Simplify IoT profiling and deployment with Cloudi-Fi and Zscaler. Automate device profiling, ensure security, and streamline onboarding. Explore now!
Overview
To manage the growing adoption of IoT and address the challenges of untrusted device connectivity, comprehensive understanding and management are essential. The identification and profiling capabilities of the Cloudi-Fi framework allow for seamless enforcement of security profiles within the Zscaler stack.
The primary goal of the Cloudi-Fi IoT framework is to provide a hassle-free experience by automatically identifying devices as they connect to the network. This identification process enables assigning a ZIA (Zscaler Internet Access) security profile that aligns with the device’s minimal operational requirements. As a result, potential malicious activities by the device are restricted and mitigated.
Understanding IoT Operations with Cloudi-Fi and Zscaler
IoT Security Simplified thanks to Sublocation-Based Security Profiles & Automated Profiling with Cloudi-Fi DHCP Fingerprinting
Sublocation-Based Security Profiles for Robust Protection
When a device appears on the network, the initial action is to request an IP address lease from the DHCP server. Since most IoT devices lack authentication capabilities, the IP address becomes the sole identifying information for configuring security rules.
In legacy networks, wireless IoT devices of the same type are typically grouped by SSID, while wired IoT devices are connected to specific switch ports. These manual operations necessitate significant configuration efforts for each device. Moreover, the number of SSIDs should be limited to maintain optimal performance.
Cloudi-Fi streamlines the IoT onboarding process and simplifies network management. It automatically uses the DHCP process to assign an IP address based on the device category.
Within the Zscaler framework, a sublocation is automatically assigned to each IoT category and linked to a corresponding security profile.
Automated Device Profiling through Cloudi-Fi DHCP Fingerprinting
Cloudi-Fi's automated profiling goes beyond assigning a security profile to devices; it also enables device identification in advance. When a device initiates the DHCP process, both the initial DHCP request and subsequent IP address lease renewals contain a wealth of device information, including transmitted options, parameters, and MAC address.
To achieve the desired level of precision and adaptability in device identification, network and security administrators establish a set of rules and methods for filtering and interpreting the DHCP/MAC data set. These include static DHCP profiling, automated DHCP filtering using crowd and AI-based techniques, as well as vendor and static MAC addresses.
How to Manage the DHCP service
Streamlined Device Management
Cloudi-Fi offers a cloud-based DHCP service that is accessible anywhere, providing network administrators with a unified interface to manage all connected devices. This centralized control allows for visualizing and automating DHCP configurations from a single location. Cloudi-Fi supports DHCP for IoT devices as well as managed and unmanaged devices across the network. DHCP serves not only as a means for IoT profiling but also facilitates the management of various device types.
Network configuration parameters delivered through DHCP can be customized at different levels of the network hierarchy, including global, per location, per subnet, and per security profile pool.
DHCP pools are automatically inherited from security profiles configuration
We end-up with individual devices being classified into their security profiles and getting an IP address that corresponds to this profile.
Instant Security Automation through Zscaler Integration
Cloudi-Fi collaborates with Zscaler as a technology partner, enabling a comprehensive solution for seamless onboarding of untrusted devices onto the corporate network. These devices are automatically identified and secured based on their profiles within ZIA. Cloudi-Fi and Zscaler function as a unified solution, conducting identification, profiling, and enforcement of security policies without requiring intervention from the IT staff.
What’s Next?
For more information about our solutions integrated with Zscaler, including a how-to video and a comprehensive solution brief, please visit our partner page.