Identify and Protect IoT Devices Vulnerable to Ripple20
What you Need to Know About Ripple20: a Conversation With Shlomi Oberman from Jsof
According to Gartner, “over 80% of organizations currently use IoT to solve business use cases, and almost 20% of organizations have already detected an IoT-based attack in the past three years.”1 By now, you’ve heard about Ripple20 – the collective group of vulnerabilities in a widely used Transmission Control Protocol/Internet Protocol (TCP/IP) software library developed by Treck Inc., and discovered by a team at JSOF.
JSOF partnered with Vedere Labs to use Forescout’s Device Cloud, a unique data lake with information from more than 12 million devices categorized in more than 150 device types, to identify potentially impacted vendors and devices. Tens of millions of devices across over 50 vendors may be affected, exposing a complex supply chain for IoT devices. Additionally, threat actors could execute remote commands against devices connected to the internet, compromise them and move laterally within the network to access or infect other devices.
How do security teams respond swiftly to identify and mitigate these vulnerable devices?
Join us for a lively conversation with Shlomi Oberman (JSOF) and Daniel dos Santos (Forescout) as they explain:
- What really is Ripple20? – a deep dive into discovered vulnerabilities
- The impact on the supply chain and the impacted vendors
- How to mitigate the risks – even in environments where these devices cannot be patched
- What vendors and security teams must do next to limit their exposure
1 Gartner – IoT Security Primer: Challenges and Emerging Practices, 6 January 2020
