A free IoT scanner from BeyondTrust looks for at-risk devices so organizations can pinpoint and address vulnerabilities.
Businesses will struggle to stay secure as the IoT permeates the workplace. An estimated 200 billion connected devices are projected to be in use by 2020, creating a broad new attack vector for cybercriminals.
"Properly discovering [risks], classifying them, and putting them under a vulnerability management practice is the only way to mitigate their risks," explains Morey Haber, VP of technology at BeyondTrust.
The Retina IoT (RIoT) Scanner, which the company released this week, is a free vulnerability assessment tool that displays IoT risk from an attacker's point of view. Businesses can use it to scan their perimeters and identify at-risk devices other tools may not detect.
Most IoT products lack embedded security measures. This group of devices has already become the target of malware, specifically Mirai, which demonstrated how organizations could be unaware of their devices being used for attack without searching DNS logs or other traffic.
The scanner helps businesses find devices that may be compromised before this happens, Haber explains.
Security pros can use vulnerability reports to learn the make and model of present IoT devices, the subnets they're on, which vulnerabilities are present, and whether they are contributing to Shadow IT projects; for example, a group of cameras or rogue devices being deployed by a specific user.
However, before you download, it's worth noting there are a few things RIoT doesn't do.
"While it does have prescriptive guidance for vulnerability remediation, it does not have automatic patch management like the rest of Retina for Windows devices," explains Haber.
He notes the FTC has offered a $100,000 award to a company that can discover an innovative way of managing and patching IoT devices, a problem that can be severe considering the diverse match of vendors and devices operating differently.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024