A few years ago, in a Tech Talk I talked about a major college that suffered a complete network lockout due to a soda machine that introduced malware into the network that sought out all the default passwords on their devices and locked out an estimated 5,000 devices that each had to be manually reset.
A year or so ago, Cisco researchers announced their saw a "wifi-enabled InstaPot" with malware.
A few months ago, I was talking to a major SOC vendor who said that their SOC analysts saw in real-time a woman's company owned laptop connected via the company approved VPN connection have the woman's son's XBOX scan the laptop and the VPN connection and attempt to mount a share to through the VPN tunnel to the corporate network.
There appears to be a seismic shift in how attackers are trying to gain entry into your network. Many of these attacks are now gaining access to, and hiding in all those Internet of Things (IoT) devices in your network. Those devices can't run EDR protection agents.
There have been some *MAJOR* breaches of late originating from "Smart TVs", and similar other devices that are on your network and historically are poorly maintained.
I am sure your district has a ton of Smart TVs.
Do you routinely update them?
Are they sitting on the same network where your servers and workstations or other important devices exist? If the answer is yes, why is that?
Any IoT device is a serious threat.
I'd like to share with you two questions:
- Are all these devices in their separate VLAN and kept away from other devices? If not, why not? Bob and I have preached about "Vendor VLANs" for years. We have recommended segmentation of servers from workstations and switches and access points from other parts of the network. With IoT we must continue to segment our networks. The recent APC UPS extreme threat was only possible if you could see the UPSes. If your UPSes could not be seen from users, there was substantially less risk. If you are not thinking in terms of segmentation, you absolutely have to start thinking in terms of segmentation. A TV VLAN. A clock VLAN. A phone VLAN. A workstation VLAN, A UPS VLAN. A printer VLAN. Then provide only the access and internal resources that are absolutely necessary to allow these devices to work properly.
- How do you know what IoT devices are on your network? If something evil was coming out of a Smart TV, how would you know? In this day and age, you simply must know.
If your network is not segmented to this level of detail, you are needlessly putting yourself at risk.
If you can't tell me what devices are out there and who they are talking to on your network, then you are at risk.
CSI can help provide solutions to both questions to better defend and protect against the unknown threats that might lurking out on the network.