IoT Device Discovery & Security: How Important Is It?

Kamal R -
iot device discovery
Illustration: © IoT For All

The Internet of Things (IoT) ecosystem has given consumers access to a world of possibilities, but it also comes with certain security risks. With IoT devices constantly monitoring and collecting data concerning the user and device behavior, the probability of malicious or ransomware attacks by hackers and other ill-intended entities has increased. In fact, according to Kaspersky, some 1.51 billion IoT breaches occurred in the first six months of 2021, with most using the telnet remote access protocol. Device discovery tools and IoT security solutions help address the said security challenges for consumer-level and industrial applications.

IoT security systems are indeed needed to protect end-users from cyber threats. The former allows the latter to leverage the power of IoT devices and networks while having complete control over their sensitive personal data. IT and security professionals need systems that help them discover devices and effectively mitigate potential threats.

The Role of IoT Device Discovery Discovery & Security

With the increased use of connected gadgets, it has become more obvious that most of them still have little or no security features in place. They are vulnerable and can easily be compromised by hackers, giving them remote access to our sensitive personal details.

In fact, cyber threat is bound to grow as the usage of IoT devices reaches 75 billion by 2025. Naturally, specific measures have to be taken to keep cyberattacks to a minimum. Most system admins have limited knowledge about the devices trying to connect to the web through their local network. Even visitors or passers-by carry devices programmed to detect networks in their vicinity. These devices are continuously trying to connect with the available corporate network. It is nearly impossible to vet and register every device manually. In addition, you may even accidentally approve unknown malicious devices.

Dynamic IoT device discovery and profiling automate identifying processes that allow specific devices on the network. These IoT security solutions offer much-needed protection to your network, while IoT device discovery forms the critical foundation in establishing security. Both can be included as modules within routers, gateways, UTMs, and other similar devices that allow inbound and outbound network traffic because these tools are backed by a knowledge base, which helps detect new devices even without any foreknowledge of them.

IoTVAS: Assessment Solution

Long for IoT vulnerability assessment solution, IoTVAS assists enterprises with their vulnerability management program by sifting through device inventory and making asset discovery. It can also be integrated with their existing IT asset management solutions, network port scanners, and IT vulnerability scanning tools to identify connected devices.

The real-time vulnerability assessment of all devices is performed based on fingerprints derived from the device network service banners. Detection accuracy can be improved by using Media Access Control (MAC) and the device fingerprint, though it is not a mandatory requirement for IoTVAS. It also eliminates the need to install software agents on devices or network traffic collection.

IoTVAS empowers existing security tools to improve performance and proactively detect high-risk connected devices. The IoTVAS fingerprints database can be continuously updated with new device fingerprints. These are gathered by an in-house security research team and based on the incoming API request. IoTVAS uses one of the following features to identify IoT devices and generate their fingerprint:

  • SysObjectID object identifier (OID), string of the Simple Network Management Protocol (SNMP)
  • Raw response of the device webserver (HTTP and HTTPS services)
  • Universal Plug and Play (UPnP) discovery response
  • Optional MAC address of device network interface
  • File Transfer Protocol (FTP) service banner
  • SysDescr OID, string of the SNMP service
  • Telnet service banner
  • Device hostname

The lightweight network service identification software in IoTVAS enables it to detect Ethernet devices on the target network with ease. It can also be integrated into your existing security tools through its REST API endpoint, which ensures enhanced security by accurately identify the device manufacturers, type, model name, and end-of-life status of the device. It also provides the firmware version and its release date.

Vulnerability assessment of identified devices is conducted safely and in-depth. Both publicly known vulnerabilities (CVE) and unknown vulnerabilities are detected, and any vulnerable third-party components, crypto keys, certificates, default credentials, and default configuration issues in device firmware code are reported.

IoTVAS: Security Audit

IoTVAS is more than just a simple database for CVEs. It goes beyond that to provide you with detailed information about your devices and their underlying firmware. A proprietary risk knowledge base allows IoTVAS to retrieve firmware bills of materials. It conducts detailed risk analysis, including vulnerable third-party firmware components such as “crypto libraries” (OpenSSL and GnuTLS), “network services” (UPnP server, webserver), “client tools” (busybox), and “Linux OS kernel.”

As a security audit service, IoTVAS provides insight into the vulnerabilities of your IoT devices. It can identify crypto keys embedded in device firmware, default credentials, and digital certificates that may be active or expired. This in-depth information helps keep the network safe from hackers. Security managers can leverage the IoTVAS system to proactively detect high-risk devices in their networks and initiate mitigation efforts before any harmful tools impact the network.

It also helps automate the process of the bill of materials (BOM) inventory for IoT by eliminating manual firmware download. It conducts firmware binary analysis for embedded systems deployed across the enterprise environment. The firmware risk assessment function of IoTVAS can be accessed via a REST API endpoint. Security audit with IoTVAS allows you to do several things:

  • Precisely identify connected machine manufacturer, gadget type, product title, firmware edition, product conclusion of daily living status, and firmware launch date.
  • Generate a real-time firmware BOM report to get a list of all application factors and libraries within your firmware code without the need to add machine files.
  • Identify publicly unknown vulnerabilities of the gadget, including vulnerable third-party components, crypto keys, default credentials, active and expired certificates, and default configuration issues.

IoTVAS can help your organization discover and analyze risks associated with IoT devices, protecting your network against several vulnerabilities in a single platform. The solution is designed to work as a stand-alone solution. It can also be integrated into current IT asset discovery tools such as scanners for network ports or software assets on computers across an enterprise network through an IoTVAS Relaxation API.

Five Tools to Improve IoT Device and Security

The broad goal of IoT security is to make sure that devices are protected against potential threats. This requires visibility into the endpoints connected with your organization’s networks, so you can assess their risk level and prioritize accordingly. It requires comprehensive tools for IoT device discovery and the ability to mitigate any risks with proper security. Let’s discuss five such prominent tools.

#1: Armis

The next generation of security, with an agentless platform that can profile any type of device in your environment. Armis efficiently finds devices ranging from laptops and servers to mobile devices or IoT endpoints. Armis classifies devices without the need to install any software. Equipped with a cloud knowledge base, it can track more than 280 million devices while passively monitoring the system traffic.

Armis continuously monitors devices for any signs of compromise with its threat detection engine. If it detects a suspicious device in your network environment, the incident response system triggers automated actions, and the security teams are also alerted.

#2: Axonius

An easy-to-use centralized IoT visibility and cybersecurity platform that virtualizes your existing tools and data sources without the need for endpoint agents. Axonius is installed on either VMware ESXi or Amazon AWS using pre-built adapters that connect with the IT infrastructure for retrieving information of the devices.

Its robust networking capabilities help monitor industrial controls, mobile devices, cloud systems, including remote and on-premises endpoints. A single device can be used to discover the security coverage gaps of one million devices and 50,000 users. It has 277 pre-built adapters that integrate with IT tools and systems to perform the following actions:

  • Automatically create incident response tickets
  • Identify vulnerable users and devices
  • Deploy preventive software
  • Run remote commands
  • Disable hazardous users
  • Alert security teams

#3: Forescout eyeSight

This is the perfect solution to eliminating visibility issues with IoT devices. Forescout eyeSight can discover, classify, and assess a variety of endpoints, including laptops, mobile devices, virtual computers, storage networks, operational technology (OT) systems, and IoT gadgets. It is a powerful, agentless IoT visibility solution that continuously monitors every IP-connected device on a network. Forescout eyeSight has auto-classification capabilities, for it is the world’s largest data lake of crowdsourced device intelligence. This data lake offers support for 600 versions of OS, 10,000 device types, including 5,700 vendors and models.

#4: Palo Alto Networks

This is a cloud-based IoT security service. Palo Alto Networks is based on Zingbox technology, an App-ID classification system. You can deploy it in your IT ecosystem to discover, secure, and protect IoT devices. The service does not require endpoint agents as it works in conjunction with the Palo Alto Next-Generation Firewall (NGFW) platform. The technology utilizes machine learning (ML) techniques to profile devices. The classification is done on over 50 unique attributes, including type, vendor, model, firmware, and physical location.

#5: Securolytics

The Securolytics IoT Security platform is a suite of products that helps you secure your internet-connected devices. The suite comprises IoT security, IoT discovery, and IoT control products. Securolytics automates the device discovery capability and identification without requiring agents on endpoints, helping lower the total cost of ownership across organizations.

Over to you

IoT devices are a hot topic in cybersecurity. With the global IoT market expected to be valued at $650.5 billion by 2026, organizations need visibility into their endpoints connected remotely through networks and locally on personal devices. Some IoT discovery products include IoT endpoints as a part of their range. In contrast, others focus primarily on emerging technologies, such as ML, to conveniently build algorithms that detect IoT and mobile devices in real-time.

Depending on the needs of your network and its vulnerability, you can decide the features required for your IoT device discovery and security solution. An ideal combination must go beyond simple device-finding and be capable of threat detection or endpoint profiling.

Kamal R, Intuz

Guest Writer
Guest Writer
Guest writers are IoT experts and enthusiasts interested in sharing their insights with the IoT industry through IoT For All.
Guest writers are IoT experts and enthusiasts interested in sharing their insights with the IoT industry through IoT For All.