Risk management is a never-ending task. Security engineers must continuously evaluate threats, vulnerabilities and risks to meet compliance mandates and stay ahead of attackers. Analysts must be able to analyze near daily vulnerability reports and calculate their impact on systems. This can lead to overwork and fatigue as vulnerability reports never stop. Automation is critical to helping organizations make sense of threat intelligence data, dynamically update policies and achieve continuous compliance within systems. Machine-readability is required to enable automated threat and risk analysis processes.
This article examines some of the automated threat and vulnerability management options available today and discusses how these approaches can be adapted to the goal of securing the IoT and maintaining near real-time views of not only compliance but also risk status. A previous article more broadly discussed the need for tools that help developers more effectively build security into IoT products.
To enable automated risk management for IoT deployments, analytics systems ingest data from numerous disparate sources and automatically analyze that data to craft a clear picture of the latest risks. Sources of data ideally include IoT products themselves which should be designed to report on device software and hardware composition and third-party or open-source components. Firmware analysis tools run by the security operations team scan the latest deployed firmware and report back on weaknesses. Threat intelligence feeds provide context to threats including attacker profiles and capabilities. All of this data should be provided in machine-readable format so that it can be fed to machine-learning algorithms that are trained to calculate a risk profile for each device. Maintaining a continuously updated risk profile of each type of device provides a solid foundation for analyzing security trade-off decisions. Figure 1 shows a framework for automated and continuous threat and risk analysis.