Make sure that there’s a firewall between every device and the internet beyond. Consider sorting unmanaged devices onto their own network segments, separate from your corporate devices and guest network. Many attackers find a point of entry then move laterally to exfiltrate data or cause damage. Just be aware that network segmentation can be bypassed through the exploitation of things like Bluetooth. It’s not an impassable security feature, but it’s still worth doing.
Encrypt everything all the time
If you encrypt your data at rest and in transit, then, even if attackers steal it, they won’t be able to read it without the decryption key. Make sure access is properly restricted and users and devices area uthenticated. It’s also smart to set up an audit trail for data access and to verify that data hasn’t beentampered with at the point of access.
Keep a real-time inventory
Delve into any set of best practices like NIST’s Cybersecurity Framework and you’ll find that identifying all the devices on your network is foundational to security. It’s not enough just to scan your network for physically connected devices, you also need to consider devices that connect via Wi-Fi and Bluetooth.What’s required is a real-time picture of every device on your network.
Proactively assess risk
It’s vital to perform risk assessments on unmanaged devices. Are there any known vulnerabilities? Can you identify configuration issues? This might prove difficult in cases where you can’t put an agent on the device, so think about how to create an automated, proactive risk assessment program or go shopping for a suitable software tool to do it for you.
Continuously monitor for threats
Since many of these unmanaged devices are harder to scan than traditional computers connected to your network, it’s vital to find a way to monitor their behavior and look for anything suspicious. It makes sense to build a model of expected behavior and ensure that anomalies are automatically flagged for further investigation. In the future machine learning may play a crucial role here in uncovering unusual behaviour or traffic connected to a threat.
Automate threat response
Once an attacker breaches your network, they can often burrow in further quite quickly. Even if the entry point is subsequently discovered it can prove very difficult to expel them fully. Speed is crucial, so it makes sense to pursue a strategy of security automation. When your system detects a threat, it can quarantine the device in question or block traffic.
“The real hard part of this is ensuring that your security automation is not going to cause more harm than good,” suggests Marsal. “Because if a false positive occurs say in a hospital environment, you might not want to shut down the patient monitoring equipment if it seems to be behaving abnormally.”
In some circumstances your system should simply flag the threat and alert a security professional who can investigate further and decide upon the right action.
Credit:Source link