Comparison with consumer IoT and the case for better security in SMB networks
Research by Luba Weissmann, Chief Data Scientist at SAM
Overview
At SAM, we have developed a lean security agent to be installed on home and SMB internet gateways, in order to secure personal and Internet of Things devices. Unfortunately, IoT devices are highly exposed to cyber security attacks. At the core of our product is therefore the ability to secure any IoT device based on its behaviour, model and network signature.
Here we present an analysis of connected devices, and a comparison between consumer and SMB networks where our agent is installed. The analysis is based on half a million households, out of which ten thousand belong to small businesses.
The detailed analysis can be found below. Some of the conclusions that we have found of interest:
- Businesses have a substantially higher number of connected devices, with a larger percentage of IoT devices. With more IoT devices, the attack surface for small business networks is larger.
- Commonly vulnerable devices such as IP cameras, printers and routers are much more common in business networks.
- In addition, we are observing sensitive devices with network connectivity trickling into small networks, such as medical devices and points of sale.
- Business networks see an alarmingly high rate of “temporary” devices – network devices which connect to the network temporarily, never to be seen again. Those devices expose the network to outside attacks.
Detailed analysis
A high level view on connected devices
SAM monitors 5M devices daily, and can identify more than 20,000 different device models. We categorize each model into a “class” which hints at the functionality of the device. The overall distribution of classes can be found below.
Total distribution of devices by class
As expected, phones, PCs and laptops consist of the majority of connected devices. However, streamers, smart TVs, extenders, gaming consoles and printers also take a notable share. Other common IoT classes are IP cameras, smart watches, vacuum cleaners, E-Book readers and audio devices (speakers or receivers).
An overview of business networks
How many connected devices are connected on average to a home/SMB network? For this analysis we look at two different metrics:
- Overall number of devices connected to the network, measured during a three months period.
- Number of “permanent” devices, those devices we identified as continually connected.
Total number of devices, 3 months period
Number of “permanent” devices
About 50% to 90% of all devices in SMBs, depending on the SMB’s specifics, are “temporary” devices – devices which are seen only once for a few hours, then never again. Most of those devices are laptops, phones and smart watches. And while a typical home consists of 13 “permanent” connected devices, a business will have 21, approximately 50% more.
Detailed look on IoT business devices
Here we analyze which IoT devices are common in business networks. According to our own definition, we classify every device which does not have a browser as an IoT – that means every device which is not a smartphone, tablet, PC or laptop (Smart TVs sometimes fall on the grey area in between, but are considered IoT nonetheless).
The overall distribution of IoTs is presented below.
Distribution of IoT in SMBs
Distribution of IoT in households
Among the common IoT device classes, some are significantly more common in SMB networks. It can be seen more clearly in the graph below. Network equipment such as extenders and routers (mostly home routers) is often used to increase connectivity, while printers and cameras are used for obvious reasons in businesses.
Common devices in SMBs relative to households
In addition to the common IoTs, we often find various “exotic” IoT devices in businesses. Some of those include rather sensitive devices:
- Connected medical equipment such as Spirometers and Dental equipment
While in home networks, the “exotic” devices are amusing but less sensitive:
What is the connection to cyber security?
Some key statistics above are related in our opinion to the importance of securing small business networks. Those networks have some properties that make them more vulnerable to attacks:
- Larger share of IoT devices, Many of them (IP Cameras, Printers) have been found over the years to contain vulnerabilities.
Sensitive devices, such as small medical equipment, point of sales and control systems are beginning to be connected to small networks, without the proper security equipment usually found in enterprise networks.
SMBs – IoT vs. Non IoT
Households – IoT vs. Non IoT
Many “temporary” devices – A key property of SMBs, in network perspective, is a high flow of temporary devices in short periods of time, most likely guests and clients. Those devices often connect to the same Wi-Fi network, where sensitive devices and information also reside.
Average lifetime of devices, in hours (Measured during a 3 months period)