In 2016, the Mirai Botnet hijacked over half a million DVRs and IP cameras, redirecting traffic from these endpoints to some of the internet's largest brands and taking many services offline. To those in the security community, the attack wasn't surprising; typically, affordable, commodity internet devices are poorly secured. One unintended consequence of their rapid adoption is expansion of the digital attack surface. We're on the brink of hypervulnerability in the connected world – put there, in part, by an unwitting accomplice: the endpoint.
Today's growing attack surface is dominated by non-traditional endpoints, ranging from something as innocuous as an internet-connected toy to something as critical as connected sensors controlling energy production in a nuclear plant. Emerging virtual endpoints, such as cloud microservices and containers that swarm by design, exacerbate the problem.
According to Statista, by 2020, the number of connected devices in the Internet of Things (IoT) will grow to 31 billion. IoT includes embedded systems in retail, automotive, home automation and entertainment devices, as well as operational technology in the manufacturing and energy sectors. There are already proven hacks of these technologies, and as the population grows, it's hard to imagine how any service pack program or standards body can keep up. As a result, IoT will likely contribute significantly to security vulnerabilities.
Securing the “thing” is not the answer; there will always be too many to manage. Consider an approach leveraging techniques society has used throughout history to protect a large, growing populace. We certainly didn't tag every human to monitor for compliance (although it could be very lucrative for someone selling that snake oil!). Instead, observing and patrolling to increase visibility, coupled with analysis and tactical action when problems are spotted, have provided a pragmatic approach to reducing risks inherent in explosive endpoint growth.
In practice, breaking down the process into three parts tempers what could be an overwhelming task.
1. Focus on what you can see. Endpoints often have a control point, whether a physical gateway or router in a home or business, or a firewall or proxy at a network or cloud boundary. Get your visibility there and, when possible, control it ruthlessly.
2. Simple analytics is your friend. Non-traditional endpoints share an often-overlooked characteristic: their behavior is predictable. Applying machine learning for baseline modeling is extremely effective to profile risk, detect anomalous behavior and stop it on a large scale.
3. Hire the best staff you can find, because we will never stop having to patrol, investigate and remediate. And, with properly applied analytics, you won't need your army of employees to grow exponentially with the endpoint explosion.
Success comes down to laying a foundation of monitoring and control to reduce your risk exposure and applying intelligent techniques to the growing endpoint populace. Embrace it, because these technologies make our lives better.
As VP of product architecture and research at RSA, Brian Girardi leads the company in designing and incubating future product concepts to further extend RSA's innovation in the security market.