For the modern-day security practitioner, keeping up with the number of devices on their organization’s network is next to impossible. According to research firm Gartner, by 2020 more than 25 percent of identified attacks in enterprises will involve connected devices. “IoT” was once a marketing buzzword that was preached at the RSA, Black Hat, and InfoSec World conferences, but now it’s very much a part of a security warrior's everyday work life.
From laptops and printers to smart TVs and manufacturing machines, and the more machines there are within the enterprise, the more entry points there are, which equals more attacks. While the “average” network has endpoint security on laptops, they fail to secure the IoT blindspots associated with other devices, says Yevgeny Dibrov, CEO and co-founder of Armis.
“The world is changing,” he told InfoSec Insider during a recent interview. “We are seeing the ratio between traditional and non-traditional devices is growing. We have more and more devices on now that you can’t install an agent on.”
Armis specializes in IoT security, and have recently discovered a major vulnerability dubbed “BLEEDINGBIT” found on Bluetooth Low Energy chips created by Texas Instruments.
“The chips are embedded in, among other devices, certain access points that deliver Wi-FI to enterprise networks manufactured by Cisco, Meraki, and Aruba,” according to research on the vulnerability. “These are the leaders in networking and accounting for nearly 70 percent of the market.”
In the full video interview below, Dibrov and Armis co-founder and CTO Nadir Izrael discuss the current climate as it relates to IoT security, and offer up some dos and don’ts when it comes to protected, connected devices within the enterprise.