The modern enterprise is rapidly evolving from an on-prem network with a hard-shell security perimeter to a network of networks – and the diverse devices that form them. Are there devices that stand out as higher risk? If so, what is the business impact and how do we manage the risk?
In this first edition of The Enterprise of Things Security Report, Forescout Research Labs assessed the risk posture of over 8 million devices deployed across five verticals: Financial Services, Government, Healthcare, Manufacturing and Retail. This meticulous audit of IoT-heavy applications and industries has allowed us to accurately identify points of risk inherent to device types, industry sectors and cybersecurity policies.
A connected world has made various industries highly efficient, more profitable and safer. However, companies must accelerate in areas of cybersecurity innovation and investment. Malicious cyber actors continue to innovate at a rapid pace while the attack surface of financial services, government, healthcare, manufacturing and retail simultaneously expands. The risk of lateral movement of malware between disparate networks and areas of the business threatens everything from the data center to the production line. Successful enterprise businesses will emerge and thrive from their ability to provide goods and services more efficiently and predictably – and holistic cybersecurity will be a cornerstone to that end.
Since devices don’t enter the network without interactions, we must analyze device risk in the context of how the device is used along with the services, applications and users that interact with it. Our report uses a unique method of quantifying this risk. For example, a device with a known vulnerability presents an elevated risk when connected to medical end devices or the CMDB of a bank. As IoT device usage soars, unsurprisingly, these devices produced the highest risk.
So what are the risks, where are they and what can you do about them? Reading the report (and not just the blog) is a great first step, but here’s a quick recap of what we found. Stepping down hierarchically:
For more findings, including valuable information on OS-related risks and a deep dive into the riskiest devices from the Forescout Device Cloud, download the report here.
Once you understand the riskiest devices on your network, it’s essential to manage the risks they pose. The Zero Trust framework has emerged as the foundational best practice to do just that.
Forescout’s zero trust approach to managing IoT risk involves the following best practices:
About Forescout Device Cloud
Forescout Device Cloud is one of the world’s largest repositories of connected enterprise device data –including IT, OT and IoT device data – and the number of devices it contains grows daily. The anonymous data comes from Forescout customer deployments and, at the time of this report’s publication, contains information from approximately 12 million devices from more than 1,200 global customers.
Learn more about IoT Risk and mitigation techniques by downloading the report here.
You can read the original article in Forescout website.