- log in
Posted by Jeff Pollard on October 13, 2016
Merritt Maxim and I just published our research on the IoT Attack Surface. This report gives a realistic, but not sensationalized, view of how enterprises need to think about IoT. Three factors motivated our research for this topic - attacks on IoT will transcend the digital-physical divide, the sheer scale of IoT will challenge security teams, and IoT devices collect massive amounts of data.
The following methodology allowed us to hone in on concrete enterprise scenarios:
- We went for offense first. We started by interviewing prominent security researchers that spend their days thinking about how to attack IoT devices and systems. Our outside in approach allowed us to develop a threat model for intrusions, as well as identify weak points in the defenses of IoT makers, users, and operators.
- We explored the ramifications of an attack. We wanted to understand what an attacker would - or could - do when successful. We also wanted to understand the amount of friction that existed for whatever came next - credential harvesting, persistence, or disrupting operations.
- We examined existing security practices to understand what works, and what doesn't when defending IoT devices. This step highlighted that while IoT is different, defending IoT looks similar to other security problems S&R pros have dealt with. You can bring security lessons forward and apply them to IoT without having to learn them all over again.
Every security practitioner learned with cloud and mobile that ignoring things will not make them go away. IoT presents a chance for security to guide the business by prioritizing privacy and security for each IoT use case.
Search Forrester's Blogs
The dynamics that will shape the future in the age of the customer »
Planning for innovation and risk in the wake of Brexit »
Forrester's CX Index
Predict how actions to improve CX will affect revenue performance.
Measure the customer experiences that matter most »
- Amy DeMartine (1)
- Andras Cser (48)
- Chris McClean (60)
- Christopher Sherman (8)
- Enza Iannopollo (3)
- Heidi Shey (22)
- Jeff Pollard (2)
- John Kindervag (28)
- Joseph Blankenship (2)
- Laura Koetzle (2)
- Merritt Maxim (8)
- Nick Hayes (15)
- Peter Cerrato (1)
- Renee Murphy (9)
- Rick Holland (45)
- Stephanie Balaouras (78)
- Tyler Shields (24)