K

Kathleen Martin

Guest
Today's enterprise networks are complex environments with different types of wired and wireless devices being connected and disconnected. The current device discovery solutions have been mainly focused on identifying and monitoring servers, workstation PCs, laptops and infrastructure devices such as network firewalls, switches and routers, because the most valuable information assets of organizations are being stored, processed and transferred over those devices, hence making them the prime target of security breaches and intrusions.
However, a new trend has been emerging in the past four years, where attackers have been targeting purpose-built connected devices such as network printers and video conferencing systems as an entry point and data exfiltration route.
These devices cannot be identified properly by the current IT asset discovery solutions for the following main reasons:
  • Proprietary protocols are often used for managing and monitoring such devices that are not known to the asset discovery solution.
  • Agent-based asset discovery is not possible because most of the connected devices are resource-constrained systems with proprietary operating systems that do not allow the installation of discovery agent software on them.
Firmalyzer's IoT vulnerability assessment solution (IoTVAS) overcomes these limitations and provides:
  • Accurate identification of connected device manufacturer, model name, device type, device end of life status, firmware version, and firmware release date
  • Real-time Firmware bill of materials (BOM) report that lists software components and libraries inside the firmware code of each device without requiring the user to upload device firmware files.
  • Identification of publicly unknown vulnerabilities of the device that includes vulnerable 3rd party components, default credentials, crypto keys, certificates, and default configuration issues
  • Identification of the publicly known vulnerabilities (CVEs) of the device
IoTVAS can operate as a standalone IoT discovery and risk assessment solution or be integrated into existing IT asset discovery, network port scanners, and IT vulnerability scanning tools via IoTVAS REST API.
Continue reading: https://thehackernews.com/2022/02/iotconnected-device-discovery-and.html