A free IoT scanner from BeyondTrust looks for at-risk devices so organizations can pinpoint and address vulnerabilities.

Kelly Sheridan, Former Senior Editor, Dark Reading

January 13, 2017

2 Min Read

Businesses will struggle to stay secure as the IoT permeates the workplace. An estimated 200 billion connected devices are projected to be in use by 2020, creating a broad new attack vector for cybercriminals.

"Properly discovering [risks], classifying them, and putting them under a vulnerability management practice is the only way to mitigate their risks," explains Morey Haber, VP of technology at BeyondTrust.

The Retina IoT (RIoT) Scanner, which the company released this week, is a free vulnerability assessment tool that displays IoT risk from an attacker's point of view. Businesses can use it to scan their perimeters and identify at-risk devices other tools may not detect.

Most IoT products lack embedded security measures. This group of devices has already become the target of malware, specifically Mirai, which demonstrated how organizations could be unaware of their devices being used for attack without searching DNS logs or other traffic.

The scanner helps businesses find devices that may be compromised before this happens, Haber explains.

Security pros can use vulnerability reports to learn the make and model of present IoT devices, the subnets they're on, which vulnerabilities are present, and whether they are contributing to Shadow IT projects; for example, a group of cameras or rogue devices being deployed by a specific user.

However, before you download, it's worth noting there are a few things RIoT doesn't do.

"While it does have prescriptive guidance for vulnerability remediation, it does not have automatic patch management like the rest of Retina for Windows devices," explains Haber.

He notes the FTC has offered a $100,000 award to a company that can discover an innovative way of managing and patching IoT devices, a problem that can be severe considering the diverse match of vendors and devices operating differently.

About the Author(s)

Kelly Sheridan

Former Senior Editor, Dark Reading

Kelly Sheridan was formerly a Staff Editor at Dark Reading, where she focused on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights