The 2024 RSA Conference is underway, and Viakoo is out in force. During the conference as we meet with customers, prospects, media, and analysts I will try to cherry pick some of the more interesting questions related to IoT Security. Over the past year the number of IoT security breaches and incidents has continued to rise, and is being further accelerated by AI (one of the key topics at RSAC).
Here’s a set of questions that gives a good basis for understanding the IoT ecosystem and why security of IoT devices and applications is at the forefront of organizational risk and security:
Q1. How do you envision the evolution of IoT device management tools in the next decade, considering the increasing complexity and diversity of IoT ecosystems?
A1. The key that unpicks the lock of IoT security and the complexity of IoT ecosystems is understanding the relationship between IoT devices, the applications that manage them, and the networks that bring them together. This critical information can be used in conjunction with a variety of existing point solutions, such as threat assessment, vulnerability remediation, and configuration management. As the coming decade unfolds we’ll move away from a linear approach to IoT security and evolve to a cybersecurity mesh architecture (or composable workflows), driven by machine learning and AI, in order to have the speed, scale, and automation needed to maintain complex IoT ecosystems.
Q2. With the proliferation of IoT devices in various sectors, what challenges do you foresee in managing and securing large-scale IoT deployments, and what strategies could address these challenges?
A2. Probably the biggest challenge is related to the workforce within vertical sectors using IoT, both in shortages of talent and the training of workers. There are already some strategies being used to address this, including the recent explosion in managed services offerings specific to IoT security, industry-specific cybersecurity certifications and training, and the focus on automation to address the scale at which IoT systems existing within many verticals. A related challenge is the time it takes to implement comprehensive IoT security. It simply is taking too long today; threat actors are moving at the speed of AI. Strategies to address the time to deployment include focusing on the most vulnerable IoT systems and not try to “boil the ocean” to solve for all IoT systems at once, along with a “shift left” approach where IoT device and application vendors build their products to be IoT security “ready”.
Q3. How might advancements in artificial intelligence and machine learning do you see contributing to more proactive and adaptive approaches to IoT device management?
A3: AI holds the promise of massive improvements in accuracy, speed, and automation. AI can ensure that device lifecycle and vulnerability information is current, new or zero day threats are identified immediately, that a cybersecurity mesh solution can quickly resolve new threats, and non-skilled workers can manage the overall operations of IoT security. For example, through AI we’ll likely be able to focus on eradicating bots running within IoT ecosystems rather than today’s approach of bot mitigation. These AI-driven approaches will not only turn “IoT remediation automation” into “automated remediation of IoT”, it will likely result in the inherently agentless IoT security solutions of today being used in all forms of digitally connected devices, whether IT, IoT, OT, or ICS.
As the rest of the conference unfolds I’ll continue to post on some of the best questions we’re getting. Want to have some 1:1 time with a Viakoo IoT security expert? Just click here to schedule a 30 minute Zoom call – and bring your toughest questions!