Network Security for IoT Devices

Introduction

The complexity of using IoT devices in the modern work environment such as hospitals, industries, and smart-buildings has, at cost, exposed them to ill-natured and harmful cyber attacks. Malicious cyber invasions into IoT devices have caused considerable financial loss to a number of enterprises. In addition to monetary loss and physical damage, these attacks can lead to data breaches, data tampering, ransomware, and even denial of service.

Common IoT devices susceptible to attack:

Smart Buildings/Offices

Healthcare

Industry

HVAC HVAC HVAC
Printers, copiers, fax machines Printers, copiers, fax machines Printers, copiers, fax machines
Elevators Elevators Elevators
Surveillance Cameras

Surveillance Cameras

Surveillance Cameras

Unhardened kiosk connected to a LAN

Unhardened kiosk connected to a LAN

Unhardened kiosk connected to a LAN

Access control points Access control points Access control points

Programmable logic controllers (PLCs)

Programmable logic controllers (PLCs)

Programmable logic controllers (PLCs)

Thermostats

Thermostats

Thermostats

Lighting

Lighting

Lighting

Residential smart meters MRI machines --

Fire alarms

Fire alarms

Fire alarms

N/A

Ultrasound machines

--

--

C-arms

--

--

Infusion pumps

--

--

Blood glucose meter

--

--

Patient monitor

--

What makes IoT devices so vulnerable:

  • Outdated software, legacy OS, or no OS
  • Basic Micro Controllers
  • No Security-by-Design
  • Lack of device management
  • Shadow Devices
  • Operational Limitations

Check Point's Infinity for IoT provides comprehensive network security for enterprise IT and IoT devices, smart building devices, industrial IoT, and connected medical equipment in these ways:

  1. Prevent malicious intents and unauthorized access to IoT devices by analyzing multiple threat indicators from various resources.

  2. Prevent infected devices from compromising other network elements.

  3. Minimize the attack surface through internal network segmentation.

  4. Provide deep insight information per IoT device.

  5. Uses 3rd party discovery engine for IoT assets discovery.

  6. Create separated IoT policy layer, using the discovered IoT device's attributes.

Prerequisites

  • Check Point certified IoT Discovery Service installed on the network with a connection to the Management Server.

  • Discovery Service
    • Industrial / Enterprise:
      • Armis
      • Claroty
      • Indegy
      • Ordr
      • SAM
      • SCADAfence
    • Medical:
      • Medigate
      • CyberMDX
      • Cynerio
  • Identity Awareness Web API must be activated on the enforcing gateway (the configuration is done automatically).

  • Gateway version R80 and above

Notes:

  • There is no support for Multi-Domain Security Management servers.
  • Support for Small and Medium Business gateways is planned for 2020.

Network Overview

Check Point's Infinity for IoT delivers comprehensive IoT cyber-security by applying granular IoT-based policies. Check Point's IoT protection solution mobilizes hospitals, industries, smart buildings and offices to reduce and even eliminate IoT attacks.

  • Identify and analyze IoT devices and traffic

  • Deploy IoT policy enforcement points

  • Identify and block IoT malicious intents

Network Diagram

Configuring the IoT Controller

Before Check Point Infinity for IoT can protect IoT devices from malicious attacks, you need to configure the IoT Discovery Service. The IoT Discovery Service is a 3rd party source that provides the necessary device attributes for each IoT device to the firewall.

Configuring a new IoT controller generates a new Threat Prevention profile, and creates a new rule in the Threat Prevention policy.

Adding IoT Assets to the Policy

After setting up the IoT policy, you can add IoT assets to the policy manually. The policy is divided into three categories:

User-Defined - Used by administrators.
Auto-Generated - Rules generated from network traffic and IoT network patterns.
Cleanup - A set of rules for detected anomalies.

Infinity for IoT Logs:

Using Check Point's IoT Security Manager, security teams can see detailed IoT device information such as the manufacture's name, model, serial number, and its location. With a thorough log they gain a clearer, contextual understanding about the device's behavior and forensics for event investigation.

Example 1: Log Search by IoT Asset Information

Advanced log search using the enriched log data to simplify log filtering.

Example 2: Extended Log Data

IoT log data contains enriched information that helps identify the IoT assets in the log.