Simplify IoT profiling and deployment with Cloudi-Fi and Zscaler. Automate device profiling, ensure security, and streamline onboarding. Explore now!

Overview

Comprehensive understanding and management are essential to managing the growing adoption of IoT and addressing the challenges of untrusted device connectivity. The Cloudi-Fi framework's identification and profiling capabilities allow for seamless enforcement of security profiles within the Zscaler stack.

The primary goal of the Cloudi-Fi IoT framework is to provide a hassle-free experience by automatically identifying devices as they connect to the network. This identification process enables assigning a ZIA (Zscaler Internet Access) security profile that aligns with the device’s minimal operational requirements. As a result, potential malicious activities by the device are restricted and mitigated.

Understanding IoT operations with Cloudi-Fi and Zscaler

IoT Security Simplified thanks to Sublocation-Based Security Profiles & Automated Profiling with Cloudi-Fi DHCP Fingerprinting.

Sublocation-based security profiles for robust protection

When a device appears on the network, the initial action is to request an IP address lease from the DHCP server. Since most IoT devices lack authentication capabilities, the IP address becomes the sole identifying information for configuring security rules.

In legacy networks, wireless IoT devices of the same type are typically grouped by SSID, while wired IoT devices are connected to specific switch ports. These manual operations necessitate significant configuration efforts for each device. Moreover, the number of SSIDs should be limited to maintain optimal performance.

Cloudi-Fi streamlines the IoT onboarding process and simplifies network management. It automatically uses the DHCP process to assign an IP address based on the device category.

Within the Zscaler framework, a sublocation is automatically assigned to each IoT category and linked to a corresponding security profile.

Automated device profiling through Cloudi-Fi DHCP fingerprinting

Cloudi-Fi's automated profiling goes beyond assigning a security profile to devices and enables device identification in advance. When a device initiates the DHCP process, the initial DHCP request and subsequent IP address lease renewals contain a wealth of device information, including transmitted options, parameters, and MAC address.

To achieve the desired level of precision and adaptability in device identification, network and security administrators establish rules and methods for filtering and interpreting the DHCP/MAC data set. These include static DHCP profiling, automated DHCP filtering using crowd and AI-based techniques, and vendor and static MAC addresses.

How to manage the DHCP service

Streamlined device management 

Cloudi-Fi offers a cloud-based DHCP service that is accessible anywhere. This service provides network administrators with a unified interface to manage all connected devices. This centralized control allows for visualizing and automating DHCP configurations from a single location. Cloudi-Fi supports DHCP for IoT devices and managed and unmanaged devices across the network. DHCP serves not only as a means for IoT profiling but also facilitates the management of various device types.

Network configuration parameters delivered through DHCP can be customized at different levels of the network hierarchy, including global, per location, per subnet, and security profile pool.

DHCP pools are automatically inherited from security profile configuration

We end up with individual devices being classified into their security profiles and getting an IP address corresponding to this profile.

Instant security automation through Zscaler Integration

Cloudi-Fi collaborates with Zscaler as a technology partner, enabling a comprehensive solution for seamlessly onboarding untrusted devices onto the corporate network. These devices are automatically identified and secured based on their profiles within ZIA. Cloudi-Fi and Zscaler function as a unified solution, conducting identification, profiling, and enforcement of security policies without requiring intervention from the IT staff.

What’s next?

Please visit our partner page for more information about our solutions integrated with Zscaler, including a how-to video and a comprehensive solution brief.