The Internet of Things— Game changer or security nightmare?

By trent posted Jun 08, 2016 11:30 AM


I recently noticed that much of my incoming mail from publications and other vendors is alerting me to the fact that the Internet of Things (IoT) is going to change our lives — for the better for most, but it might create havoc for IT. How does IT account for unknown devices, wearables, new operating systems and a greater number of non-user managed things?


We’ve all seen the latest stats. According to the The Internet of Things 2015 Report, 34 billion devices will be connected to the Internet by 2020, of which 24 billion will be IoT devices. These will include all sorts of consumer wearables like Fitbits, to smartphone-based car keys and garage door openers. But the big surprise is that the largest adopter of IoT will be businesses, not consumers. Businesses are projected to have 11.2 billion IoT devices installed by 2020.


While IoT offers obvious benefits for businesses — intelligent workplaces, smart conference rooms, the potential for energy efficiencies—the flipside of all those benefits are the possible security gaps that IoT brings to the enterprise network. Should of these headless devices be placed on production networks, and will admin privileges on these devices give hackers an opportunity to infiltrate Intranet networks, potentially accessing sensitive data.


Given their sheer number and the security risks they pose, IoT devices need to be an integral part of the conversation when planning network infrastructures—the network needs to be smart enough to classify and understand the behavior of these devices. And it needs to be able to kick a suspect device off the network until it can be trusted.


At Aruba, we’re tackling the IoT security dilemma the same way we did with BYOD — although now we’ve had to up our game. With Aruba ClearPass 6.6, IT can create custom fingerprints for an IoT device in minutes instead of weeks to support real-time decision making for access and security actions.


The latest enhancements to ClearPass enable IT to create custom profiles in order to identify and securely place IoT devices onto appropriate VLANS and enforce policy rules in real-time. Through real-time interaction with third party best of breed security solutions, ClearPass can automate threat protection for devices that represent risk, with minimal hands-on IT interaction.


For instance, if a new HVAC sensor attempts to log in to a server that stores financial data, something must not be right. If it now looks and acts like a computer, ClearPass can potentially bounce the device off of the network. If a hacker is using admin privileges and a firewall recognizes a traffic pattern for the device that triggers enforcement, the firewall can take action. The request to access the server can be blocked, and the firewall can then request that ClearPass bounce the device from the network.


ClearPass, version 6.6 is ready for download today. And, as we continue to look at IoT we’ll be working on further enhancements. Now that we’re part of Hewlett Packard Enterprise, there are plenty of ways to use ClearPass and other products within our portfolio to help organizations prepare for the potential nightmare of IoT.


If you have any questions about ClearPass 6.6 or how you can better prepare for IoT, let me know.



Oct 16, 2017 06:00 PM

Hi airhead12344,


You can try this link for ideas on how to implement policies for devices found during profiling -


Here's somehting on adding customer fingerprints as well -


Hope this helps,


Oct 13, 2017 07:34 AM

Hi, where might I find more information on how to leverage Device Profiling for IoT devices? In particular, how do we handle devices that are not capable of 802.1x? Today, I would use MAC Auth against a Static Host List in Clearpass then assigning appropriate Policy. That isnt really dynamc however. How can I make this more Dynamic?


Also, the comment "With Aruba ClearPass 6.6, IT can create custom fingerprints for an IoT device in minutes instead of weeks to support real-time decision making for access and security actions." -  Is there more specific information I can look into in regards?



Jun 08, 2016 06:19 PM

 Excellent articulation of the problems posed by IOT devices and ways to address them. In addition custom finger printing we have also significantly enhanced our ability to discover devices in the network resulting in a much more improved level of profiling. We are also in the process of partnering with several of the leading IOT device vendors to ensure we have the fingerprints to recognize their devices in the network. ClearPass is IOT ready today, and with every successive release we will continue to enhance our capabilities to protect networks with IOT devices.