Put yourself in the shoes of a Security Operations Center in an enterprise. Almost every SOC is going to have some sort of endpoint security deployed on their laptops and servers. That endpoint security lets them see inside those assets.
That visibility provided by their endpoint security solutions lets them see not just what their assets are, e.g., a laptop, but they can also see the laptop's make and model, even the version of its operating system. With endpoint security, they can see the laptop's:
- firmware
- installed software
- visited websites
With endpoint security, they can monitor the device.
There's a reason that endpoint security is the go-to for so many SOCs. It's the most valuable level of visibility that you can get into the assets on your network.
Connected Devices = Mysterious Black Boxes
Now imagine that you're in a SOC--and you run a scan on your network--and all that comes back is that you have a MacBook Pro 13-inch, for example. You might start asking:
- What software is on it?
- What components are on it?
- How's it behaving on the network?
- What version of firmware is it running?
- Is the laptop encrypted?
These are all questions that you're going to have. However, if you just get answers that say, it's a MacBook Pro, your security team can't do anything with that information. It's useless.
That's where we are right now in IoT and OT security.
How do you see into IoT and OT devices?
Many companies can generate asset inventories. They do network monitoring.
That network monitoring tells us which connected IoT and OT devices are reaching out to a particular IP address -- but not what's inside any of those devices.
That's why there are so many unanswered questions about all of these connected devices. The security teams don't have the information they need to do vulnerability management if they don't know what's inside a connected device.
They find themselves at the mercy of what's reported in centralized vulnerability databases.
How Binary Analysis and SBOM Help
Binary analysis and SBOM help by starting to give us visibility into all of these embedded--and arguably more critical--assets. When you add binary analysis and SBOM to your arsenal of product and software supply chain security tools, we start to approach the level of visibility we're accustomed to in endpoint security solutions.
With binary analysis and comprehensive SBOMs, we can start to answer product security and software supply chain questions with detail and confidence.
That's the difference. The more data, information, and intelligence we have about what's going on inside IoT and OT devices, the easier it is to understand where we have potential product security and software supply chain threats that have infiltrated our networks and where we may have critical vulnerabilities that could be externally facing or that attackers could use as a pivot in our organizations. Even worse, a lack of visibility into our connected devices and embedded systems could prevent us from properly assessing the security of a critical asset that's controlling a critical process within our organizations or finding a vulnerability that could take that asset offline.
There are a lot of product security questions that you can't answer with just a simple inventory of the products that you have in your network.
56% of IT and IT security practitioners recently told the Ponemon Institute that the increases in supply chain and IoT attacks require new approaches to product security strategy and tactics. Nearly half (48%) expressed no or little confidence in their organization's ability to identify all the vendors in the supply chains of their devices.
It's time to reexamine how we see into IoT and OT connected devices.
If you're ready to see inside the connected devices on your network and remediate your unseen IoT and OT risk, catch an on-demand demo showing how the Finite State Platform can help. We’ll show you how scalable and automated a leading-edge connected-device security program can be.
