    July 14, 2019 at 10:29 PM

    709195 985566Id need to consult you here. Which is not some thing It is my job to do! I spend time reading an write-up that could get people to think. Also, numerous thanks for permitting me to comment! 272483

  25. hair transplant montreal says :Reply
    July 15, 2019 at 2:56 AM

    900552 49768Excellent read, I just passed this onto a friend who was performing some research on that. And he truly bought me lunch since I discovered it for him smile So let me rephrase that: Thank you for lunch! 787297

  26. Best Tallahassee real estate agent says :Reply
    July 16, 2019 at 12:37 PM

    936567 586898I was suggested this weblog by way of my cousin. Im no longer certain whether or not this put up is written by him as nobody else realize such detailed about my trouble. You are great! Thanks! 435006

  27. 4d live says :Reply
    July 16, 2019 at 5:06 PM

    375798 272308Woh I like your posts , saved to fav! . 920948

  28. Totojitu says :Reply
    July 18, 2019 at 12:50 AM

    212969 517895Thank you for the auspicious writeup. It in fact was a amusement account it. Appear advanced to a lot more added agreeable from you! Nevertheless, how could we communicate? 867025

  29. Togelsumo says :Reply
    July 18, 2019 at 1:59 AM

    299368 715492Hi, Thanks for your page. I discovered your page via Bing and hope you keep providing more good articles. 450853

  30. Hostings says :Reply
    August 2, 2019 at 5:06 AM

    457637 927677Great post, thanks so significantly for sharing. Do you happen to have an RSS feed I can subscribe to? 907298

  31. alecdrow says :Reply
    August 24, 2019 at 12:54 AM

    134218 349658Yay google is my king assisted me to discover this outstanding website ! . 548405

  32. Richard Greene says :Reply
    September 6, 2019 at 2:54 PM

    its wonderful as your other blog posts : D, thanks for posting.

  33. selling latest movie says :Reply
    September 14, 2019 at 5:02 AM

    240453 535978great post, quite informative. I wonder why the other experts of this sector do not notice this. You need to continue your writing. Im certain, youve a great readers base already! 29494

  34. Website Re-design says :Reply
    October 1, 2019 at 10:33 PM

    993518 59212 very nice post, i surely enjoy this site, maintain on it 423133

  35. http://apartamentynaibizie.pl/bajeczki-do-snu-sbm-578.php says :Reply
    October 10, 2019 at 3:11 AM

    443804 223350I discovered your blog internet web site on bing and appearance several of your early posts. Preserve up the really excellent operate. I just now additional the RSS feed to my MSN News Reader. Seeking toward reading far far more on your part down the road! 742913

  36. w88th says :Reply
    October 11, 2019 at 6:25 AM

    274757 830571Im having a bit concern I cant subscribe your feed, Im making use of google reader fyi. 472777

  37. p2308#https://wmodziesila.pl/forum/zdrowie-f7/suplement-na-odchudzanie-istnieje-cos-takiego-t325.html#p2308 says :Reply
    October 28, 2019 at 10:02 PM

    444803 129993Howdy! I just want to give an enormous thumbs up for the great info you may have here on this post. I will likely be coming back to your weblog for more soon. 938516

  38. Stevunsush says :Reply
    November 4, 2019 at 5:42 AM

    Buy Zithromax Capsules where to purchase alli 60 mg in europe Comprare Cialis Generico Doxycycline 40 Mg Online Orlistat 60 For Sale

  39. Crystal Meth says :Reply
    November 7, 2019 at 7:41 PM

    261787 921643I discovered your weblog website website on the search engines and check several of your early posts. Always maintain up the very great operate. I lately additional increase Rss to my MSN News Reader. Searching for toward reading considerably a lot more on your part later on! 786300

  40. Drogen kaufen says :Reply
    November 13, 2019 at 5:57 PM

    967706 336478Nicely picked details, a lot of thanks towards the author. Its incomprehensive in my experience at present, even so in common, the convenience and importance is mind-boggling. Regards and all the best .. 11643

  41. xì tố trực tuyến says :Reply
    November 22, 2019 at 8:24 AM

    271745 44875I discovered your blog web site on google and check a couple of of your early posts. Proceed to maintain up the excellent operate. I just extra up your RSS feed to my MSN News Reader. In search of ahead to studying extra from you in a even though! 450557

  42. http://tinyurl.com/quest-bars-cheap-44820 says :Reply
    November 24, 2019 at 8:01 AM

    I am regular reader, how are you everybody? This
    paragraph posted at this web site is really pleasant.

  43. tinyurl.com says :Reply
    November 25, 2019 at 8:02 AM

    There’s certainly a great deal to find out about this topic.
    I like all the points you’ve made.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Building A Successful Business Requires Revamping Your Asset Management Security…

    Myriad Of Security Solutions Adding Pressure To...
  • Password-Cracking Teams Up in CrackQ Release

    The open source platform aims to make password-...
  • What’s in a Botnet? Researchers Spy on Geost Operators

    The investigation of a major Android banking bo...
  • New Disk-Wiping Malware Targets …

    ‘ZeroCleare’ shares some of the sam...
  • (Literally) Put a Ring on It: Protecting Biometric Fingerprints

    Kaspersky creates a prototype ring you can wear...

Flights & Hotel Finder

Archives

  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • July 2014
  • June 2014
  • May 2014
  • July 2013
  • January 2013
  • May 2011

Categories

  • Attacks
  • Cyber Security
  • Malware
  • RESOURCES
  • Strategies
  • Threat Defense
  • Threats
  • Threats Analysis

Mission

We aim to provide you the most recent updates and news on cyber matters in this digital world.

Reach us via: [email protected]

© 2018. All rights reserved by Top Cyber News.
Creative Commons License

TOP