Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
1/12/2017
02:45 PM
Kelly Sheridan
Kelly Sheridan
Quick Hits
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Free IoT Vulnerability Scanner Hunts Enterprise Threats

A free IoT scanner from BeyondTrust looks for at-risk devices so organizations can pinpoint and address vulnerabilities.

Businesses will struggle to stay secure as the IoT permeates the workplace. An estimated 200 billion connected devices are projected to be in use by 2020, creating a broad new attack vector for cybercriminals.

"Properly discovering [risks], classifying them, and putting them under a vulnerability management practice is the only way to mitigate their risks," explains Morey Haber, VP of technology at BeyondTrust.

The Retina IoT (RIoT) Scanner, which the company released this week, is a free vulnerability assessment tool that displays IoT risk from an attacker's point of view. Businesses can use it to scan their perimeters and identify at-risk devices other tools may not detect.

Most IoT products lack embedded security measures. This group of devices has already become the target of malware, specifically Mirai, which demonstrated how organizations could be unaware of their devices being used for attack without searching DNS logs or other traffic.

The scanner helps businesses find devices that may be compromised before this happens, Haber explains.

Security pros can use vulnerability reports to learn the make and model of present IoT devices, the subnets they're on, which vulnerabilities are present, and whether they are contributing to Shadow IT projects; for example, a group of cameras or rogue devices being deployed by a specific user.

However, before you download, it's worth noting there are a few things RIoT doesn't do.

"While it does have prescriptive guidance for vulnerability remediation, it does not have automatic patch management like the rest of Retina for Windows devices," explains Haber.

He notes the FTC has offered a $100,000 award to a company that can discover an innovative way of managing and patching IoT devices, a problem that can be severe considering the diverse match of vendors and devices operating differently.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/27/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11059
PUBLISHED: 2020-05-27
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.
CVE-2020-10936
PUBLISHED: 2020-05-27
Sympa before 6.2.56 allows privilege escalation.
CVE-2020-6774
PUBLISHED: 2020-05-27
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.
CVE-2020-13633
PUBLISHED: 2020-05-27
Fork before 5.8.3 allows XSS via navigation_title or title.
CVE-2020-10945
PUBLISHED: 2020-05-27
Centreon before 19.10.7 exposes Session IDs in server responses.