The New Shadow IT: How Will You Defend Against Threats from Amazon Sidewalk and Other “Unknown Unknowns” on Your Network?

Etay Maor
July 20, 2021

Amazon has recently enabled Sidewalk on its devices, raising security and privacy concerns for consumers. But those devices also lurk in many enterprise networks. How can your organization protect itself from these unknown threats?

Security discussions usually revolve around known or perceived threats – ransomware, phishing, social engineering — and which security practices can address them. Which is well and good, but, as the recently deceased Donald Rumsfield put it, what about the unknown unknowns of cyber security?

A recent example is the launch of Amazon Sidewalk – a new feature for Amazon devices that constructs a shared network between devices such as Amazon Echo devices, Ring Security Cams, outdoor lights and more. Sidewalk is meant to be a low-bandwidth wireless network that can connect devices in hard-to-reach places.

Cybersecurity Master Class: Episode 4: Supply chain attacks & Critical infrastructure

But numerous security concerns have also been raised about Sidewalk. While some of the consumer security concerns that have been raised seem like hyped security FUD, others raise valid alarms for any security-minded individual:

  • Sidewalk’s automatic opt-in – Dot, Ring, Echo, Tile and other devices enable Sidewalk automatically unless the user explicitly opted out. This is not behavior enterprises would expect from their devices.
  • Sidewalk’s new encryption method – Doing encryption right is not an easy task, especially when introducing new methods. While Amazon promises its triple encryption will make data transfer safe, their new methodology has not been battle tested yet.
  • Updating and patching – Devices always need to be managed and kept patched. Even if you patch all your connected devices, Sidewalk is now connecting devices to your network that may not be up to date.
  • Third-party data access – Sidewalk devices will share data with third parties in the future as well as integrate with third party compatible devices.

How can any enterprise make statements its risk preparedness when risk-filled consumer devices might be inhabiting the organization’s network??

This is far from an academic exercise. The Cato Networks Research Team analyzed the network traffic of dozens of enterprises and found hundreds of thousands of flows generated by Amazon Alexa-enabled devices.

And Alexa isn’t the only consumer device or application lurking on your company’s networks. After analyzing 190B network flows as part of Cato Networks SASE Threat Research Report for Q1 of 2021, we discovered flows from many consumer applications and services, such as TikTok, TOR nodes, and Robinhood, on enterprise networks.

Shadow IT: A More Urgent Problem with Work from Anywhere Policies

Unidentified applications and devices and Shadow IT in general have always posed a security risk. What has changed now, however, is the shift to remote work. With the introduction of the home office into your corporate network, home-connected devices with all of their vulnerabilities suddenly become part of your network. And to make matters worse, visibility into those networks diminishes leaving you with a blind spot in your security defenses.

These risks can only be identified if the organization has complete visibility to ANYTHING connecting to its corporate network. This is where SASE comes into the picture. By operating at the network level for all devices and users — in the office and at home — you can see every network flow and every device on your network, giving you visibility to the unknown unknowns of your network.

 

 

Etay Maor

Etay Maor is the Senior Director of Security Strategy at Cato Networks and an industry-recognized cybersecurity researcher. Previously, Etay was the Chief Security Officer for IntSights, where he led strategic cybersecurity research and security services. Etay has also held senior security positions at IBM, where he created and led breach response training and security research, and RSA Security’s Cyber Threats Research Labs, where he managed malware research and intelligence teams. Etay is an adjunct professor at Boston College and is part of Call for Paper (CFP) committees for the RSA Conference and QuBits Conference. He holds a BA in Computer Science and a MA in Counter-Terrorism and Cyber-Terrorism.