A good IoT security assessment helps ensure endpoint security

The speed at which the IoT has been accepted as the go-to technology by the world is astonishingly fast and this acceptance is only spreading across all verticals and organizations of all sizes. Today, all devices used in our lives are connected to or through the IoT. While this made our experience with the technology easier and provided more comfort, the door to this vortex also has an opening at the other end. This means that the ease with which we can use the IoT through various technological tools, whether devices or applications, solution platforms, etc., the same tools and our data that are connected are also vulnerable to threats from the other side. According to research conducted by Symantec, per month, on average, IoT devices experience 5,200 attacks. 5G considered as a boost for IoT has now started working in few metropolitan cities in India and businesses can also get 5G separately to run their business. This, while it may seem to help improve the use and benefits of technology to upgrade their current standards, the risks of us becoming vulnerable to cyber threats through our endpoints is the downside.

The DDoS worm distributed by Mirai was the third most common IoT threat in 2018. This could have been stopped if a comprehensive testing practice had been in place. As these attacks have only increased, it becomes very important to protect our terminals connected through IoT devices for which organizations using IoT must adhere to have their devices tested through comprehensive tests. Keysight’s IoT Security Assessment has the right team and tools to test devices that can and are vulnerable to external threats due to their association with IoT,” said Gaurav Ranade, CTO at RAH Infotech.

Keysight is the recognized gold standard for device security testing and has been conducting cybersecurity research for nearly two decades. Virtually any device can be attacked – from smartwatches to headphones and connected cars to medical implants. Keysight’s IoT Security Assessment is designed to combat any attack on any device. Here, the Keysight team validates security from the top down of the stack, from lower layer protocol fuzzing to application layer attacks. It can be driven by a UI or a full REST API for easy integration into a CI/CD pipeline and its modular design allows pluggable integration for additional functionality from – Keysight, third-party or even in-house code. With just a few mouse clicks or API calls, Keysight’s decades of security testing expertise can find hidden vulnerabilities in virtually any connected device, using techniques and attack methods from around the world. real.

The Open Web Application Security Project (OWASP) has compiled a list of the top 10 common vulnerabilities in IoT devices and Keysight’s IoT Security Assessment addresses 9 of them – all but physical hardening. So while users have to lock the door themselves, The Keysight IoT Security Assessment will assess:

• Use of insecure or obsolete components
• Insufficient privacy protection
• Unsecured data transfer and storage
• Lack of device management
• Secure default settings
• Weak, easy-to-guess, or hard-coded passwords
• Unsecured network services
• Insecure ecosystem interfaces
• Lack of secure update mechanisms

Keysight’s IoT Security Assessment attacks connected devices to detect known and unknown attacks. Upper-layer attacks such as brute-force password discovery and weak encryption discovery address common and cataloged vulnerabilities, and intensive protocol fuzzing uncovers hard-to-find weaknesses in network implementations. This allows vulnerabilities in RF and link layer protocols that might be lurking in the communications chipset to be discovered and addressed simultaneously as well as higher level weaknesses.

Source link