Internet of Things (IoT) has become one of the most sought after technologies in current times. Earlier limited to niche sectors, it has now made its way into various industries, including healthcare. Since IoT technology involves collecting data from various connected devices from multiple locations, the security and privacy aspects have become a challenge.
Leading cybersecurity services provider Palo Alto Networks has now ventured into IoT security, with a special focus on the healthcare sector. We caught up with Huzefa Motiwala, Director, Systems Engineering – India & SAARC to understand more about their IoT foray.
Sign up for your weekly dose of what's up in emerging technology.
AIM: How do you define IoT security and why do you think it is important?
Huzefa Motiwala: With more and more IoT products entering the market, cyber threats are quietly being hidden under the surface. But the question is what happens when someone steps on one of these mines?
In addition to managing existing IoT vulnerabilities, the mass-scale shift to remote working ushered in yet more IoT connections, creating a huge challenge for cybersecurity teams in the past year. With more work devices connecting to home networks and personal devices connecting to corporate networks, securing the internet of things became significantly complicated in 2020.
As working from home looks to become significantly ubiquitous, businesses will need to continue refining their approach in managing cyberthreats and reinforcing the importance of cyber hygiene.
With regard to industrial IoT, Asia-Pacific was predicted to account for the largest market share in the global Industrial Internet of Things (IIoT) market in 2020. COVID-19 may have put a temporary pause on expansion, but the region is likely to remain a major hub for industrial manufacturing and global focus for significant investments – as well as cybercriminals. IIoT devices rarely have direct user interaction, and this unattended nature means that any potential device compromise could very well go unnoticed and undetected, particularly if the malware does not disrupt the device’s primary functionality but instead has repercussions elsewhere in the network.
Networking sensors, controls and other electronic devices that now makeup IIoT are adding new capabilities in the way of data exchange, control or remote monitoring – but also creating new business and societal risks. While we have not observed notably new types of attacks, IoT botnets like Mirai continue to evolve and exploit new vulnerabilities. We have also seen old vulnerabilities on consumer routers being actively exploited.
AIM: What are Palo Alto Networks’ primary offerings in IoT Security?
Huzefa Motiwala: IoT Security is the only solution to use machine learning with our leading App-ID technology and crowdsourcing telemetry to quickly and accurately discover all seen and never seen before devices, assess risks, detect anomalies and provide automatic policy recommendations.
As the only single-platform solution available in the market today, IoT Security delivers native enforcement while seamlessly integrating into your workflows, reducing cost and complexity. With built-in prevention, instead of an alert-only approach, our cloud-delivered security services are seamlessly integrated with IoT Security to keep IoT devices safe with inline protection. Stopping known and unknown file-based threats (WildFire), vulnerabilities (Threat Prevention) and malicious web activity (URL Filtering and DNS Security), saves network and security team’s countless hours in alert triage and manual response.
Deploying IoT Security is easy and does not require any single purpose sensors as a cloud-delivered service natively integrated with our ML-Powered Next-Generation Firewall. Existing customers can simply enable the service on their Palo Alto Networks ML-Powered Next-Generation Firewall to extend leading-edge protections to their previously unmanaged IoT, IoMT and OT assets. For potential customers, we eliminate the need to purchase, integrate, and maintain multiple point products or change your operational processes to get IoT security.
Our ML-powered Next-Generation Firewall can be used as a sensor for the IoT Security service, providing flexibility to implement best-in-class prevention and enforcement within a single platform, or integrating into existing processes and technologies.
AIM: What are the potential applications of IoT Security in healthcare?
Huzefa Motiwala: We have recently announced the most comprehensive Internet of Things (IoT) security solution for healthcare. Palo Alto Networks IoT Security simplifies the challenge of securing the Internet of Medical Things (IoMT) through ML-powered visibility, prevention and enforcement while offering deep insights on healthcare-specific devices and vulnerabilities. This helps improve data security and patient safety while meeting the needs of both IT teams and biomedical engineering teams.
It uses machine learning and crowd-sourced telemetry to quickly and accurately profile all devices on the network, even those never seen before. IoT Security also offers ML-powered policy recommendations to reduce manual effort; intrusion prevention to block exploits; sandboxing to detect and prevent IoT malware; URL and DNS security to stop IoT attacks via the web.
The new healthcare and IoMT security features include:
- MDS2 Document Ingestion: Manufacturer Disclosure Statement for Medical Device Security documents allow medical device manufacturers to disclose the security-related features of their devices, allowing for deeper vulnerability analysis, tuned anomaly detection and specific recommended policies.
- Operational Insights: These insights give biomedical and clinical engineering teams visibility into how, when and where medical devices on their network are being used, allowing teams to optimise resource allocation, improve patient care, make capital planning decisions and reduce maintenance costs.
- Expanded IoMT Discovery: With the addition of many other medical-specific protocols App-ID™ now enables expanded discovery and security for unique IoMT devices and healthcare applications.
AIM: What are the current trends in the IoT Security ecosystem?
Huzefa Motiwala: IoT Adoption is growing in the Enterprise segment. Companies that successfully integrate the Internet of Things (IoT) into their business models stand to reap huge benefits for their own internal processes, employees and customers. While some of the most striking benefits of IoT revolve around business process efficiency, productivity and cost reduction, an increasing number of enterprises are also recognising IoT as an extraordinary source of intelligence into how their products are really changing the lives of their employees and customers.
The true value of enterprise IoT comes from data. Insights derived from IoT-generated data are proving to be invaluable to business decision-makers. The transformation opportunity for IoT, IoMT & OT-enabled business models in the enterprise is massive. But to reap the benefits of transformation, enterprises need leading-edge security that reliably enables IoT.
AIM: What are your predictions for the cybersecurity space?
Huzefa Motiwala: 2020 was a watershed year and a real test of our collective digital resilience. With the impact of COVID-19 likely to be felt for years to come, businesses are relooking their strategies to navigate the new normal in the longer term. With our increased dependence on technology, businesses will need to successfully secure their digital future for 2021 and beyond. Here are our top predictions for the cybersecurity trends that will influence our digital futures:
Share more personal data
- Despite the data privacy conversation circulating for several years – with wariness around the use of data by some big tech companies and GDPR compliance continuing to be a challenge for companies – it is contact tracing that has really made individuals sit up and take notice of data privacy.
- The debate around how data is stored, accessed and used is not set to disappear in 2021, particularly as individuals are now far more conscious of their personal data being shared.
Remote working gets smarter and safer
- Organisations everywhere struggled/clambered to implement a variety of measures to facilitate remote working amidst the abrupt lockdowns and social distancing measures. However, in just a matter of weeks, digital transformation moved from “tired buzzword” to an “adapt to survive” necessity.
- If 2020 has taught enterprises anything, it’s that remote working on a company-wide scale is possible. With people at the centre of everything, 2021 now offers an opportunity for businesses to chart a new way forward and ask how they can deliver work to their people.
- With the increased adoption of cloud tools, we could see a reduction in the need for pricier devices with more computing power as virtualised desktops become an increasingly popular solution.
- Businesses could instead provide employees with simpler, connected devices that enable employees to access the programmes and resources they need online, delivering the work to them directly – and in turn, protecting the company’s crown jewels.
- This radical redesign of the way employees connect does away with the cybersecurity complications associated with BYOD – or, as it has become the norm, bring your own computer (BYOC) policies – while enforcing the segmentation of networks more efficiently and effectively.
- Security will then need to be delivered via the edge, which will see solutions such as secure access service edge (SASE) being the new cybersecurity norm, thanks to its flexibility, simplicity and visibility it offers.
The year of getting the house back in order
- This wider move to the cloud beyond light-touch functions, such as email, will see more work being virtualised and force many companies to review the security of their existing cloud environments.
- While network security controls remain an important component of cloud security, an additional layer of identity and access management (IAM) governance is now needed as organisations continue to scale their cloud presence.
- With the pandemic steering IT teams towards more nuts and bolts issues, 2021 will see more businesses shifting their IT focus inward to look at getting the fundamentals right and refocusing on things that are truly important, even finding ways to do the same thing for less.
- Doing so will likely see existing cybersecurity teams and roles being redesigned to align with an overall emphasis on getting the house in order and building a more resilient cloud environment.