Ontinue’s decision this month to extend the reach of its managed security services to cover Internet of Things (IoT) and operational technology (OT) systems puts a spotlight on what has become a thorny challenge in the cybersecurity world.
The IoT continues to expand rapidly, with Statista analysts saying the number of such connected devices – which can range from smartphones and thermostats to point-of-sale systems and massive industrial machines – will grow from 18 billion last year to more than 39.6 billion by 2033.
Meanwhile, OT is hardware and software used to monitor and control industrial processes and infrastructure, much of which is in critical infrastructure sectors, and that for decades was air-gapped and run on networks separate from an organizations IT environment. However, that’s changing as OT and IT environments continue to merge.
Both IoT and OT technologies are being integrated into organizations’ operations, which vastly increases the attack surfaces of these companies.
“Some of the worst hacks we’ve seen over the years actually occurred from OT and IoT devices because a lot of the devices are connected to [corporate] networks and are notorious for having security holes in them,” Bob O’Donnell, principal analyst with TECHnalysis Research, told MSSP Alert.
More Security Needed
The cybersecurity industry is moving to harden security around these devices, understanding that they are becoming prime targets for hackers looking for ways to access enterprise networks. For example, last month, iOT365 launched a security operations center (SOC) platform to help corporate security teams and MSSPs better manage security in world as IT, OT, and IoT converge.
Also last month, Xona Systems unveiled a new platform aimed at securing critical infrastructure, IoT, and OT environments.
Now comes Ontinue, the Redwood City, California MSSP with the new ION for IoT Security service, which uses Microsoft Defender for IoT for both IoT and OT environments, inventorying systems, collecting telemetry, and generating alerts. It combines with the ION managed extended detection and response (MXDR) service to give organizations a broader offering for managing their security operations.
“The rapid adoption of IoT and OT devices – and their integration into traditional IT environments – is creating unprecedented challenges for organizations seeking to protect their critical operations,” Ontinue CEO Geoff Haydon said in a statement.
In the Bad Actors' Crosshairs
The threat from this trend adoption is growing and is being seen on a national level, with Chinese nation-state actors targeting telecom networks in the United States and elsewhere and Iran-back threat groups targeting water systems, both considered critical infrastructure by CISA.
In a report last year, security firm Zscaler listed mobile, IoT, and OT systems among the “fastest-moving frontiers” in cybersecurity noting that 96.5% of people access the internet with a mobile device and 59% of internet traffic is generated by these devices. Zscaler noted a 45% year-over-year increase in IoT attacks in 2024, and added that “OT and cyber-physical systems, once air-gapped and isolated from the internet, have rapidly become integrated into enterprise networks, where threats can proliferate.”
The Platform Approach
Ontinue’s new IoT and OT managed security service delivers protection that includes continuous monitoring, investigation, and containment, an up-do-date inventory connected devices via Defender for IoT, threat detection and incident management, and on-demand security expertise.
Platform offerings that deliver such capabilities are becoming important at a time when there are more attacks – and more sophisticated attacks – and the IT environment is distributed across on-premises data centers, the cloud, and the edge.
TECHnalysis’ O’Donnell noted that companies typically have an average of 75 security tools they’re trying to manage and integrate, a challenge scenario. Having to extend that type of complexity to IoT devices and OT systems would be difficult.
“With this [ION for IoT Defender], if you can have something that someone that can standardize on, that would be a big deal,” he said.
