As the overall extended Internet of Things (xIoT) attack surface expands, connected devices are increasingly becoming attractive targets for threat actors to establish initial beachheads, facilitate lateral movement and persistence, and achieve attack objectives such as exfiltration or holding data for ransom.
The continued proliferation of xIoT devices has forced large enterprises to recognize that addressing foundational security issues – such as devices running vulnerable firmware or deployed with default credentials – is paramount to maintaining operational resilience, especially in the wake of campaigns like the recently disclosed QUIETEXIT attack focused on nation-state espionage objectives.
The Phosphorus Enterprise xIoT Security Platform is the industry’s only consolidated xIoT security offering, bringing state-of-the-art Attack Surface Management, Remediation, and Detection & Response capabilities to help enterprises secure their xIoT estates. What’s more, for the first time in industry history, teams in IT, Facilities, and Security are able to collaborate on a single platform to safely discover, assess, remediate, and monitor their xIoT devices. Phosphorus is now the solution of choice for enterprises to secure devices that were previously unknown or overlooked, beginning with fundamental xIoT security hygiene. Today, I’m thrilled to announce some exciting product enhancements focused on xIoT Remediation and xIoT Active Response to continue fueling this momentum.
From a Configuration Management perspective, we have expanded the platform to address issues relating to expired, invalid, or insecure SSL/TLS device certificates. Device Posture Assessment determines the certificate status for xIoT devices, and the expanded capabilities enable Upload Certificate actions to install certificates for your xIoT devices. Maintaining certificates is important from both an operational and a proactive device hardening standpoint, especially as threat actors are known to create self-signed certificates to encrypt C2 traffic or conduct man-in-the-middle (MiTM) attacks.
We have also expanded the set of supported device actions to include Reboot Device and Disable Service actions. Phosphorus already enables enterprises to upgrade xIoT devices impacted by zero-day vulnerabilities as soon as patches are available. With the evolving threat landscape, there is a growing need to enable compensating actions — such as disabling remote services — in the interim when a patch isn’t available, especially in enterprises that need to ensure business continuity and are not in a position to shut down the impacted devices. The expanded capabilities in the Phosphorus platform arm security teams to disrupt active threats and proactively harden device posture. For example, threat actors are known to log into xIoT devices using Secure Shell (SSH) to then perform activities as the logged-on user that are critical to achieving their attack objectives. Phosphorus has added the ability to disable (and enable) remote services to counter such adversarial activities.
In this version, we have added API support to perform these Configuration Management tasks and Device Hardening on a select set of devices. The unique extensibility of the Phosphorus xIoT Security Platform allows for the rapid expansion of support to hundreds of thousands of xIoT device models, driven by the Tactics, Techniques, and Procedures (TTPs) associated with emerging xIoT campaigns.
The Phosphorus Enterprise xIoT Security Platform facilitates a safe, centralized, and extensible approach for enterprises and organizations to protect and defend 100% of their diverse connected device estates. Request a demo to see Phosphorus in action, and learn more about how you can secure your xIoT attack surface.
Got the picture? Learn more about these Things in our infographic that breaks down, defines, and summarizes xIoT here.
Get more information about our Version Update here.