This decade has unfolded in an entirely unexpected way. We’ve learned that we are deeply connected but forced to respond by distancing ourselves from each other. Organizations have had to cope with tremendous challenges like rapid remote workforce enablement, which put their digital transformation efforts into overdrive.
Beyond that, broader technology trends like 5G have fueled an explosion of IoT devices, thereby creating data at unsettling levels. Many predict that the world will soon have tens of billions of IoT and operational technology (OT) devices like those running factories and power networks. Those predictions once seemed grandiose; today, we recognize that we are merely scratching the surface.
The proliferation of IoT and OT devices undoubtedly creates challenges, and prominent among these are security risks. While the setting is new, the core security issues remain fundamental: gain visibility into what is happening across your IoT and OT deployments, glean insights from that visibility and take actions against those insights.
To help address these concerns, I’m excited to announce the launch of RSA IoT Security Monitor, a new offering that provides visibility, insights and action into the IoT/OT edge, built organically by the RSA Labs team. To address the unique challenges posed by IoT and OT environments, RSA IoT Security Monitor leverages edge computing principles.
Recall that edge architectures place gateways near IoT and OT devices to act as a common conduit by which those devices connect to the other networks. The Linux Foundation’s EdgeX Foundry is one popular architecture, but edge principles are becoming increasingly common across other settings as well.
RSA IoT Security Monitor provides visibility into edge environments, which in turn provides downstream visibility into the IoT and OT devices connected to that environment. This modern cloud-based service consolidates information from connected devices and applies behavioral analytics, machine learning and advanced threat intelligence to identify anomalies that indicate compromise. These issues are then surfaced in easy-to-understand and actionable alerts that can be viewed and managed in the service dashboard.
With the focus on the edge gateway, RSA IoT Security Monitor facilitates deployments even if the devices are heterogeneous and constrained. In addition, RSA IoT Security Monitor can handle existing (“brownfield”) deployments of IoT and OT devices. These systems are required to run “as-is” with little-to-no patching or replacing available or allowed. Making matters worse, they may be deployed in far-flung locations and installments that make them susceptible to physical access by bad actors.
RSA IoT Security Monitor serves two important use cases:
- First, operations managers responsible for specific IoT or OT systems get a SIEM-like capability to monitor and respond to threats. This type of “first line” capability has been lacking in most IoT and OT deployments, but is increasingly critical as threat actors exploit IoT and OT weaknesses.
- Second, SOC managers can configure RSA IoT Security Monitor to feed IoT and OT visibility to existing IT security systems and processes, giving visibility across all types of connected technology. Alerts are brought into the systems and processes that security teams already use, creating a single, common view for threat detection and response. This ability to handle the convergence of IoT, OT and IT systems is the holy grail for many organizations as they understand that correlating anomalies across the entire attack surface is the best way to identify and respond to today’s sophisticated threats.
If your organization is looking to implement security for IoT infrastructure, check out RSA IoT Security Monitor for more information. Also visit the RSA IoT resource page to learn how to minimize the digital risks in these environments.
Author: Dr. Zulfikar Ramzan, CTO
Category: Research and Innovation, Blog Post
Keywords: IoT, Internet of Things, Incident Response, Threat Detection