IoT Deployments Often Rely on Isolated Networks and Sub-Nets: How to Secure the Expanding Attack Surface

The Internet of Things (IoT) promises to revolutionise business processes, offering unprecedented efficiency and new ways to engage customers. However, a critical challenge lurks beneath the surface: IoT security isolated networks and sub-nets are becoming the norm, creating a complex landscape for network defenders. According to a recent Quocirca report covering the UK and German-speaking regions, 68% of organisations already see IoT making an impact or expect it to do so soon. Yet, as deployments grow, so does the attack surface—and traditional security measures are struggling to keep pace.

Understanding IoT Sub-Nets and Their Security Implications

In many IoT deployments, devices are not directly connected to the corporate network. Instead, they operate on IoT sub-nets—isolated segments where communication flows through a central hub. For example, a well-configured home network places all smart devices behind a secure router. In enterprise settings, however, most IoT endpoints attach directly or indirectly to the main network. This creates a headache for security teams: a rapidly expanding attack surface that is difficult to monitor.

Network administrators often feel confident identifying and controlling traditional devices like PCs and printers. But as more unusual IoT gadgets—sensors, smart locks, environmental monitors—join the mix, the challenge intensifies. Many of these devices run lightweight operating systems such as TinyOS or Nano-RK, designed for low energy use and limited processing power. This means they cannot support standard endpoint security agents, leaving a gap in visibility.

The Agentless Security Challenge in IoT Deployments

One of the biggest hurdles in IoT security isolated networks is the inability to install software agents on devices. In the past, when most network-attached devices ran Windows or Linux, agent-based management was feasible. However, the rise of BYOD (bring your own device) and guest access has already pushed organisations toward agentless approaches. Now, IoT compounds the problem: fewer than 4% of survey respondents said agentless support was unimportant, yet 12% still rely on specialist agents, while a staggering 72% depend on rudimentary controls like network passwords or Wi-Fi keys.

This unsatisfactory situation explains why 45% of organisations plan to deploy new network security technology within 18 months. Among those expecting IoT to play a larger role, that figure jumps to 54%. The need for continuous, real-time visibility of every device—known or unknown—is urgent. Fortunately, Network Access Control (NAC) technology has evolved to meet this demand.

How NAC Technology Addresses IoT Security Gaps

NAC solutions have been used for years to identify and control how traditional IT devices join corporate networks. Now, vendors are adapting NAC for the IoT era. ForeScout Technologies, which sponsored Quocirca’s latest research, claims to lead this adaptation with agentless discovery and classification, automated policy-based controls, and integration with other security products. Other key players include Cisco, Aruba (now part of HP), Pulse Secure, Bradford Networks, Trustwave, and Portnox.

These tools can enforce policies without requiring agents on IoT devices—a critical capability given the diversity of operating systems. For example, a sensor running TinyOS can be automatically quarantined if it exhibits suspicious behaviour, without any manual intervention. This is essential for maintaining agentless network security across isolated sub-nets.

Building a Future-Proof IoT Security Strategy

To prepare for the coming wave of IoT devices, organisations must act now. Start by assessing your current network architecture: identify which sub-nets host IoT endpoints and how they connect to the corporate backbone. Implement NAC technology that offers agentless visibility and policy enforcement. As the Quocirca report highlights, only 37% of firms have well-established IoT policy controls in place—meaning the majority have room for improvement.

Consider integrating your NAC solution with existing security tools, such as SIEM systems or firewalls, to create a unified defence. For more insights, explore our guide on IoT network segmentation best practices and learn how to deploy agentless security for smart devices. Remember, the time to adapt is now—before the next wave of connected devices overwhelms your defences.