I believe the best protection is to have a powerful updated router or firewall with virtual LAN Capabilities. Separate vulnerable devices (IOT) from other devices.
Have all inbound connection blocked (UPnP Turned off) for VLAN with IOT Devices. Use Zerotier or a VPN service for remote connections.