Logo air
Home |Does Micro-Segmentation Really Offer Ultimate Protection for OT/IoT/IoMT Devices?

Does Micro-Segmentation Really Offer Ultimate Protection for OT/IoT/IoMT Devices?

Micro-segmentation – dividing up your network and setting controls for each part – is currently the trendy solution to have for securing OT, IoT, and IoMT devices, but this belief overlooks several critical realities.

Limited Visibility

Problem: In environments with OT, IoT, and IoMT devices, installing agents is not feasible, nor do these devices always possess identifiable attributes like traditional endpoints. Consequently, micro-segmentation relies on predefined network boundaries and static rules to restrict access between devices. This approach lacks the granular visibility needed to detect and understand the behavior of each device, leading to significant blind spots.

Example: In 2017, the WannaCry ransomware attack exploited unmonitored medical devices like MRI scanners and infusion pumps in healthcare networks, causing widespread disruptions across hospitals because these devices were not adequately visible within the segmented network boundaries.

    Operational Complexity

    Problem: Micro-segmentation requires complex and resource-intensive implementation and maintenance, especially in environments with dynamic and diverse OT, IoT, and IoMT devices. In large corporations, these environments continuously change as new devices are added, removed, or updated. This constant flux makes it challenging to manage policies effectively, creating gaps that threat actors can exploit.

    When most micro-segmentation vendors state they have solved operational complexity, they say it for systems where agents can be installed, identities can be managed or network traffic can be decrypted and granularly monitored. None of these cases are feasible in OT/IoT/IoMT cases. Does this remind you of your WAF that was always stuck in monitoring mode or needed daily care and feed?

    Example: During the 2015 cyberattack on Ukraine’s power grid, attackers took advantage of poorly managed network segmentation to disable critical OT devices and disrupt power distribution, demonstrating how difficult it is to manage segmentation policies across dynamic environments.

    Not Built for Wireless

    Problem: Micro-segmentation was primarily designed for wired networks and data centers, not for the unique challenges presented by wireless airspace. It doesn’t account for the transient nature of wireless devices that frequently move in and out of coverage or the unpredictable communication patterns of IoT devices, which can bypass segmentation rules.

    Example: The 2021 Verkada breach highlighted how attackers could gain unauthorized access to wireless security cameras, demonstrating the inadequacy of traditional segmentation techniques in controlling wireless devices that do not adhere to static network boundaries.

    Doesn’t Prevent Exploitation of Vulnerable Devices

    Problem: While micro-segmentation can limit lateral movement within a network, it does not stop the initial exploitation of a vulnerable OT, IoT, or IoMT device. If a device is compromised, the damage is already done, especially if it has access to sensitive data or critical operations.

    Example: In 2018, a cyberattack on a casino’s network was initiated through a compromised IoT-connected fish tank thermostat. Although the network was segmented, the attackers leveraged this device to gain access and move laterally, proving that segmentation could not prevent the initial device compromise. In healthcare, the impact could be even more severe: a compromised infusion pump or ventilator could pose direct risks to patient safety.

    Limited to Known Threats

    Problem: Micro-segmentation typically relies on known traffic patterns and predefined policies, making it less effective against zero-day threats or new attack vectors that do not match existing rules. Attackers can still find ways to exploit devices that have not been properly secured or monitored.

    Example: The 2020 SolarWinds supply chain attack showed that even with segmentation, sophisticated attackers could introduce novel attack vectors that bypassed traditional security measures. The malware used in this attack was unfamiliar to many existing security tools, allowing it to spread despite network segmentation policies.

    A Proactive, Comprehensive Approach is Needed

    Despite its limitations and complexities micro-segmentation plays a role in a broader security strategy, it is still far from a silver bullet for protecting OT, IoT, and IoMT devices. At best, it may help contain damage after an attack has already begun. In contrast, platforms like Aireye provide proactive defense, stopping attacks before they start and offering a comprehensive solution tailored for the unique challenges of securing your wireless airspace.

        This entry was posted in
        and tagged
        Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do..
        AI-driven | Saas | Zero-touch | Non-intrusive
        Request a Demo
        Logo air
        Linkedin

        Why Aireye?

        Network Airspace Threats

        Resources

        Hadassah Medical Center Use case
        Enterprise Wireless Security Best Practices
        Anatomy of an Over-the-Air Attack

        Solutions

        By Over-the-Air Threat

        Unauthorized Access
        Data Leakage
        Segmentation Hopping
        Device Hijacking

        By Industry

        Healthcare Providers
        Defense Manufacturers
        Other Industries

        Technology

        Platform

        How it Works
        The Gap in Network Airspace Security & How We Close It

        Values

        Visibility
        Control
        Protection

        Partners

        Meraki

        About

        Who We Are
        In The News
        Blog
        Careers
        Contact Us

        Copyright © 2024 Aireye | All Rights Reserved | Cookies Policy | Privacy Policy