Businesses will struggle to stay secure as the IoT permeates the workplace. An estimated 200 billion connected devices are projected to be in use by 2020, creating a broad new attack vector for cybercriminals.
"Properly discovering [risks], classifying them, and putting them under a vulnerability management practice is the only way to mitigate their risks," explains Morey Haber, VP of technology at BeyondTrust.
The Retina IoT (RIoT) Scanner, which the company released this week, is a free vulnerability assessment tool that displays IoT risk from an attacker's point of view. Businesses can use it to scan their perimeters and identify at-risk devices other tools may not detect.
Most IoT products lack embedded security measures. This group of devices has already become the target of malware, specifically Mirai, which demonstrated how organizations could be unaware of their devices being used for attack without searching DNS logs or other traffic.
The scanner helps businesses find devices that may be compromised before this happens, Haber explains.
Security pros can use vulnerability reports to learn the make and model of present IoT devices, the subnets they're on, which vulnerabilities are present, and whether they are contributing to Shadow IT projects; for example, a group of cameras or rogue devices being deployed by a specific user.
However, before you download, it's worth noting there are a few things RIoT doesn't do.
"While it does have prescriptive guidance for vulnerability remediation, it does not have automatic patch management like the rest of Retina for Windows devices," explains Haber.
He notes the FTC has offered a $100,000 award to a company that can discover an innovative way of managing and patching IoT devices, a problem that can be severe considering the diverse match of vendors and devices operating differently.