The network is transforming at a rapid pace, with multi-cloud environments and an ever-expanding range of devices connecting to the internet across both wired and wireless. Consider the vulnerabilities created by smartphones, HVAC systems, lighting, serverless cameras, robotic tools, medical devices, and vending machines, all being part of your network. This wave of new devices form a more complex environment with exponentially greater levels of scale and complexity.

Most internet of things (IoT) devices were not designed with built-in security, and the diversity of these devices makes these endpoints difficult to manage. In most situations, IoT devices are not enterprise-ready, as the device may lack proper software updates and security fixes to maintain an appropriate secure posture and level of network access.

Consequently, IoT devices can introduce significant risk, especially if you’re trying to control something that you can’t see or manage at the network edge. The exploitation and hacking of an unsecured endpoint could lead to massive business disruption through a data breach. Given regulatory compliance (GDPR, HIPAA, PCI DSS, CCPA, et al.), there’s also potential for serious financial impact from fines.

The Unpatched OS Exploitation

To explore this concept further, let’s imagine there is an ultrasound (US) device that is part of the internet of medical things (IoMT). The device’s systems share imagery and related protected health information (PHI) over the internet. Each device also stores a significant amount of data itself, making it an attractive target for bad actors.

In this scenario, the device is running an outdated operating system, with vulnerabilities that are well-documented online for hackers to exploit. The device manufacturer’s open source software components also increase the vulnerability of its systems. Additionally, the manufacturer pushes out proprietary software updates over the internet.

For the purposes of our example, the hospital system using this device has units at several of its branch locations. With the device being connected to the network, a hacker group could leverage the manufacturer’s security gap to quickly move laterally throughout the entire hospital system network with malware that can cause a network shutdown, steal patient data, and create massive massive disruption to services needed not only for operations but to potentially save lives.

While this story is fictional, such attacks have occurred not only in healthcare, but also across many other industries. The described methodology is real, as are the security holes in too many IoT devices on the network today.

How can a security operations center (SOC) segment these endpoints on its network to mitigate these security concerns?

Cisco Takes the Fear Out of IoT

Cisco’s highly scalable IBN solution through Cisco DNA Center simplifies management, security, and monitoring of all the devices on your network. The technology delivers on the vision of applying and assuring intent from client to application by bringing intent-based networking, and taking this simplicity across all domains: data center, campus, branch, WAN, and multi-cloud.

Here’s the process for how this simplicity is delivered for IoT.


With Cisco Software Defined Access (SD-Access) and Cisco Identity Services Engine (ISE), everything that attempts to connect to the network is seen and discovered, including IoT endpoints. By using passive and active monitoring, ISE utilizes network traffic information from each connection request to recognize new devices.


Through profiling techniques and behavioral analysis built into ISE, SDA classifies and identifies IoT devices. Again, passive and active monitoring is utilized to analyze traffic associated with each device. And by using device sensor capabilities, which is built directly into Catalyst 9000 series switches and wireless controllers, critical profiling information is gathered without new equipment or changes in network design.

This information is compared by ISE against Cisco’s extensive, built-in profile library to even more accurately classify the device. The library, which is continuously updated in the cloud, includes carpeted IoT endpoints, medical devices, industrial devices, and more. Cisco uses Manufacturer Usage Description, an IETF standard to identify devices based upon the device manufacturers.


With segmentation through Cisco SD-Access, the network now acts as a security control for IoT as it grants the right level of access for each device. This segmentation ensures that other network traffic doesn’t adversely affect the device, while also preventing the device from adversely affecting other traffic on the network.

Additionally, SDA partitions the network into two hierarchical levels: Virtual Networks (VNs) for high-level network areas like the corporate network, IoT, and factory floor; and Scalable Groups (SGs) for discrete, sub-VN segments like printers, employee devices, and elevators. The network then defines the relationships between different network segments as a set of permissions among each role on the network. The macro- and micro-segmentation hierarchy enables a very flexible and scalable segmentation technique.


Once the device is discovered, classified, and secured, the SDA solution continuously monitors network traffic to spot potential anomalies like MAC address spoofing, significant operating system deviations, and network adapter abuse. For example, if a MAC address was associated with an iPhone yesterday, but now appears as a Windows 10 PC, SD-Access detects the anomaly and can quarantine the device until a security investigation is complete.

Delivering the Value of IoT

Through a single user interface, Cisco DNA Center enables complete visibility of the entire network — both wired and wireless. With best-in-breed profiling technology, the network automatically discovers new endpoints, secures them, and monitors them, now and into the future. With the power of Cisco’s intent-based networking, network operators can reduce time spent on network design, implementation, testing, and troubleshooting. Faced with a limited talent pool and a constrained budget, intent-based networking also dramatically lowers OpEx to drive efficiencies.

Perhaps most critical to your business: sophisticated threats are identified and neutralized — including those presented by disparate IoT devices — before they can cause harm.

Find out how Cisco’s Digital Network Architecture (DNA) can transform your network with intent-based networking. Provision and configure all your network devices in minutes. Use advanced analytics to proactively monitor, troubleshoot, and optimize your network.


Please share your questions in the comments below. In future blog posts, we’ll take a closer look at different aspects of intent-based networking and the simplicity it offers customers.



Muninder Sambi

VP, Product Management

Cisco Enterprise Switching