It’s the kind of story many of us grew up hearing: “Someday, your fridge will know what you need from the store before you do.”
We didn’t worry about things like firmware or attack surface. Now, the Internet of things (IoT) enables both today’s devices and potential attacks.
Today, some fridges do know what food you need to buy. Your doorbell has strong opinions about the company you keep. We’re all one spoken request away from getting the answer in a trivia debate. But, this is just an extension of what’s been happening in the workplace.
Operational technology (OT), IoT and Internet of Medical things (IoMT) have been shaping productivity for decades, and each device is becoming ‘smarter’ with every release. More and more, employers are asking security professionals to secure all these devices. This means bringing them into the world of IT and including them in our vulnerability management programs. Hop aboard this tour of this vast new sea of ours.
Uncharted Waters of IoT
The very first challenge on any IoT expedition, which we’ll call this voyage while also including OT and IoMT when we say it, is to locate and catalog the devices themselves. No surprise, then, that IoT scanners like X-Force for IoT, Nozomi, Cylera, Tenable.ot and Qualys IoT all use passive scanning. This type of scanning is actually listening — just like the microphones on a submarine — and it requires that we connect the solution to a place in our network where it can ‘hear’ everything. This is called a mirror port, a monitor session or a network tap depending on the vendor and context. These solutions earn their keep early on just by finding and ..
Support the originator by clicking the read the rest link below.
