SOAR: The Key to Building a Trustworthy Iot

By Cody Cornell, founder CEO, Swimlane and Trent Hein, co-CEO, Rule4

Gadgets and devices connected through the internet of things (IoT) are infiltrating every aspect of our daily lives. From our personal spaces to our businesses, the easily deployable control and sensor technology promote healthy living, staying connected, improved operational efficiencies, unmanned control and so much more. With giant corporations such as Amazon, Google, Microsoft, and others investing billions of dollars in the IoT space, it’s apparent the IoT is changing our lives and the future of business.

Digital transformation has spurred a modern-day industrial revolution as organizations strive to achieve better productivity and management of processes and assets. The rapid proliferation of network-connected devices has created opportunities for smart analytics and machine learning, predictive maintenance, remote monitoring, and increased quality management.

In fact, according to a 2017 forecast by Gartner, the number of IoT devices in use will grow to a staggering 20.4 billion by 2020. This rapid escalation is creating a more collaborative, productive and profitable opportunity for information sharing across organizations, which comes with a bevy of both positives and negatives.

Industrial Internet of Things

IoT extends well beyond smart devices in the home and into the business/industry. Often called the industrial internet of things (IIoT), this specialized area of the IoT landscape is rapidly growing. From facilities management systems (i.e., HVAC, lighting and access control) and industrial process control systems on factory floors to network-connected treadmills at the gym and on-mountain pass readers at ski resorts, organizations are increasingly deploying embedded devices throughout their networks. Each of these devices can be either a source of data about the environment (including, in some cases, consumer usage patterns) or a way to control a component of the environment.

Whether it’s malicious outsiders or employee sabotage, the stakes are much higher in the industrial internet of things, where business continuity and personal safety are both at risk. And the rapid increase in IIoT devices has expanded the attack surfaces and threat vectors the cybersecurity industry is facing on a daily basis.

IIoT Cybersecurity: A Great Concern

Cybersecurity is not always considered as a top priority during an IIoT product’s design phase. Because the IIoT is a burgeoning market, many product designers and manufacturers are more concerned with rapidly getting their products to market, instead of taking the necessary steps to build cybersecurity in from the start. From default passwords to a lack of computing resources necessary to implement effective cybersecurity, many IIoT devices do not or cannot offer adequate cybersecurity protection features.

As a result, bad actors are scanning for IIoT vulnerabilities at a frenetic pace. In fact, according to “The CEO’s Guide to Securing the Internet of Things,” experts have seen a dramatic 458 percent increase in IoT vulnerability scans against devices since 2013, with scans representing adversaries looking for weaknesses in your network defenses.

While the analysis and distribution of collected information and data is essential for device developers and manufacturers to derive predictive models, managing the overwhelming amount of data remains a privacy concern as well. The expectation of the public is when companies handle data, they will handle it securely. Unfortunately, as recent high-profile examples have illustrated, that notion is not aligned with reality.

Today, the IIoT focus is primarily on integration and convergence across industrial verticals. As such, implementing a robust cybersecurity program for IIoT requires a complicated combination of architecture, technical and integration controls as well as the adaptation of traditional cybersecurity platforms. And while executing a credible approach to cybersecurity is one thing, the ongoing operational management of authentication credentials and operations, especially for large deployments of non-homogenous devices, is equally important.


Traditional cybersecurity does not always work with IIoT device deployments. For example, IIoT platforms struggle to verify the authenticity of 10,000 IIoT devices when they don’t have associated users to enter a user name and password. A major challenge is keeping IIoT devices updated and secured throughout their lifecycles.

As IIoT device adoption increases, automation becomes an essential component of cybersecurity. Automation is crucial when you think about the vast number of connected devices and applications in our daily lives. Because it’s impractical to manage the configuration of 10,000 devices manually, we need to step out of the traditional IT mindset that a human is going to “touch” a device to harden it from a cybersecurity perspective. Automation ensures consistency and allows the operational status and cybersecurity profile of every connected device to be known.

Security Orchestration, Automation, and Response

While security orchestration, automation, and response (SOAR) solutions might traditionally be marketed for enterprise IT environments, cloud computing environments that support IIoT devices pose similar privacy and cybersecurity challenges. SOAR solutions can be easily applied as a centralized way to manage a fleet of IIoT devices to ensure that they are always in their best possible state from a cybersecurity perspective.

SOAR solutions can also help with the tedious chore of fleet inventory management, identifying new devices as they come online and deploying appropriate cybersecurity hardening steps. Additionally, SOAR supports a number of key functions in the security operations center (SOC) to help organizations work smarter, respond faster and strengthen their defenses.

Automation enables cybersecurity teams to work smarter by executing previously time-consuming actions across the IIoT environment in seconds, turning what could be impossible into an easy task. A SOAR platform can provide orchestration integration across applications and APIs, enabling cybersecurity professionals to connect and coordinate complex workflows across teams and tools. Events can be aggregated and escalated to cases, which makes them easy to track, then cybersecurity teams can rapidly triage those incidents in an automated, semi-automated or manual fashion. SOAR dashboards combine all the critical information needed to understand the current state of cybersecurity operations and help SecOps teams increase situational awareness and drive efficient communications.

In many IIoT environments, there are tangible life-safety risks where managing cybersecurity though SOAR solutions become essential. Consider failing runway lights in an airfield as an example. As an airline pilot prepares for landing, he and his crew don’t have time to prioritize alerts to understand what’s going on, and nor does air traffic control. Consequently, there must be a system in place that automatically restores those lights so that he can land the plane safely. SOAR platforms provide a highly integrated, automated response that addresses these types of situations.

While the convergence of IT and IIoT networks has created a number of challenges for cybersecurity teams, automation and orchestration technologies have the potential to enable cybersecurity operations professionals to respond to the inevitable challenges ahead. The benefits of SOAR include consistent execution of complex workflows comprised of human and machine-driven actions, as well as an auditable system of record for all these processes, providing the basis for analytics and improvement in the rapidly growing IIoT enhanced world.

About the Authors

SOAR: The Key to Building a Trustworthy IotCody Cornell is the CEO of the Swimlane. He is responsible for the overall strategic direction of Swimlane and their SOAR platform. As an advocate for the open exchange of security information and deep technology integration, he constantly strives to enable organizations to maximize the value of their investments in security technology and staff. Cody began his career in the U.S. Coast Guard and has spent 15 years in IT and security including roles with the U.S. Defense Information Systems Agency, the Department of Homeland Security (DHS), American Express and IBM Global Business Services.  He has also had the pleasure of presenting at information security at forums such as the U.S. Secret Service Electronic Crimes Task Force, the DHS Security Subcommittee on Privacy and National Public Radio. Cody can be reached online at [email protected], @codycornell on Twitter and at our company website

About Swimlane

Swimlane is at the forefront of the growing market of security automation, orchestration and response (SOAR) solutions and was founded to deliver scalable and flexible security solutions to organizations struggling with alert fatigue, vendor proliferation, and chronic staffing shortages. Swimlane’s solution helps organizations address all security operations (SecOps) needs, including prioritizing alerts, orchestrating tools and automating the remediation of threats—improving performance across the entire organization. Swimlane is headquartered in Denver, Colorado with operations throughout North America and Europe. For more information, visit

SOAR: The Key to Building a Trustworthy IotTrent R. Hein is Co-CEO at Rule4, a boutique professional services firm specializing in cybersecurity and emerging technology. A serial entrepreneur, Trent is passionate about building businesses that have a positive impact on employees, clients, the community, and the world. Bedrock to all his ventures is helping clients maximize their IT investment in the areas of security, performance, and availability. Trent holds a B.S. in computer science (CS) from the University of Colorado at Boulder. He is a co-author of the Unix and Linux System Administration Handbook, currently in its fifth edition. Learn more about Trent at Rule4 or find him on Twitter @trenthein.

About Rule4

Rule4 is a global professional services firm that provides practical, real-world knowledge and solutions. Having the right expertise available at the right time is essential, and we’re here to help make that a reality. Rule4 provides cybersecurity and emerging technology expertise for every organization. We follow the spirit of Asimov’s fourth rule as we help organizations apply technology inefficient, secure ways that benefit and protect humankind and our planet. Rule4 has Certified B Corp Pending status, which means we put people before profit, always.

May 7, 2019

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...