Maintaining visibility through the growth of IoT
Data traffic rates over network backbones have increased significantly over the past several years. Fueled by the increasing demand of Internet of things (IoT) devices which continue to be more readily integrated with our daily lives, both domestically and commercially, the average annual volume of data/ information created has almost doubled over the past two years, from 41 zettabytes in 2019 to 79 zettabytes in 2021, with a forecast of growth to 181 zettabytes by 2025 (Statista, 2021).
Over the previous 18 months, this data rate has been driven further by the move to working from home (WFH) where people are using more digital technology, as well as purchasing new IoT devices to help make their WFH life more comfortable.
With an estimated 1.5 billion new IoT devices being connected during 2021 (Statista, 2021), the growth of IoT devices has been significant, with connected devices reaching in to areas of our everyday lives, from wearable smart tech which can monitor our heart rates and encourage us to be more active to connected thermostats enabling the automated control of home heating systems. These devices have traditionally been contained to our personal home networks, making them a less appealing proposition to threat actors. However, with the increased drive to WFH which is likely to continue for many around the globe, the delineation between our personal and corporate LANs is dissolving. This in turn offers a much broader attack landscape than seen in previous years, offering an easier route for initial access prior to moving laterally on to the corporate device utilized by the employee, or through the personal device which may be utilized for business purposes through the use of technologies such as remote desktop protocol, potentially enabling access to the corporate network.
This broadening threat landscape has created a number of previously unseen threat vectors, giving new ways to access networks and creating a more challenging environment for endpoint monitoring solutions and firewalls alone to protect. Additionally, threat actors are continuing to develop more sophisticated attack methods and malware, employing defense evasion techniques or utilizing polymorphic malware in order to remain undetected by host based systems. However, one thing that will always remain true is the communications over a network such as those to command and control servers and between botnets. These communications are essential for a number of activities throughout the Cyber Kill Chain, including reconnaissance, delivery, and command and control.
Visibility over the communications throughout a network is essential for providing defense in depth, supporting a layered and comprehensive security architecture and enabling the identification of malicious activity on a network that may be evading the existing host based systems. In addition to the visibility over these network connections, it is possible to capture and store the communication records across the network, in turn enabling threat hunting teams to employ proactive defense techniques so they are able to actively seek out the potentially malicious activity within the network during the threat actors’ dwell time. This can in turn lead to a reduced Mean Time To Detection (MTTD) and therefore enhance the overall security posture of the organization.
Comprehensive network visibility solutions are likely to be an increasingly essential component in supporting a layered defensive architecture in the future. As more IoT devices become connected resulting in increasing data rates, high rate and unsampled network monitoring solutions are going to be evermore essential to ensuring that the activity conducted by threat actors can be captured and investigated. Therefore, whilst techniques for host based security evasion are constantly evolving, threat actors will always leave a trace of network activity operations and this is enough for threat hunters to gain the upper hand.
Photo Credit: Maxfarruh/Shutterstock
Rob Fitzsimons is a product manager at Telesoft-Technologies, liaising between customers and engineering departments to ensure that products are satisfying their needs and understand where they can be improved. Supported by his background in Military Operational Intelligence and his passion for cyber security, he has a good knowledge of the industry and is always interested in new technologies.