Protecting against unauthorized access to IoT devices

A method for network protection includes monitoring data packets transmitted to and from an IoT device (24, 26, 28, 30) over a network (38, 46). Based on the monitored data packets, a set of one or more endpoints (42, 44) that are authorized to communicate with the IoT device via the network is identified. Among the monitored data packets, an attempt to communicate with the IoT device by an endpoint (52) that is not a member of the identified set is detected. Responsively to detecting the attempt, a protective action is performed at a guard location in the network, between the endpoint and the IoT device, so as to mitigate unauthorized communications with the IoT device.