* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Cloud Computing](https://www2.paloaltonetworks.com/blog/category/cloud-computing-2/)
* IoT Security: Sorting Thr...

# IoT Security: Sorting Through the Noise to Take Action

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2014%2F10%2Fiot-security-sorting-noise-take-action%2F)  
[](https://twitter.com/share?text=IoT+Security%3A+Sorting+Through+the+Noise+to+Take+Action&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2014%2F10%2Fiot-security-sorting-noise-take-action%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2014%2F10%2Fiot-security-sorting-noise-take-action%2F&title=IoT+Security%3A+Sorting+Through+the+Noise+to+Take+Action&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2014/10/iot-security-sorting-noise-take-action/&ts=markdown)  
\[\](mailto:?subject=IoT Security: Sorting Through the Noise to Take Action)  
Link copied  
By [Palo Alto Networks](https://www.paloaltonetworks.com/blog/author/palo-alto-networks-staff/?ts=markdown "Posts by Palo Alto Networks")  
Oct 27, 2014  
4 minutes  
[Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown)  
[Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)  
[Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown)  
[Internet of Things](https://www.paloaltonetworks.com/blog/tag/internet-of-things/?ts=markdown)  
[IoT](https://www.paloaltonetworks.com/blog/tag/iot/?ts=markdown)  
[Iron Bow Technologies](https://www.paloaltonetworks.com/blog/tag/iron-bow-technologies/?ts=markdown)  
[NCSAM](https://www.paloaltonetworks.com/blog/tag/ncsam/?ts=markdown)  
[Traps](https://www.paloaltonetworks.com/blog/tag/traps/?ts=markdown)

This post originally appeared on Iron Bow Technologies' [Techsource page](http://www.techsource.ironbow.com/articles/cyber-security/iot-security-sorting-noise-take-action/).

*Editor's Note: In honor of National [Cyber Security](http://ironbow.com/SolutionsandServices/InformationSecurity "Cyber Security") Awareness Month (NCSAM) we are focusing our content on tips and best practices in the area of [cyber security](http://ironbow.com/SolutionsandServices/InformationSecurity "cyber security"). This week, we are emphasizing the importance of* *protecting critical infrastructure and properly securing all devices that are connected to the Internet. We asked our partners at Palo Alto Networks to provide their thoughts on the topic.* *Isabelle Dumont,* *Director of Financial Services and Healthcare Initiatives, weighs in with her thoughts below:*

[![unnamed (1)](https://www.techsource.ironbow.com/wp-content/uploads/2014/10/unnamed-1-150x150.jpg)](http://www.techsource.ironbow.com/wp-content/uploads/2014/10/unnamed-1.jpg)Many businesses are aggressively pursuing Internet of Things (IoT) initiatives with the goal of creating revenue-generating opportunities or turning today's businesses into more profitable ones. From every corner of the economy you see connected devices disrupting the way we conduct business. In parallel, disturbing stories emerge on the lack of security around connected "things." Here are a few in various sectors:

* Transportation/connected ships: ["Shipping fleet exposed to hacking threats](http://articles.chicagotribune.com/2014-04-23/business/sns-rt-us-cybersecurity-shipping-20140423_1_maritime-industry-cyber-attacks-rig)" \[*Chicago Tribune*, April 2014\]
* Healthcare/connected medical equipment: "[It's Insanely Easy to Hack Hospital Equipment](http://www.wired.com/2014/04/hospital-equipment-vulnerable/)" \[*Wired* magazine, April 2014\]
* Automotive/connected cars: "[A Tesla-S driver was able to identify the operating system](http://news.softpedia.com/news/Owner-Hacks-His-Tesla-Model-S-Car-Install-Firefox-and-Finds-that-It-Runs-Ubuntu-437148.shtml)" running under the hood and installed Firefox \[Softpedia, 2014\]

First, when discussing the security of network-connected devices, it is important to distinguish between single or multi-purpose devices. Single-purpose devices typically collect a well-defined set of data that is sent back to a specific [cloud](http://ironbow.com/SolutionsandServices/CloudComputing "cloud") application for storage, analysis and intelligence gathering -- connected medical equipment and devices are a great example. On the other hand, multi-purpose devices connect to multiple servers and services hosted in some form of [cloud](http://ironbow.com/SolutionsandServices/CloudComputing "cloud") -- the extreme case being smartphones and tablets running any number of apps downloaded from app stores and used alternatively for personal and professional purposes.

The above distinction brings us to recommendations on how to best approach security:

* **Single-purpose connected devices or equipment** : Apply tight network segmentation and even isolation of the servers or [cloud](http://ironbow.com/SolutionsandServices/CloudComputing "cloud") services these devices connect to. Because these are part of a single-purpose specialized network, it should be straightforward to identify and document the applications and the types of files or payload exchanged on the network. Using application-level segmentation is very effective; you can block all traffic except the few applications that are explicitly authorized on this specialized network, regardless of ports used. This approach significantly reduces the risk of malware intrusion and lateral movement and will enable you to perform much tighter inspection of the authorized applications.

* **Multi-purpose connected devices or equipment:** Key principles such as limiting the traffic on the network(s) to what's legitimate and classifying all traffic are still applicable, as this will reduce the volume of unknowns and treated risks. Apply the same segmentation and tight control principles between the various [cloud](http://ironbow.com/SolutionsandServices/CloudComputing "cloud") services as well. Additional policy rules will be required to flag suspicious application behavior and payload. An obvious one is to not allow the download of .exe files outside of well-codified exception. It might take several iterations to get to the most effective segmentation and related rules. Regardless, [continuous monitoring](http://www.tenable.com/solutions/continuous-monitoring "continuous monitoring") and refinement of the security rules in such environment is a must.

In addition, for devices used for both professional and personal use, such as today's laptop, tablets or smartphones, we recommend that you deploy on the device a means to apply to the device the same security policies as those applied inside your [enterprise](http://www.netapp.com/us/products/storage-systems/fas8000/index.aspx "enterprise"). A [gateway solution](https://www.paloaltonetworks.com/products/technologies/globalprotect.html) can enable this and start monitoring devices as they connect to your [enterprise](http://www.netapp.com/us/products/storage-systems/fas8000/index.aspx "enterprise") to prevent any malware intrusion.

* **Protecting the endpoint:** Wherever applicable, we recommend adding advanced protection directly at the device level. For equipment based on the Windows platform, our advanced endpoint protection solution, aka "Traps," is a great option given the high percentage of threats that are no longer detected by traditional anti-virus products. Traps is a revolutionary approach for threat prevention that works: Instead of using signatures to detect malware, Traps focuses on the few techniques that threats have to use to infiltrate a system, thus blocking the attack before it even takes its first step.

If you are interested in learning more about implementing the above recommendations, here are some suggested resources to visit:

* [The benefits of application level visibility and control](https://www.paloaltonetworks.com/products/features/application-visibility.html)
* [Upcoming webinar (Oct 22) on the topic of network segmentation](https://engage.vevent.com/rt/scwc~oct22paloalto?code=paloaltoA)
* [Application-based network segmentation](https://www.paloaltonetworks.com/solutions/initiative/network-segmentation.html)
* [Advanced endpoint protection with Traps](http://media.paloaltonetworks.com/lp/traps/)[](http://media.paloaltonetworks.com/lp/traps/)

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Made for Each Other: AI and IoT](https://www2.paloaltonetworks.com/blog/security-operations/made-for-each-other-ai-and-iot/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)

[#### Save Costs and Stay Secure While Accelerating Your Move to the Cloud](https://www2.paloaltonetworks.com/blog/security-operations/save-costs-move-to-the-cloud/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)

[#### Five steps to deploy a zero-trust attack surface management solution](https://www2.paloaltonetworks.com/blog/security-operations/zero-trust-attack-surface-management-framework/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)

[#### WAAS-Up with Cryptojacking Microservice-Based Web Apps?](https://www2.paloaltonetworks.com/blog/cloud-security/waas-cryptojacking-microservice-based-web-apps/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)

[#### How to Set Up Prisma Cloud Threat Detection in 6 Steps](https://www2.paloaltonetworks.com/blog/cloud-security/how-to-set-up-prisma-cloud-threat-detection/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Better Together With IBM and Prisma Cloud Compute Edition](https://www2.paloaltonetworks.com/blog/cloud-security/better-together-ibm-prisma-cloud/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language