IT teams struggle to develop adequate security strategies with the multitude of devices on ever-expanding corporate networks. Protecting IoT investments is critical for business survival and growth, yet IoT security presents unique challenges.
A machine learning (ML) approach to IoT security can address some of these challenges. It solves the issue of identifying unknown devices on a network, ensuring they’re included in the existing security framework and makes IoT management easier for busy IT teams.
Machine learning in IoT security
IoT devices are typically the weakest link in a corporate network, but they’re infinitely useful to a business. Add in their scalability, and it’s not hard to understand why businesses continue to expand their use. Cybersecurity teams need additional technology to keep track of all the devices and keep the network safe.
At a general level, ML can protect IoT by automating the scanning and management of IoT devices across the entire network. They can scan all devices on the network, shutting down attacks automatically before IT teams are aware of it. That’s what happened in 2018 with Microsoft’s Windows Defender software when it shut down a Trojan malware attack in 30 minutes.
Looking deeper, ML helps identify all devices on a network, including those that only connect intermittently. It can automate the rollout of a network segmentation strategy by adding devices automatically to the appropriate segment based on the rules set up in advance. IT teams are freed up to work on more valuable technology projects and manage the company’s overall cybersecurity strategy more quickly and effectively.
In-depth view of machine learning in IoT security
ML helps IoT security teams make intelligent predictions and responses based on previous behavior. In the case of known vulnerabilities and attacks, such as distributed denial of service, it compares current network behavior with behavior patterns from attack examples and takes protective action.
Services, such as AWS IoT Device Defender, Extreme Networks solutions or Microsoft’s Azure Security Center for IoT, offer ML capabilities for IoT security, including device-level anomaly detection and automated threat response.
In the Microsoft’s Windows Defender example, client-side and cloud-based ML systems automatically compare current network use against 30 security protection models in parallel. Some of those models use millions of factors to determine what’s positive or negative behavior for known attacks.
To protect against unknown vulnerabilities and zero-day attacks, ML models monitor IoT devices and network activity to detect behavior that’s out of the ordinary in real time and take protective measures immediately. Many ML systems automatically update daily to keep pace with the changing threat landscape, which makes ML ideal for protecting complex networks. It instantly reviews the large digital footprint of an IoT fleet and compares the fleet’s behavior with known threats and historical behavior. Only a network using ML systems can act this quickly to spot threats before they break into the main corporate network via IoT devices.
Advantages of machine learning in IoT security
The main advantage of ML in IoT security is the speed with which it scans, detects and protects devices and networks. It can bring modern security models and frameworks to all networks, including those still using legacy technologies and IoT devices. Here’s a closer look at two ML advantages.
Finding and identifying all the IoT devices on a network
Given how expansive and complex an IoT fleet can be, IT teams may not know about all the IoT devices currently on their network, especially ones that connect intermittently or use legacy protocols to send or receive data. They’re “hidden” from a security perspective until they become active or are the target of an attack.
ML can identify IoT devices on a network because it automatically scans and compares historical network behavior. For example, an ML model can detect a potential hidden device if it knows that network traffic increases at a particular location on a certain day every month. IT managers can then send a team to physically check the location to verify the device and incorporate it in future security plans.
Adding IoT devices more efficiently to network segments
Creating network segments is only one part of the task; IT teams have to add devices to the segments to work properly. That’s a challenge with the sheer number of IoT devices on a network. Combining ML with network segmentation makes it easier and more efficient.
Teams can set up the segments and edge device rules to start, and ML models will then automatically monitor, scan and protect the devices accordingly. As devices connect, ML systems automatically put them in the appropriate security group based on those rules. This frees up IT staff to work on more valuable technology activities and strategies while still maintaining relevant and updated security for IoT devices.
Disadvantages of ML in IoT security
ML can identify legacy IoT devices and even communicate with them; however, if they’re too old or not updated, it leaves them vulnerable to attack. The ML system must be set up to identify legacy devices and then alert IT admins when devices no longer connect. Otherwise, devices can just become an entry on a “previously connected” report that might not get caught in time to prevent an attack.
Likewise, the variety in IoT devices in a fleet can make it challenging for ML to stay up to date. Depending on the ML service being used, the model may update its device compatibility lists on a schedule that doesn’t match the everchanging threat landscape. The devices that ML can scan for and protect today may not be the same tomorrow. ML is only as good as the systems and security models supporting it.
Many IoT devices require ultra-reliable, low-latency communication, such as sensitive surgical devices, assembly line production systems and traffic monitoring systems. Organizations or individuals typically use these devices 24/7, meaning ML protocols can’t be set up to run during off-hours; there are none. A ML-initiated scan or monitoring protocol may take up precious bandwidth for these devices, rendering them too slow or even inoperable during that time. IT teams need to be aware of the role and use of IoT devices when implementing their ML strategy. The typical setup may not work.