Your IoT Network R Belong To Me: Why Segmentation is Not Enough to Resolve IoT Risk

Network segmentation has been a common recommendation in the security community for years. Done correctly, it can minimize the attacker’s ability to move laterally throughout a network, to inflict more damage on a system, or to consume network resources in an availability attack. In practice, however enterprises rarely take the step of fully segmenting their networks in accordance with organizational policies and, if they do take this step, they don’t monitor the segments for policy violations. In the age of the Internet of Things, this security approach can actually be fatal. This talk describes the failings of the 'segmentation-first' model when considering the pace of IoT adoption by demonstrating how to take over an entire IoT network segment. Additionally, we will discuss how to discover and address these issues in the enterprise.