How to Secure IoT Devices with Aerohive A3
November 20, 2018 in
Are you struggling with IoT security and device management? Are you still wondering how to secure IoT devices based on all the information you’ve read in the news? Let’s take a closer look at how the next generation Secure Access Management with Aerohive A3 can help IT managers boost network security and control for a device category that is often overlooked, or sometimes even ignored because it is so challenging to work with from network security point of view.
These devices are the IoT (internet of things) – connected, “smart” devices that include everything from thermostats to lighting controls to smart door locks to security cameras and many others.
They present a huge challenge for network security, because of their sheer numbers and also because of the variety in their device capabilities. Some of these “Things” are pretty smart, for example, they may run a smart OS like Android or Linux so that we can interact with them and program a network credential into them. However, others are fairly basic – they may just run a RTOS and provide very limited interaction support. IoT devices can also be difficult to update in the future (if they even have software updates), so additional security for them is a must-have for enterprise networks.
The good news is that A3 has capabilities that enable us to effectively secure IoT.
How to Secure IoT Devices
First off, A3 offers a capability called device profiling. Each type of device (e.g. a Windows laptop, MacBook, Android phone, iPhone, Chromecast, etc.) has a unique electronic signature that is also called a device fingerprint. It is made up of different characteristics like it’s DHCP fingerprint, vendor, the MAC vendor, the user agent for browser-based devices, and more. Now A3 includes the world’s largest database of these electronic fingerprints, and we can use it to automatically profile the different devices that are coming onto the network, by comparing their fingerprints to the database. This works for all types of devices, including IoT.
And once the IoT are identified, Aerohive A3 can onboard them into dedicated IoT VLANs with appropriately defined network access rights.
For example, IoT should only connect to their IoT server, and never to the open internet where they can use it to hack into the corporate network. IoT also doesn’t require much bandwidth, so most of them require a lower QoS, however, they need access to the network 24/7, because they continually run. Closely gating the network access rights of IoT drastically reduces the exposure they represent otherwise, and as a result, significantly increases network security.
In summary, by leveraging the inbuilt device profiling capability and the ability to automatically onboard devices into dedicated VLANs based on their device category, Aerohive A3 enables us to boost network security for IoT devices, and manage them at scale. As your organization looks to deploy IoT devices, look to A3 to be your go-to-solution for securing IoT devices with its comprehensive onboarding, authentication and NAC capabilities.