When it comes to security, what you don’t know can hurt you – and this is especially embodied by the internet of things (IoT) and devices it connects.

An estimated 41.6 billion IoT devices will be connected to businesses within the next five years and this explosion of connected devices has created a huge – and often hidden – attack surface for threat actors to exploit. Attack surface reduction is an imperative part of modern cybersecurity programmes.

Security teams have long struggled to gain and maintain visibility into the devices that are being connected to corporate networks. In many organisations, it’s relatively easy for employees to connect devices to the network without notifying IT teams.

Personal assistants like Alexa and Google Home, wearables, mobile phones, and even novelty items like fish tanks are being added to networks every day without the knowledge of a company’s IT professionals.

When combined with a multitude of office devices that are now internet connected – printers, cameras, thermostats and more – the result is a dramatic expansion of “endpoints” that increase the attackable surface of an organisation and create backdoors into enterprise networks.

This is why gaining visibility into everything on a network and having the means to control every device is a foundational aspect of a strong security posture. Historically, one approach to gaining visibility into IoT devices on the network was for security teams to install software agents on the devices themselves as they were discovered.

But this approach fails to address the underlying problem of hidden devices, and is incredibly hard to scale in organisations with multiple network types.

Leveraging the power of AI

A solution to the growing IoT security problem can be centered on the power of AI to gain full visibility of the network, continuously monitor devices and enforce security and privacy policies across all connected devices to reduce, monitor, and control the attack surface.

The first step towards IoT security is visibility and understanding exactly what’s connected to the network.

Organisations not only need to accurately map the network and fingerprint devices to see what’s connected, but also to understand what’s unprotected and open to attack. Trying to accomplish this through manual practices sets security teams up for failure – and additional hardware and software isn’t an acceptable or scalable solution either.

This is where AI can automate the process. By using AI on approved endpoint devices to serve as a type of sonar, these approved devices can “ping”, identify and detect every additional device connected to the network. This provides deep visibility into the hidden devices that may be connected to a network.

The “approved” machines can also provide autonomous protection and notification for any device that has vulnerabilities or demonstrates anomalous behaviour. As connected devices are brought out of the shadows and detected, security teams can now ensure that the organisational security and privacy policies that are used to provide network access are fully enforced on each device.

This can range from simple policies such as making sure devices are patched or isolated from the network to identifying devices that require deeper analysis. More complex policies enforce device segmentation from networks based on trust and activities.

Monitoring all devices enables security teams to ensure that every device on the network has an owner, business function or broader impact attributed to it. This is critical information that can be used in the decision-making process around risk reduction and incident response.

As each device is assigned an owner and function, security teams can continuously monitor the devices to identify suspicious behaviour, while putting the organisation in a better position to respond if such activity is detected.

Beyond compliance

It’s critical to remember that the end goal of gaining full visibility and continuous monitoring of all devices connected to networks should be strengthening security and privacy – not just achieving compliance. Many organisations that have certified compliance with regulations have suffered a ransomware attack or data breach at some point.

Focussing on compliance is a common pitfall for many organisations – checked boxes do not always equate to better security. Compliance is generally met over time, as a lessons-learned-mechanism from other failed organisations. The benchmark for compliance is not typically overly ambitious, instead focussing on common failures.

Modern security technologies operate with continuous scanning at their core. Attackers can exploit vulnerabilities and weaknesses in an instant – scheduled scans belie the speed at which today’s attacks occur. Ultimately, machine speed attacks require a machine speed response.

Equipping security teams with complete visibility, categorisation and automated alerting around rogue devices and vulnerabilities is the best way to ensure that enterprises proactively prepare themselves to the imminent threat presented by IoT devices.

Tamer Odeh, Regional Director at SentinelOne in the Middle East