Challenge

IoT devices present unique security challenges for enterprises. First, IoT devices are prime targets for botnets, so they need to be secured against being taken over; however, they are often the last devices to get firmware updates. Next, data that IoT devices send back to the enterprise must be protected against snooping—but IoT traffic often runs over conventional internet. Typically, VPN tunnels are put in place to secure such traffic, although the immense number of IoT devices makes this quite challenging. A further complication is that the tunnels must terminate at the corporate firewall for scanning. That prevents hackers from exploiting the VPNs, with the additional consequence that handling the sheer volume of IoT traffic may require significant new investment in firewall capacity.

Solution

Zentera’s CoIP Enclave protects IoT devices within enclaves, where anomalous or suspicious network usage is blocked and triggers an actionable alert. Enclaved devices are authenticated and use encrypted tunnels to send data back to the enterprise datacenter. The CoIP Enclave’s overlay routing shields the IoT devices from the internet, and prevents communication with C2 servers. Security filtering is performed at ingress; limiting network access to specified application binaries reduces the need to terminate at the corporate firewall. Finally, the CoIP Enclave provides security policy orchestration for IoT devices deployed at scale, regardless of where they are in the network.

Benefits

M & A

Unified security management for all IoT devices

IOT

Protection for all IoT communications via end-to-end encrypted tunnels

Application Suite Protection

Shielding from internet-based attacks for all IoT device network connections via enclaving

Resources

Use Case: Defense in Depth

Use Case: Software-Defined Perimeter