Why MUD?
Before we explore what Manufacturer Usage Description (MUD) is, let's first determine if MUD is the correct solution for you. To do so, let’s review some widely accepted assertions:
Proliferation of IoT: The number of unmanaged IoT Devices connecting to the network has seen a significant increase in recent times.
Lightly Managed Devices: While the technology to secure managed (IT) devices such as laptops, printers, and tablets/mobile phones is fairly mature, the same cannot be said for IoT Devices such as security cameras, enviornmental sensors, or medical devices.
Open to Exploitation: The combination of Assertion 1 and Assertion 2 leaves a large gap in the security posture of many deployments. Recent attacks such as the Mirai Botnet and Stuxnet (worm attacking SCADA systems) exploit weaknesses of lightly protected IoT Devices. Known vulnerabilities in medical implants, baby heart monitors, webcams, and connected vehicles simply increase the attack surface.
Fingerprinting not Enough: Numerous fingerprinting methods are being explored in the market to profile IoT Devices to address this vulnerability. However, these profiles are informed guesses which are based on inputs that are subject to spoofing.
Manufacturer as Authority: Possibly the most authoritative method of profiling an IoT Device and restricting it to its intended use is to have the manufacturer inform the network of the identity and the normal communication patterns for that IoT Device.
Differentiation: Manufacturers and Integrators who can implement a technology to comply with Assertion 5 will differentiate their Enterprises, and stand to gain from the network effects of being early adopters. Ultimately CISOs and Security Professionals understand that any compromised device, IoT or otherwise, can lead to compromise of critical assets.
Network Security: The metaphor that a chain is only as strong as its weakest link is relevant to network security, where vulnerabality of IoT Devices can cause the entire network to be compromised. MUD addresses the pain point, "You cannot protect what you cannot see," which is at the very heart of securing endpoints.
Adopt MUD: If you disagree with any of the assertions stated above, let’s have a conversation. Otherwise, adopting MUD will allow you to be that differentiated Manufacturer, Integrator, or Network/ Security Administrator.