Aerohive Networks has revealed details of its Internet of Things (IoT) security solution for Wi-Fi and wired networks, which is built on Aerohive’s Software Defined LAN (SD-LAN) technology.
The company said the solution could have helped protect networks from attacks such as the 16 October 2016 Mirai botnet DDoS attack, which recruited over a half-million devices in a co-ordinated strike hitting popular internet services, including Twitter, Spotify, Airbnb, Netflix and Reddit.
Aerohive’s way of defending networks from this kind of IoT attack vulnerability is to put the security protection right at the point where IoT traffic first touches the network. This provides a first line of defense for businesses against IoT malware, it said.
Key capabilities of the solution include:
• Protecting wireless access networks with next-generation Software Defined Private Pre-Shared Key (PPSK) which restrict network access to specific known and authenticated devices
• Application visibility and control to evaluate what is really happening on the network
• Firewall enforcement based on deep packet inspection to strictly enforce traffic policies
• Cloud management to enable immediate identification and response to an issue anywhere in the network.
The need to provide more robust security is urgent as by 2020 there are expected to be over 25 billion IoT devices accessing networks, with the vast majority leveraging wireless connectivity.
This creates a new set of security risks at unprecedented scale. IoT devices connected to the network originate from thousands of manufacturers, typically with limited sophistication and little-to-no UI, making them harder to trust and secure.
Compromised IoT devices, as demonstrated by the Mirai attack, can cripple even giant enterprises if breached. As IoT devices proliferate on business networks, Wi-Fi networks that they access can offer a first line of defense.
Often static, with nobody to watch over them, the network must protect the IoT assets, and be protected from them at the same time. Organisations can use an adaptable, flexible and secure SD-LAN for increased access layer network security.
Aerohive’s Software Defined Security is part of the SD-LAN architecture, offering enhanced access network visibility and control, centralised policy management, and increased protection, while reducing operational complexity. The main attributes of the solution are:
Secure IoT authentication and encryption
Each IoT device can now effectively have a unique password, allowing it to be uniquely identified and secured on the network. Aerohive accomplishes this using Software Defined Private Pre-Shared Key that unlocks the benefits of 802.1X secured networks, without the drawbacks of certificate overhead or specialized client configuration.
Software defined private pre-shared keys
PPSKs can be used for IoT devices that typically don’t even support 802.1X. Customers can create (and revoke) tens of thousands of unique keys for individual or groups of devices on the same SSID that can be managed and distributed via the cloud, mobile applications, or user self-registration.
Granular visibility and control
Aerohive’s deep packet inspection firewall at the access layer enables the upstream and downstream prioritisation and isolation of IoT devices and applications as required, ensuring that compromised devices divulge no exposure into the wider network. It can also throttle the bandwidth of IoT applications, detect and block DDoS floods, quarantine threatening activity, and limit IoT device access.
Secure context-based access policies define which users, devices, and things can enter the network, then granularly controls what they can do once connected through role-based profiles and time-of-day and location-based access limits, VLAN containment, application rights, and bandwidth management.
Centrally managed policy enforcement
Create, deploy, and monitor secure access policies from any location with public and private cloud networking. SD-LAN’s cloud architecture reduces the complexity of managing and operating secure wired and wireless access networks. Cloud networking sets the balance between secure and simplified network access.