By 2020, the world will be home to 50 billion connected devices. With five connected devices per person by 2017, the exponential rise of the Internet of Things (IoT) poses challenges for today’s security professionals. For example, a recent HP Study found 70% of IoT devices contained security exposures, allowing an attacker to identify a valid account through account enumeration. While network security is relatively understood, securing devices that run on an embedded computer with network access is new territory.
Most companies assume that their current BYOD policy also covers IoT devices, but they are largely mistaken. New attacks bypass these policies everyday. In the IoT there is no concept of network access control, vulnerability assessment, or intrusion detection. These connected devices create their own network, and there are many protocols that cannot be detected with traditional WiFi scanners. Because of this, IT administrators have no visibility into where they are, what they are doing, and whom they are talking to in the network.
The first step in preventing a potential IoT security nightmare is having visibility into a corporate airspace to identify all IoT devices, which can be used as threat vectors. This interactive session will walk the audience through the discovery of known, unknown, and ‘ghost’ devices from DC to 10GhZ of the electromagnetic spectrum via simulations and real-time audience engagement. The purpose of this is exercise is to create a visual of the infiltration of connected devices in the airspace and understand associated vulnerabilities.
After exploring the array of devices in the airspace, and the possible security disasters that can result from them, we will discuss the techniques organizations can utilize to discover IoT devices in their airspace and defend the network from an airborne attack.
The target audience for this presentation is enterprise security professionals and risk officers. The interactive session will utilize live demonstrations and scenarios that bring the threat of IoT devices to life and examine how the enterprise can identify these devices and create an IoT network defense policy. The talk is interactive in nature and should benefit anyone who is tasked with protecting information networks, mission critical data, and human and physical assets in today’s rapidly evolving modern threat environment.