WHITEPAPER / The Growth of IoT / PAGE 1

The evolving IoT landscape

The global spend on connected devices is set to reach a new highwater mark of $772 billion in 2018, enjoy a compound annual growth rate (CAGR) of 14.4% through 2021 while passing the trillion-dollar mark in 2020.

Gartner estimates that more than 50% of major new business processes and systems will include an IoT component by 2020.

Originally, the Internet of Things (IoT) defined a large swath of mostly consumer technologies. Today, the term is used across industries, as the categorization has become a catch-all for any connected devices that either streamline processes or enhance user experience – from the consumer sphere to the factory floor.

The Growth of IoT and the Race to Secure It

WHITEPAPER / The Growth of IoT / PAGE 2

IoT is Everywhere: Adoption Across Every Industry and Vertical

For instance, companies are leveraging beacon-sensor technology for inventory tracking, “smart” cameras that are wireless and often mobile to monitor safety conditions, and a wealth of other tools on the factory floor that can be controlled and observed remotely. This keeps workers out of harm’s way while empowering them with a new digital-centric skill set that ultimately makes them a more valuable asset to any employer – industrial or not.

In manufacturing, IoT is helping usher in Industry 4.0 by taking automation – the defining characteristic of “new” manufacturing in the early 2000s – a step further.

While IoT implants (ie. cochlear implants for hearing or ingestible “trackers” that report back on the conditions inside a patient’s intestines) are the most compelling examples of IoT in healthcare, the real value has been in removing redundancies from the treatment process that can overcomplicate care. Patient monitors – from heart rate machines to remote cameras – can all be maintained and operated from a central control center rather than requiring personnel to check in on each device. This ensures patients are getting constant attention, even when in-person monitoring isn’t available.

In healthcare, IoT is also streamlining operations, automate basic/manual tasks, declutter data stores and deliver new treatments.

WHITEPAPER / The Growth of IoT / PAGE 3

Impacting almost every industry and vertical, IoT is everywhere (cont..)

IoT has flipped the script on traditional commerce as we know it, helping make retail a multi-channel experience for customers.

IoT technologies are helping bridge the gap in the buying experience between online shopping and brick-and-mortar retail. Part of this is through the implementation of in-store point-of-sale (POS) systems and “virtual dressing rooms” that are in constant and direct communication with stock rooms—keeping tabs on inventory levels both on-site or in a warehouse elsewhere. Mobile POS systems, too, are making it so that waiting in lines are a thing of the past, while in-store WiFi can help companies curate the experience customers have with the brand when accessing store content on their own IoT devices.

IoT is advancing faster than security can keep pace

For all of these benefits, many agree that IoT is advancing at a faster pace than security teams and network administrators can keep up. While a new system of connected devices holds a lot of promise, unknown ‘bad actors’ are taking advantage of the poorly developed IoT implementations and leveraging the vulnerabilities of network security they can spawn.

In fact, a recent report found that the number of attacks on IoT ballooned by 280% in the first half of 2017 compared to the previous period a year earlier.

WHITEPAPER / The Growth of IoT / PAGE 4

IoT is advancing faster than security can keep pace (cont..)

The rapid increase of IoT-related cyber attacks illustrates that hackers and other bad actors are directing their focus squarely on IoT, as this represents the most lucrative path toward sensitive network data.

A large chunk of this growth stems from the Mirai botnet that began wreaking havoc and stealing headlines over the past few years. Mirai is a malware that turns networked devices running Linux into remotely controlled “bots” that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers.

Distributed Denial of Service (DDoS) attacks are also seeing tremendous growth of late, with hackers flooding IoT devices with traffic that creates so much noise a network is rendered inoperable – while bad actors hide behind the DDoS distraction to take off with sensitive network data.

The burden of securing IoT falls on network administrators

The peak size of DDoS attacks has ballooned tremendously in recent years, having graduated from a 24 Gbps attack back in 2007 to a roughly 1.7 Tbps incident in only the past few weeks – mere days after the first DDoS attack crossing the terabyte threshold was recorded.

A big caveat that comes with using IoT devices, however, is that many manufacturers still consider cybersecurity an afterthought in their designs. Rather than temper the pace of innovation, IoT device makers are plowing forward in developing tech that can collect and exchange ever-greater amounts of data in ever-shorter amounts of time. All the while, end-device security considerations remain largely unaddressed, despite the dire implications for users.

Legislators in the UK have attempted to answer the call, having drafted a guideline for IoT manufacturers that aims to assure new products don’t come to market with inherent security flaws. Unfortunately, the report doesn’t actually outline any means for enforcement, which means the burden for securing IoT falls on network administrators and IT – not the device makers themselves.

WHITEPAPER / The Growth of IoT / PAGE 5

Where can network administrators begin securing their organization’s IoT and data assets—in lieu of enforceable security standards for manufacturers— with an increasingly aggressive threat landscape that targets IoT specifically?

A good starting point for network administrators is to determine whether or not they will be introducing IoT onto the same network their organization uses for standard computing, or whether they’ll operate a dedicated IoT network in parallel.

There’s give and take here. By creating an IoT-only network just for these low-frequency devices, there’s less of a risk that an IoT-targeting botnet attack will infect employees and their devices directly (or at least immediately). This will splinter administration, however, as teams will need to use different management consoles to monitor and thwart threats for each of their two networks. This will, in turn, require greater staffing on the network management side.

The iboss Distributed Gateway Platform was designed to meet the needs of the distributed organization and their increasingly borderless networks, which the growth of IoT only proliferates.

Protecting IoT from the network Level

One of the benefits of the Distributed Gateway Platform is that customers can assign certain kinds of traffic to specific, dedicated gateways without splintering their network operations. iboss can reference a corporation’s device and user databases – whether Active Directory or another program – to quickly recognize traffic and users that have access to specific network content and permissions to use certain apps or programs. When iboss detects traffic it doesn’t recognize, a red flag is raised and the abnormal traffic is isolated — stopping the threat before it causes harm.

Although this requires IT team to take inventory of the devices using their network, it allows IT teams to reference a single pane of glass when managing all of their network traffic.

In that same vein, iboss has proven many advanced threat protection and detection capabilities able to effectively secure standard network configurations (ones that primarily support legacy computing, not IoT). These capabilities can also easily scale up to meet the needs of a wide-scale IoT implementation at any organization, regardless of industry or current network complexity. Tbps incident in only the past few weeks – mere days after the first DDoS attack crossing the terabyte threshold was recorded.

WHITEPAPER / The Growth of IoT / PAGE 6

iboss simplifies network workflows by helping teams retire unnecessary or redundant security, or redirection hardware that has made guarding the legacy network a cumbersome undertaking. The Distributed Gateway Platform leverages node-based cloud gateways to deliver the first 100-percent web gateway-as-a-subscription, helping organizations upgrade to cloud-based security.

For companies that still require on-prem appliances, cloud-delivered physical gateways are also contained within the node-based collection and can be used as optional drop-in replacements at an additional subscription cost

From there, the iboss Distributed Gateway Platform can automatically leverage Network Anomaly Detection features once it’s established a baseline of what is considered “normal” traffic. The platform employs machine learning to constantly improve its ability to detect and stop what activity may be indicative of a breach attempt or even a breach in progress – an invaluable extra “set of eyes” that allows the IT team to focus on the most pressing issues.

Should unfamiliar programs attempt to enter an iboss gateway, sandboxing technology (not dissimilar from what was used to detect the kill switch for the WannaCry virus in 2017) can be employed to allow the files to play out in a simulated network environment. If these files contain malware, these incidents can be contained and reported, allowing IT to analyze new threats and share their concerns with vendors, manufacturers, and other network teams.

The only web gateway agile enough to effectively secure IoT

The platform references the most robust and trusted malware databases – including iboss’ own proprietary IP library – that recognizes bad actors as they attempt to cross the gateways and stops malicious traffic before it can enter.

iboss, Inc.· U.S. HQ 101 Federal Street, 23rd Floor, Boston, MA 02110© 2018 All rights reserved. iboss, Inc. All other trademarks are the property of their respective owners. WHITEPAPER / The Growth of IoT / PAGE 7

JC- 0

5-18

About ibossThe iboss Distributed Gateway Platform is a web gateway as a service that is specifically designed to solve the challenges of securing distributed organizations. Built for the cloud, iboss leverages a revolutionary, node-based architecture that easily scales to meet ever-increasing bandwidth needs and is managed through a single interface. The iboss Distributed Gateway Platform is backed by more than 110 patents and protects over 4,000 organizations worldwide, making iboss one of the fastest growing cybersecurity companies in the world.

To learn more, visit www.iboss.com or contact iboss at sales@iboss.com

As IoT integration rapidly expands, employees have many questions surrounding the security implications within their enterprise. To learn more, check our our white paper on the 2018 Enterprise Cloud Survey Report, “Five Trends Influencing Enterprise Cloud Adoption.”

Download the survey report

Data loss prevention (DLP) capabilities are invaluable in monitoring for behavior that is indicative of data exfiltration—also using machine learning to understand what traffic patterns appear dubious compared to what’s normally allowed on the network. These features also reference network permissions and directories to spot internal threats (irresponsible or suspicious employee behavior) as these are often the most pressing concerns.

Perhaps one of the most important characteristics of iboss is that it delivers feature-parity across a multitude of devices and platforms—assuring that the latest wireless IoT and a last-generation fax machine enjoy the same network defense capabilities.

This way, “periphery” technology that uses the network – legacy computers, printers, etc. – aren’t overlooked and offering their own pathways into the network for hackers.

The iboss Distributed Gateway Platform makes an IoT-centric future a reality for businesses by delivering the web gateway solution with the fastest time to value and simplest implementation, helping organizations employ security infrastructures that are actually easier to manage than their legacy solutions – even as more devices flood the network.