How WootCloud Customers Avert Log4j Exploits

Blog
Contact Us

WootCloud Blog

What’s Next Has Arrived: Intelligent Automation for Security and Operations Focused on Devices and IoT


What We Do

We do security and operations automation with a focus on devices and IoT and are highlighting the confluence of IoT/5G/Work-from-anywhere resulting in a material increase in IoT threats has arrived.

Our customers, prospects, partners and more find value in our AI-engine and Data modeler for device and IoT to create a foundation for solving many large problems including – security problems around Risk and Threat, Access Control and Microsegmentation, and IT Asset management.

We do this by profiling every user, device, connection, workflow, and more then analysing and acting on anomalies in baselined behavior to understand and uncover security and operational automation and management risks and opportunities.


Research and Industry Leaders Agree – “What’s Next” is Happening

Palo Alto Networks recently reported on the increasing penetration of “non-business” IoT devices inside business networks. Devices such as smart lightbulbs, heart monitors, gym equipment, coffee machines, game consoles, and even internet-connected pet feeders may not rise to the level in organizations’ threat models. This has become problematic because the security controls in consumer IoT devices are minimal. Fierce competition among manufacturers to keep their IoT prices low has lead to less security investment. 

COVID-19 and its impact have made it harder to keep IoT devices secure as limited visibility and harder to manage remote work.

Nearly all respondents (96%) who have IoT devices connected to their network reported their approach to IoT security requires an improvement, with one in four (25%) indicated the requirement for an IoT security strategy overhaul. You can read more about it here.

Re Forrestor, the use of unmanaged and IoT devices in enterprises is growing every day across every industry. With an estimated compound annual growth rate (CAGR) of 30%, it is forecast that around 18 billion IoT devices will be in use by 2022.

According to Forrester, and also by 2022, Intelligent Automation (IA) will generate $134 billion in labor value by enabling businesses to shift staff, skills and investment toward critical functions such as innovation, augmenting the customer experience or operational efficiency.

State Of Enterprise IoT Security Unmanaged And Unsecured, Forrester, 2019


Enterprises and Security Professionals are Concerned about Securing IoT and Devices

With 69% of enterprises claiming to have more IoT devices on their networks than computers, and 84% of security professionals believe IoT devices are more vulnerable than computers.

The security threat is real and far reaching, and the scale and sophistication needed to see, assess, and respond to a threat arising for IoT – manufactured by hundreds of vendors, installed by the thousands across enterprises and organizations, typically without security agents, is formidable.

With MediaTek audio firmware, AT&T and Ewdoor, and now HP Printer (detailed below) related attacks hitting the press this week alone, what we have predicted was coming, is safe to say has arrived.

The threat is so real in fact that also this week, the FDA, MITRE Corp., and the Medical Device Innovation Consortium (MDIC) have released a Playbook for Threat Modeling Medical Devices which discusses best practices to help manufacturing organizations better understand threat modeling concepts and processes and how to apply them to medical devices.

HP CVEs –  150 Printer Models with Severe Wormable Security Vulnerabilities

150 distinct HP Inc. multi-functional printers (MFPs) were discovered to have severe wormable vulnerabilities in news released Tuesday. These could be exploited by an opponent to hold the power of susceptible devices, steal delicate data, and invade networking equipment to launch other malicious activity.

Two flaws are noted in CVE-2021-39237 and CVE-2021-39238, the first being a flaw in HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers, and the second, CVE-2021-39238, a buffer overrun weakness that has been discovered in certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed devices.

In a potential threat approach, an exploit for the font-parsing weaknesses may be placed in an infected PDF file, followed by social engineering the victim into printing the document. In a cross-site printing exploit, staff from the targeted organization could be tricked into entering a pirate website, which would then transmit the vulnerability to the susceptible MFP directly through the web browser. You can get more detail here.


Recommendations

The Palo Alto Networks report offers two sets of recommendations for you:

Top 5 IoT security tips for the enterprise:

    • Know the unknowns. Get complete visibility into all IoT devices connected to the enterprise. An effective IoT security solution should be able to discover the exact number of devices connected to your network, including the ones you are aware and not aware of—and those forgotten. This discovery helps collect an up-to-date inventory of all IoT assets.
    • Conduct continuous monitoring and analysis. Implement a real-time monitoring solution that continuously analyzes the behavior of all your network-connected IoT devices to contextually segment your network between your IT and IoT devices—and their workloads. Securing and managing WFH setups as branch extensions of the enterprise require a new approach.
    • Implement Zero Trust for your IoT environments. An IoT security strategy should align with the principle of Zero Trust to enforce policies for least-privileged access control. From there, look for an IoT security solution that leverages your existing firewall investment for comprehensive and integrated security posturing. Running in conjunction with the capabilities of your firewall, the solution should automatically recommend and natively enforce security policies based on the level of risk and the extent of untrusted behavior detected in your IoT devices. Additionally, a point solution can extend a corporate network and bring unified security policy management and SASE to WFH employees.
    • Take swift action to prevent known threats. The diverse nature of IoT devices creates a highly-distributed environment in your network with numerous points of compromise. Look for a threat prevention mechanism that uses payload-based signatures to block advanced threats on your IoT devices. This will ensure the most up-to-date security posture and defense against known threats for rapid, real-time responsiveness to anomalous IoT device vulnerabilities and weaknesses across your network.
    • Implement fast detection and rapid response to unknown threats. An IoT security solution should be capable of drawing from a cloud-delivered threat intelligence engine that delivers real-time malware analysis and protections from zero-day attacks to your IoT devices. Tapping into this data saves your IT security team valuable time by leveraging IoT identity information, risk scores, vulnerability data, and behavioral analytics to investigate never-heard-before threats unique to your IoT environment right from the outset. 

Top 5 IoT security tips for WFH employees:

    • Get more familiar with your router. All of your IoT devices likely connect to the internet through your router. Start by changing defaults—the settings every router comes with—to something unique. You can encrypt your network by simply updating your router settings to either WPA3 Personal or WPA2 Personal.Get more familiar with your router. All of your IoT devices likely connect to the internet through your router. Start by changing defaults—the settings every router comes with—to something unique. You can encrypt your network by simply updating your router settings to either WPA3 Personal or WPA2 Personal.
    • Keep track of which devices are connected. You can access your router’s web interface and look for “connected devices,” “wireless clients,” or “DHCP clients” to see a list and disconnect older devices you no longer use and disable remote management on the devices where you don’t need it. 
    • Segment the home network. Network segmentation is not only for large corporations. You can segment your home network by creating a guest Wi-Fi network. The easiest way to do this is to have IoT devices use a guest Wi-Fi network while other devices use the main network. This helps to logically group devices in your home and isolate them from each other. Keeping them on a separate network makes it difficult to get to your computers from a compromised IoT device.
    • Use two-factor authentication. If a device offers two-factor authentication (a password plus something else like a code sent to your phone or a thumbprint scan), use it.
    • Enable security updates. Optimize the protection for IoT devices, even your router, when prompted for security updates. Most IoT devices offer software updates that often patch known vulnerabilities and issues. Make sure to “accept” when a device prompts you for a scheduled update. 

The importance of implementing security solutions, practices, and controls involves people, processes, and technology as we have mentioned over the years. Ensuring your solution(s) can identify and protect IoT devices cannot be underestimated.

The confluence of IoT/5G/Work-from-anywhere basically guarantees that business leaders and employees are considering more connected IoT devices in the future. 

Business Value

We do security and operations automation with a focus on devices and IoT.

Our customers and prospects find value in our AI-engine and Data modeler for devices and IoT creates a foundation for solving many large problems including – security problems around Risk and Threat, Access Control and Microsegmentation, and IT Asset management.

Our mission, like yours, is to provide your employees/faculty/partners, customers/students/patients, and more with a safer, more user-friendly and more secure work environment by:

  • Giving Full Visibility – with RF and Network sensors seeing 100% of your devices and infrastructure encompassing all stages of attack – infiltration, persistence, and exfiltration
  • Reducing Mean Time to Resolution (MTTR ) on IT Issues– with AI/ML-powered, automated remediation that drives >70% reduction in threat hunting times
  • Boosting User Experience – by reducing support ticket volumes, lowering alert noise for a >60% gain in operational efficiency (~1.4 FTE Service Savings per site/ per shift)

Each of these benefits on their own can offer 5-6 figure USD savings per year, shortening the payback period on your investment.

The perfect cybersecurity storm has arrived. Consider intelligent device and infrastructure security today.

To learn more in a zero touch, no obligation Demo or POC, please contact us.

Share this post with your network.

Share on linkedin
LinkedIn
Share on twitter
Twitter
Share on facebook
Facebook
Contributing Authors:

Andreas Stenzel

Share this post with your network.

Share on linkedin
Share on twitter
Share on facebook
© 2022 WootCloud Inc. a Netskope company. All rights reserved.
Twitter Linkedin-in
© 2019 WootCloud Inc. All rights reserved.

This website uses cookies to ensure you get the best experience on our website.

got it