To better serve their citizens and missions, US federal agencies have been adopting the Internet of Things (IoT) to lower cost, improve efficiency an
To better serve their citizens and missions, US federal agencies have been adopting the Internet of Things (IoT) to lower cost, improve efficiency and increase safety. They are implementing smart building strategies to reduce energy costs and environmental impact and improve tenant satisfaction. Defense agencies leverage IoT capabilities for physical security, readiness and situational awareness, among other applications.
Yet a key barrier to IoT adoption in federal agencies has been cybersecurity and with good reason. The recent 2020 Unit 42 report on IoT devices in the US discovered that 98% of all IoT traffic is unencrypted and 57% of IoT devices are vulnerable to medium- or high-severity cyberattacks, making them low-hanging fruit for adversaries. Worryingly, IoT devices are not the target. Rather, they are most often used as a stepping stone for lateral movement to attack other systems on the network. For agencies considering IoT, strengthening security posture first with a Zero Trust strategy is imperative.
Palo Alto Networks recently announced that Zingbox® IoT Guardian, our IoT security product, has achieved the designation of In Process for the Federal Risk and Authorization Management Program (FedRAMP). This cloud-delivered service discovers, identifies, secures, monitors and optimizes the use of connected medical devices, industrial control systems, physical security systems and other non-traditional IT. Agencies will be able to keep their IoT data private while benefiting from thousands of anonymized device profiles and other global data sources that help assess risk and vulnerability of these devices in real time.
Reduce IoT Risk with Zero Trust
Zingbox is an important component of a Zero Trust network strategy. To create and enforce Zero Trust policies, agencies need to identify IoT devices and discover where they are, who is accessing them and how they’re being used. Using Zingbox, agencies can identify, classify and manage their IoT devices’ security throughout their lifecycle, ensuring they are only granted access to authorized resources and networks. A patented machine learning algorithm discovers all devices and identifies context for deeper insights. Behavioral analysis then classifies devices and performs a risk assessment using threat intelligence and vulnerability data. Zingbox then alerts security teams of potential threats, anomalies and exploits. Agencies can define security groups using IoT device context information and organize assets dynamically into context-aware micro-segments. Incident management capabilities trigger actions in Palo Alto Networks Next-Generation Firewalls and third-party products such as network security tools, allowing agencies to enforce security policies in near real time. This way, agencies can quickly locate and quarantine a device operating outside of established parameters or violating policy.
Empower Network and Security Operations Teams
IoT devices also introduce network and security management challenges, partly because there are so many of them. The 2020 Unit 42 IoT Threat Report found that 30% of network-connected devices in an average enterprise are IoT assets, a number that excludes smartphones. IoT popularity is growing, so this is an issue that will only get more challenging.
Zingbox IoT Guardian can ease the IoT burden for network and security operations teams through:
- Asset management. Zingbox automatically discovers, onboards and places devices into appropriate classifications, helping network teams maintain an accurate up-to-date inventory of all IoT devices and apply network segmentation. Device utilization and maintenance tracking helps maximize device operating costs throughout their lifecycle.
- Security and Risk Assessment. Zingbox uses behavioral analysis to detect malicious protocol and application use, identify known threats, expose vulnerabilities and apply a confidence-based risk score helping security teams to prioritize and take appropriate action.
- Remediation: Zingbox alerts, risk scoring and notifications allow security teams to quickly take appropriate action through a direct integration with Palo Alto Networks Next-generation Firewalls and other third-party vendors like asset management and network access controls. Device context and detail of protocol, application, payload and network usage ensure additional measures can be enforced for future prevention.
- Management consolidation. Teams can monitor the security of thousands of different types of network-connected IoT devices from a single screen. Zingbox offers a single console to understand categories of devices for network segmentation, evaluate site-specific device and network use, review device profiles and classifications, understand vendor recalls and identified vulnerabilities, and analyze alerts, risk, vulnerabilities and usage information to ensure protection of government assets.
Learn more about how federal agencies can safely enable IoT devices in their facilities while optimizing their lifecycle management.