Optiv Security unveiled its Enterprise Internet of Things (IoT) Lab in response to a growing and ever-present pain point for client security leaders – the proliferation of IoT devices on organizational networks.
Chief information security officers (CISOs) are dealing with sizeable blind spots and have expressed the clear need for support in discovering those devices and bringing them into their existing vulnerability management programs with an expanded objective of total network protection that goes beyond simple device discovery and assessment.
Optiv’s Enterprise IoT Lab will:
- Show organizations how to discover IoT devices present in their environment, assess devices for vulnerabilities, and mitigate outstanding security issues.
- Provide a baseline platform for development of automated vulnerability management and incident response solutions for IoT.
- Position IoT/OT/ICS security solutions where their integrations into other technologies can be developed and tested end-to-end.
“Current technologies focused on traditional network assets can fall short when trying to assess IoT targets, and solutions focused on the OT/ICS space don’t always integrate with the enterprise vulnerability management solutions,” said Sean Tufts, practice director, IoT Security, Optiv.
“We’re now able to prove out these solutions in an environment that provides access to a wide spectrum of partner technologies.”
Optiv has partnered with Palo Alto Networks, Tenable, and Armis to highlight how these solutions react in a real-world environment of live devices. In addition, Gigamon has been leveraged to enable each solution’s monitoring requirements.
“Our Unit 42 IoT threat research, based on analysis of 1.2 million devices, found that nearly 98 percent of IoT traffic is unencrypted and more than half of all IoT devices are susceptible to severe cyber-attacks.
“This is why a prevention-first approach is the need of the hour instead of alert-only solutions,” said Muninder Singh Sambi, senior vice president, product management, Palo Alto Networks. “Optiv’s Enterprise IoT Lab is a welcomed development.”
The Lab will drive solutions from real-world sources and/or data supplied from a client environment.
More than 50 common corporate IoT targets are in the environment and will be tested and demonstrated on to highlight vulnerability management best practices in live-time as they relate to source (insiders, third parties, bad actors) and threat (unsecured remote access, weak passwords, legacy technologies, pre-installed spyware, hackable devices).
“Optiv has substantial experience in embedded device vulnerability analysis,” said Mark Thurmond, chief operating officer, Tenable.
“We’re excited to be a part of Optiv’s IoT lab to lend our converged IT/OT expertise in exploitation techniques and best practices to continue driving innovation in the IoT security space for our shared clients.”