Forescout Researchers Reveal the Riskiest IT, IoT, OT and IoMT Devices in Enterprise Networks, Popular Trends, and Mitigation Techniques
India, October 13, 2022: Forescout Technologies, the global leader in automated cybersecurity, recently analyzed the various evolving complexity of the riskiest devices landscape in 2022. The report includes Vedere Labs’ findings analyzing millions of devices in Forescout’s Device Cloud using the Forescout Continuum Platform’s new multifactor risk scoring methodology.
To get a dataset representative of the current device landscape in enterprise networks, Vedere Labs analyzed device data between January 1 and April 30 in Forescout’s Device Cloud, one of the world’s largest repositories of connected enterprise device data including IT, OT, IoT, and IoMT. The report also covers the three factors on the basis of which the risk of a device is calculated:
- Configuration considers the number and severity of vulnerabilities on the device as well as the number and criticality of open ports.
- The function considers the potential impact on the organization if the device is compromised.
- Behavior considers the reputation of inbound connections to and outbound connections from the device, along with its internet exposure.
It also highlights the five riskiest devices in four device categories: IT, IoT, OT, and IoMT; what makes these devices so risky and their distribution by industry (financial, government, healthcare, manufacturing, and retail) and geography (Americas; Asia-Pacific; Europe; and Middle East, Turkey and Africa):
- IT – Router, computer, server, wireless access point, hypervisor
- IoT – IP camera, VoIP, video conferencing, ATM, printer
- OT – PLC, HMI, uninterruptible power supply (UPS), environmental monitoring, building automation controller
- IoMT – DICOM workstation, nuclear medicine system, imagine, picture archiving and communications system (PACS), patient monitor
Additionally, two recurring themes in the recent research of Vedere Labs have been the growing attack surface due to more devices being connected to enterprise networks and how threat actors leverage these devices to achieve their goals. The attack surface now encompasses IT, IoT, and OT in almost every organization, with the addition of IoMT in healthcare. The researchers demonstrated this with R4IoT, an attack that starts with an IP camera (IoT), moves to a workstation (IT), and disables PLCs (OT).
The report significantly identifies the change in mitigation techniques too. The Forescout Continuum Platform solves the risk assessment problem by continuously discovering, granularly classifying, and assessing devices without agents or active techniques that could compromise business operations. It mentions that after understanding the attack surface, it is important to mitigate risk with automated controls that do not rely only on security agents and that apply to the whole enterprise, instead of silos like the IT network, the OT network, or specific types of IoT devices. Forescout Continuum enables these types of controls by accelerating the design and deployment of dynamic network segmentation across the digital terrain while also automating policy enforcement by enabling countermeasures to mitigate threats, incidents, and compliance gaps.