What You Need to Know about Ripple20: A Conversation with Shlomi Oberman from JSOF
According to Gartner, “over 80% of organizations currently use IoT to solve business use cases, and almost 20% of organizations have already detected an IoT-based attack in the past three years.” 1 By now, you’ve heard about Ripple20 – the collective group of vulnerabilities in a widely used Transmission Control Protocol/Internet Protocol (TCP/IP) software library developed by Treck Inc., and discovered by a team at JSOF.
JSOF partnered with Forescout Research Labs to use Forescout’s Device Cloud, a unique data lake with information from more than 12 million devices categorized in more than 150 device types, to identify potentially impacted vendors and devices. Tens of millions of devices across over 50 vendors may be affected, exposing a complex supply chain for IoT devices. Additionally, threat actors could execute remote commands against devices connected to the internet, compromise them and move laterally within the network to access or infect other devices.
How do security teams respond swiftly to identify and mitigate these vulnerable devices?
Join us for a lively conversation with Shlomi Oberman (JSOF) and Daniel dos Santos (Forescout) as they explain:
1 Gartner – IoT Security Primer: Challenges and Emerging Practices, 6 January 2020
New Ripple20 Resources
Identify & Protect Your Organization
Learn more about affected devices and vendors and how Forescout played a role in the disclosure process.
Ripple20 Frequently Asked Questions
Get all your questions answered in the this FAQ about Ripple20 vulnerabilties in order to mitigate risk to your organization.
Detect & Segment Vulnerabilities
Learn how to use Forescout’s Ripple20 policy to detect and segment vulnerable devices in this short how-to video.
