Cybersecurity company BeyondTrust has introduced its new Retina Internet of Things (RIoT) Scanner aimed at identifying devices that are susceptible to a compromise and could lead to an attack.
Powered by Retina, BeyondTrust’s vulnerability management offering, and delivered by its cloud interface, RIoT gives organizations an attacker’s view of their IoT risk across the entire perimeter. The scanner is available for free download.
Morey Haber, BeyondTrust’s vice president of technology, tells us that, based on the information provided by the scanner, users can assess the risk and follow the guidance Retina recommends to ensure the device is not exploited in the first place.
"Organizations typically have an acceptable use or BYOD policy for bringing devices into the organization and connecting them to the corporate network," he said. "Unfortunately, many times these policies are ignored and their implementation leads to shadow IT from a single device to a network of cameras. These devices can operate nearly silently with very few TCP/IP listening ports open and evade traditional network monitoring and scanning solutions.
"The Retina IoT scanner is designed to identify these devices, properly categorize the manufacturer and product, and assess them for risks from default passwords to known vulnerabilities. It allows organizations to enforce acceptable use policies and identify when they have been violated on wired and wireless networks."
IoT devices have recently come under siege from a new breed of malware, most notably Mirai. Devices generally operate unmanaged and mostly unknown, and typically lack any built-in security or mechanisms for programmatically making device-level changes, all of which make them a significant vulnerability on the network, according to BeyondTrust.
With RIoT, enterprises can: check for default and hard-coded credentials used with Telnet, SSH or basic HTTP authentication; generate IoT vulnerability reports and remediation guidance; and run free enterprise-grade cloud-based scans with nothing to purchase, install or maintain.
"Because IoT devices are connected to the wild, and to each other, not only are they vulnerable to attack, but the data that they produce and the applications that support them are also potential attack vectors," said Brad Hibbert, BeyondTrust’s CTO.
— Edward Gately, Contributing Editor, Channel Partners
IoT security is just one of the many topic areas to be covered at Internet of Things World 2017. Apply to speak, sponsor, book or attend the exhibition for free at the world's biggest IoT event this May!