The state of cybersecurity is in constant flux — meaning we must constantly iterate and revisit our systems to protect ourselves.
With security logging and monitoring failures moving up to number 9 of the OWASP Top 10, organizations everywhere are revisiting their stance on network and application monitoring. This is great for getting a pulse check on security posture and is certainly key in any good strategy, but we might be forgetting something — IoT devices.
At first glance, IoT might make you think of your phone, smart watch or smart fridge. While you wouldn’t technically be wrong, the “Internet of Things” actually includes incredibly critical “things” such as supply-chain monitoring systems, inventory management applications and data security systems that are used by retail, IoT medical and healthcare devices and manufacturing organizations. Businesses in every industry are steadily integrating IoT devices like these into their IT strategies, and the global number of IoT-connected devices is expected to grow to 29 billion by 2030.
This presents a unique challenge — to understand the health of their IoT infrastructure, block out unauthorized access and troubleshoot individual devices, organizations must gather and analyze huge volumes of data from all of those devices.
In this article, we’ll look at why IoT security is important, outline the benefits and challenges of IoT monitoring and compare some of the more popular IoT monitoring tools.
IT infrastructures have become more complex with the addition of microservice, serverless functions and container technologies. IoT and edge computing devices have only added to the intricacy and complexity of these environments.
As organizations grow and incorporate more advanced technologies and devices, they may enjoy heightened efficiency, customer satisfaction or even profit. They are also, almost certainly, expanding their attack surface.
Today’s device ecosystems might include small sensors, large industrial machines or devices that users directly interface with. Poorly securing any of these devices opens the way for all kinds of attacks, each causing more damage than the last. Here are some ways criminals have targeted IoT devices:
Depending on the device that’s been compromised, weak security measures can lead to unauthorized access and the exposure of personal information, financial data, intellectual property and more.
In an extreme example, the well known IoT attack Stuxnet saw attackers get worm access to top industrial program logic controllers at a uranium enrichment plant in Iran. The worm was able to damage 30% of the plant's centrifuges.
Whether it’s a sophisticated production system as in the case of Stuxnet, an office building’s security system or a single spreadsheet, unauthorized access often happens through the smallest crack, and can do some of the most damage.
(Learn about Stuxnet and other major security breaches — check out these cybersecurity reads!)
For devices that collect a significant amount of personal information, poor security can lead to violations in privacy rights, with worst-case scenarios leading to identity theft or similar attacks.
Common targets for IoT privacy breaches might include:
In extreme cases, compromise of these devices might stop a vehicle driving 70mph on the highway, or it might just provide sensitive personal medical or financial information to attackers who can use or sell that information — we would argue neither is a good outcome.
As with any IT system, a compromise can result in extended downtime. Depending on the device and the industry, the impact of IoT device downtime can range from financial loss to real-world impacts on safety.
Look at 2016’s Mirai Botnet, which executed the worst DDoS attack against big players like CNN, Netflix, and Twitter by searching for and infecting devices using common default login credentials. Everything from digital cameras to DVR players were tapped to execute the attack.
Or consider the “Cold in Finland” attack, when attackers used DDoS attacks to shut down two building's heating systems during the year’s lowest temperatures — an attack that forever cements service disruption as a potentially dangerous outcome.
This short list alone illustrates what’s at stake if IoT device security is neglected. Thankfully, we have a way to help avoid device disaster — strong IoT monitoring.
IoT monitoring is the process of discovering, monitoring and managing the connected devices that make up the Internet of Things. It’s a subset of overall IT monitoring, with the focus here on IoT devices and connectivity.
Information provided from IoT monitoring lets organizations oversee their IoT applications and assets through data collection and analysis, providing insights into device functionality. Monitoring these connected devices enables you to:
Beyond operations, though, you can monitor IoT devices (aka smart devices) for all sorts of helpful or critical functions. For example, strong IoT monitoring can help you ensure that your IoT devices:
Businesses typically have various fleets of IoT devices spread across multiple locations thousands of miles apart. But this data is often generated by a variety of hardware and software platforms, making it difficult to analyze and act on. This challenge of scope is made worse when speed is critical to a certain issue, or if integrating a new device requires new configurations.
A strong monitoring solution will have no issue with these challenges — here’s how it works:
IoT monitoring systems use automation to collect, normalize and process these vast amounts of data in intuitive graphs and visualizations. That makes it much easier for you to effectively troubleshoot and identify the root cause of problems with IoT devices. This also enables you to optimize device performance and remediate issues to ensure they provide maximum value to the business and its customers.
IoT monitoring is important because every IoT device added to an organization’s IT environment consumes resources, generates data and interacts with its other devices and services. Many of these devices may interfere with each other or may outgrow their planned capacity.
Through IoT monitoring, businesses understand the state of their IoT infrastructure and have the tools to manage and troubleshoot IoT devices. Continuous monitoring of IoT device health and functionality and the collection and analysis of relevant performance data gives organizations the insights they need to keep the entire IoT ecosystem secure and performing optimally.
IoT devices primarily collect and share real-time data so organizations can solve business problems and increase efficiency. But IoT devices also continuously produce data. Generally, organizations should monitor these types of device data:
As with other types of devices, it’s important to monitor IoT device resources such as RAM, CPU and disk usage (where these various components exist) to ensure every device runs efficiently and with optimal performance. Exceeding usage thresholds can cause problems with individual devices that may impact the entire infrastructure.
An effective IoT monitoring tool will be able to deliver alerts on the state of the IoT infrastructure and individual device resources in real-time. This will enable teams to proactively manage IoT devices and resolve any issues before they impact customers.
Just like laptops and phones, IoT device hardware won’t run optimally if the software installed on it isn’t running efficiently. It’s critical, then, to monitor the applications and processes running on IoT devices.
An IoT monitoring tool should be able to collect real-time application performance data and send alerts when issues arise so teams can take action to prevent device failures. The tool should also be able to monitor databases and applications written in a variety of programming languages, including Python, Java and JavaScript.
IoT devices must be able to send data, such as sensor measurements, back to a central server or IoT gateway. They also need to be able to receive data, such as a configuration update or an instruction to execute a command. Disruptions in this bidirectional data flow can potentially lead to failures in the device or the IoT network.
Monitoring real-time and historical application data can help organizations track device activity and discover any interruptions in the flow of data between the device and the data sources. This allows teams to debug problems early, increasing efficiency and preserving an optimal customer experience.
An effective IoT monitoring process can benefit an organization in the following ways:
IoT monitoring allows organizations to remotely monitor and manage their IoT infrastructure and proactively fix issues, eliminating costly maintenance down the road. It ensures that IoT devices always have the latest software and security updates installed, that software bugs are fixed and that vulnerabilities are patched. This both optimizes device performance and reduces the likelihood of failures. The net result is optimized pricing on manpower and expenses to sort out problems.
IoT monitoring allows IoT infrastructure to grow along with the company as it makes deploying and managing IoT devices more manageable and provides complete visibility over an entire fleet of devices no matter where they’re located.
Because remote monitoring and management tools simplify IoT maintenance, teams have the time to focus on more business-critical tasks and improve workflows. Developers, for example, can devote their attention to innovating and developing new features for the company’s products.
IoT monitoring lets organizations proactively manage their IoT devices on demand. That means performance and security issues can be resolved before they impact customers. As mentioned, IoT monitoring also helps teams focus more on core business initiatives, such as implementing new product features, which in turn leads to higher customer satisfaction.
IoT monitoring offers many benefits, including reduced costs, easier scalability, greater efficiency and happier customers.
To get started with IoT monitoring, you need an IoT monitoring solution. Many IoT device manufacturers distribute free monitoring tools, but they are generally restricted to the respective manufacturer’s products. To address anticipated blindspots, you’ll need a central solution that will give you visibility into your entire IoT landscape in one window.
When considering an IoT monitoring tool, look for these features:
Most reputable IoT monitoring service providers will offer a free trial or a demo system so you can assess their tool with no risk.
Any IoT monitoring software will require IT team members to support it. One way to approach that support is through observability.
Observability is a practice that enables you to answer any question about your entire business through the collection and analysis of data. It allows you to understand the internal states of a system based on knowledge of its external outputs by leveraging monitoring data and insights to provide a deeper, more holistic view of modern IT systems and their health and performance.
Instead of having to predict every potential error and failure in your system to determine what to monitor, you can decide what’s important by watching how the system performs over time and asking relevant questions about it as issues arise, such as, “What is causing latency right now?” or, “Is this issue impacting all mobile users right now or just some of them?” It’s an exploratory approach to monitoring that becomes essential as IT systems continue to grow in complexity.
IoT ecosystems are complex, with a multitude of devices generating huge volumes of data. A single software bug or device failure can cause a cascade of issues throughout the system, and by the time the issue has been identified and resolved, the damage has already been done.
IoT monitoring can prevent these catastrophic scenarios by keeping you up to date on the state of your IoT ecosystem and alerting you to performance issues before they impact your business and your customers.
See an error or have a suggestion? Please let us know by emailing ssg-blogs@splunk.com.
This posting does not necessarily represent Splunk's position, strategies or opinion.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.