The modern enterprise is rapidly evolving from an on-prem network with a hard-shell security perimeter to a network of networks – and the diverse devices that form them. Are there devices that stand out as higher risk? If so, what is the business impact and how do we manage the risk?
In this first edition of The Enterprise of Things Security Report, Forescout Research Labs assessed the risk posture of over 8 million devices deployed across five verticals: Financial Services, Government, Healthcare, Manufacturing and Retail. This meticulous audit of IoT-heavy applications and industries has allowed us to accurately identify points of risk inherent to device types, industry sectors and cybersecurity policies.
About Forescout Device Cloud
Forescout Device Cloud is one of the world’s largest repositories of connected enterprise device data –including IT, OT and IoT device data – and the number of devices it contains grows daily. The anonymous data comes from Forescout customer deployments and, at the time of this report’s publication, contains information from approximately 12 million devices from more than 1,200 global customers.
A connected world has made various industries highly efficient, more profitable and safer. However, companies must accelerate in areas of cybersecurity innovation and investment. Malicious cyber actors continue to innovate at a rapid pace while the attack surface of financial services, government, healthcare, manufacturing and retail simultaneously expands. The risk of lateral movement of malware between disparate networks and areas of the business threatens everything from the data center to the production line. Successful enterprise businesses will emerge and thrive from their ability to provide goods and services more efficiently and predictably – and holistic cybersecurity will be a cornerstone to that end.
Risk with business context
Since devices don’t enter the network without interactions, we must analyze device risk in the context of how the device is used along with the services, applications and users that interact with it. Our report uses a unique method of quantifying this risk. For example, a device with a known vulnerability presents an elevated risk when connected to medical end devices or the CMDB of a bank. As IoT device usage soars, unsurprisingly, these devices produced the highest risk. See our recent blog related to the Ripple20 announcement.
So what are the risks, where are they and what can you do about them? Reading the report (and not just the blog) is a great first step, but here’s a quick recap of what we found. Stepping down hierarchically:
- The riskiest device groups from our Device Cloud data include smart buildings, medical devices, networking equipment and VoIP phones. IoT devices, which can be hard to monitor and control, exist in every vertical and present risk to modern organizations, both as entry points into vulnerable networks, or as final targets of specialized malware.
- The device types posing the highest level of risk are those within physical access control systems. These devices are ubiquitous and literally open the doors to the physical world, bridging the gap between cyber and physical realms. According to our data sample, physical access control solutions are the systems at the highest risk due to the presence of many critical open ports, abundant connectivity with risky devices and the presence of known vulnerabilities.
- Other top-10 riskiest device types include medical devices and networking equipment. These devices – especially medical devices – have an enormous potential impact if compromised, and frequently have critical open ports that expose dangerous services on the network.
For more findings, including valuable information on OS-related risks and a deep dive into the riskiest devices from the Forescout Device Cloud, download the report here.
Forescout’s Zero Trust approach to managing risk
Once you understand the riskiest devices on your network, it’s essential to manage the risks they pose. The Zero Trust framework has emerged as the foundational best practice to do just that.
Forescout’s zero trust approach to managing IoT risk involves the following best practices:
- Complete network visibility – a critical component for identifying and classifying IoT and other devices on the campus network, in the data center and the cloud. Actionable visibility provides the weapons that security teams need to proactively protect devices.
- By designing trust zones for IoT devices before putting them on the network, you can define appropriate communication policies for those devices and detect any anomalous activity, thus limiting the risk exposure and reducing the blast radius.
- Continuous monitoring is vital for detecting any configuration changes. With passive detection capabilities, IoT devices can be watched carefully, reducing potential business disruptions. Should an incident occur, the appropriate automated response can swiftly mitigate the incident and prevent the impact from spreading across the enterprise.
Learn more about IoT Risk and mitigation techniques by downloading the report here.