smarter. Network perimeters aren’t dead. Rather, they’ve gone everywhere. We now need internal
perimeters around all the uncontrollable endpoints in our networks.
Resilience is also key, because perfect protection and containment are not possible. Experienced
organizations balance their efforts between protection and recovery, recognizing that incidents are
inevitable, but serious damage is not. Resilience means understanding your infrastructure ahead of an
attack, thinking through how an incident could spread, and building response and containment plans, just
the way first responders anticipate and practice for the inevitable bad days.
IoT presents novel challenges for today’s CISO. The three-step strategy recommended here starts by
understanding the categories of IoT devices that you use (whether you planned to or not).
Next, realize that standard techniques we use to control general-purpose computers don’t work, and so
we have to rely on segmentation. Third, we cannot expect to stop all incidents, so having a well thought
out containment plan, based on real knowledge of your environment, is essential to damage control. This
is how CISOs can deal with the IoT headache and deliver resilience in this complex new world.
About the Author
Dr. Mike Lloyd has more than 25 years of experience modeling and
controlling fast-moving, complex security and network systems and
holds 21 patents. He joined RedSeal as the Chief Technology Officer
(CTO) in 2004 and has been growing the company’s brand and
reputation through its technological innovations ever since.
Dr. Mike can be reached online at RedSeal’s website
https://www.redseal.net/