The Graylog blog

Improving IoT security with log management

The Internet of Things (IoT) revolution has set the beginning of a new age of data transfer. Each day, a massive number of new devices get added to all kinds of network infrastructures, transferring gargantuan amounts of data back and forth. In the next decade, we expect the number of IoTs to grow to a staggering 207 billion connected devices – practically outnumbering the human population tenfold.

As these devices communicate with each other and with the system networks, countless log files are generated in real-time on a constant basis. We know we can strengthen IoT security with a wise log management strategy. So, how can we leverage these event logs to improve the cybersecurity of these often extremely vulnerable access points to our systems?

WHY ARE IOT DEVICES VULNERABLE TO CYBERATTACKS?

It’s probably a known fact already that IoT devices often represent a vulnerable access point that could be exploited by hackers and other malicious actors. Even “ordinary” people who do not work in the IT field saw that Black Mirror episode with the webcam after all. However, did you know that, according to Symantec in 2019, cyberattacks targeting IoTs have increased by a jaw-dropping 600% between 2016 and 2017? Even today, 70% of these devices include some kind of vulnerability. In the (somewhat) near future, up to 90% of all our vehicles are going to be connected to the internet, so it’s easy to do the math.

Lack of proper manufacturing standards, corners being cut to keep the prices low at the expense of security, and the difficulties in properly encrypting IoT devices, all contribute at making these access points a known soft spot in every cyber attack strategy. Today, 99.9% of traffic to our honeypots is automated – a horrifically dangerous scenario, given that most modern bot armies and malware are scripted to attack at scale. You need just a simple ill-equipped IoT toothbrush to get infected by a malicious actor to bring a giant multinational corporation to its knees. Pitch-perfect tracking and in-depth log monitoring strategies aren’t a luxury anymore. You must employ them if you want to have a chance at spoofing these attacks in the event your enterprise becomes a target.

HOW CAN LOG MANAGEMENT/MONITORING SOLUTIONS IMPROVE IOT SECURITY?

IoT devices generate large amounts of logging and events data, which can be monitored and overseen both for troubleshooting purposes and as part of preemptive strategies as well. Keeping track of every different activity of a myriad of IoT devices is impossible, as many monitoring processes do not scale to address their sheer volume. If the log management solution isn’t quick or scalable enough, the clunkiness of a bloated logging system may get in the way of proper network control.

MONITORING AND REACTING

First thing first, centralizing all access logs allows IT managers to maintain all vulnerable devices under their control. Automatically ingesting audit logs in a centralized repository allows organizations to identify potential security breaches or internal misuses of information as soon as they occur. Modern logging is evolving towards new, more structured log formats. The new management tools are able to deal with data that is much more complex than just plain text. Analyzing audit and device logs is a standard requirement to assess system damages, improve IoT security, and establish agile reaction and mitigation protocols.

FORENSICS AND PREVENTION

Event logs can be used for cyber forensic works – audit trails are the evidence that will be investigated to reconstruct the “story” of a recent issue. All connected devices share a lot of information between themselves so that when an intrusion occurs, a trail is left behind. Other than just analyzing the compromised entry accesses, centralized event logging allows us to connect the dots and find correlations between events that may otherwise look unrelated. If things go south no matter what and the intrusion happened already, at least collecting pertinent information from logs can help to avoid similar outcomes in the future.

CONCLUSION

An efficient log management tool with a properly streamlined interface is mandatory to boost the SecOps team efficiency. Other than just guaranteeing constant network uptime, an in-depth understanding of an enterprise’s IoT landscape brings value in the form of proactive rather than reactive security. Reducing downtimes and ensuring opportune mitigation and/or prevention strategies comes with the territory with a robust IoT management system. And all IoT network monitoring strategies need to be founded on a solid log management infrastructure.

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog Blog delivered to your inbox once a month.