Proving the Business Case for the Internet of Things

Extreme Networks provides simple security for IoT devices

Steve Rogerson
February 12, 2019
To protect enterprise networks, California-based Extreme Networks has announced the general availability of its Defender for IoT, a simple security offering to help organisations secure IoT devices.
The use of IoT devices is proliferating in every industry, and with this growth comes risk – reports of IoT attacks increased 600 per cent from 2016 to 2017. Defender for IoT can be deployed on any network and can be used by non-technical staff at schools, hospitals, retailers and hospitality venues to isolate and protect both wired and wireless IoT devices from cyber attacks.
IoT devices present two major security flaws for businesses. Most lack embedded security; they were built to run on private networks where the assumption was it was tightly controlled, and device-level security wasn't required. Manufacturers never considered that the private enterprise network could be connected to the public internet, and therefore the devices may run out-of-date operating systems, have hardcoded passwords and/or lack anti-virus and firewall capabilities. And they are typically deployed in a flat or unsegmented network so, if breached, the attacker can gain access to sensitive areas of the network.
"Businesses are extracting so much value from the IoT revolution that it's easy to see why deployments are happening fast, and security should not be viewed as an impediment to that,” said Mike Leibovitz, senior director at Extreme Networks. “With Defender for IoT, our goal is not only comprehensive security, but delivering it in a way that is simple and accessible to everyday employees to ensure business productivity is not affected by security protocol. When plugged into our Smart OmniEdge visibility and analytics applications, users can easily control IoT device communication, ensure devices can only communicate with the appropriate resources, and then leverage analytics to prove and measure the outcome. We are the only vendor that can provide this level of granular visibility and control for wired and wireless IoT devices at the point of ingress."
Users plug the Defender adapter into an Ethernet port, and run the associated application. The Defender application learns the typical traffic patterns of network devices, and dynamically generates a security policy that locks down what a device communicates with and how it can communicate, automating edge network security for the enterprise. Once initial device profiles have been dynamically generated, non-technical staff can place the adapter between the device and the network and apply the appropriate security profile using a drop-down menu.
With layer two to seven visibility, Defender for IoT allows users to segment groups of IoT devices into multiple, isolated secure zones, reducing the network attack surface. Users can also centrally monitor and track device usage, location and roaming. This helps users mitigate the risk of an attacker gaining access to more sensitive areas of the network.
Defender for IoT works with any vendor's IP network, providing in-line protection of IoT devices and segmentation through IPSec tunnels, without network changes. Additionally, it integrates with Extreme Fabric Connect, giving users the ability to leverage network automation capabilities and dynamic auto-attach functionality to streamline edge security efforts.
The optional ExtremeMobility AP3912 wall jack offers the same integrated defence as the Defender adapter for both wired and wireless devices, but with the ability to support multiple devices in a single room. Defender for IoT suits deployment in schools and universities, hospitals, hospitality venues, manufacturing, transportation, retail, and other industries that rely on connected devices to improve business efficiencies and customer experience.
"The continued proliferation of malware and other cyber threats requires a change in how organisations approach security,” said Christopher Frenz, assistant vice president of Interfaith Medical Center. “It is no longer sufficient to have a security strategy that relies solely on reactively blocking known bad behaviour as the best reactive security can do is provide protection today against yesterday's threats. Instead, organisations need to establish a strategy that focuses on allowing only known good behaviour. Taking a zero-trust approach to network security is a critical part of such a strategy and zero trust strategies need to encompass IoT devices as well."
Extreme's 802.11ax technology was in action at this week’s HIMSS in Orlando and will also be on show at Mobile World Congress in Barcelona.