Phosphorus Blog

xIoT: Defined. Discussed. Secured.


“Everything is becoming a computer… If it’s smart, it’s vulnerable.”  

– Mikko Hypponen, Chief Research Officer at F-Secure

The enterprise attack surface of today has quickly evolved beyond traditional endpoints as hundreds of new, smart xIoT devices connect to the internet every second. This creates a growing attack surface made up of billions of new IoT, OT, and Network Devices – easy targets for hackers and nation-states to exploit.

The infographic below breaks down, defines, and summarizes xIoT across multiple topics, including:

  • xIoT devices and device types
  • Common xIoT vulnerabilities and pain points
  • Recent xIoT attacks
  • Legacy vs. Phosphorus xIoT security
  • How to go beyond the FIND to also FIX and MONITOR xIoT devices


The sheer number of global xIoT devices needing security is surprising, especially when compared against the number of cloud servers and desktop computers that need to be secured. It is estimated that xIoT devices outnumber worldwide cloud servers and desktop computers by an order of magnitude. 

And what are xIoT devices? xIoT refers to what we call the “xTended” Internet of Things. This xTended IoT category spans Enterprise IoT devices (cameras, printers, and door controllers), OT devices (like PLCs, HMI’s, and robotics) and Network devices (like switches, WiFi routers, and NAS).


xIoT security issues are compounded by the sheer quantity of xIoT devices in customer environments. Our analysis indicates that most organizations have about five IoT devices per employee. More than 50% of IoT devices have known vulnerabilities or default passwords, with 20% of these vulnerabilities being critical CVEs (CVSS score of 9 or above).

Recent advanced threats include the QuietExit attack, ‘RSOCKS’ Botnet, SCADA malware attacks, and the HikVision camera exploit, to name a few. As well, Phosphorus Cybersecurity™ has recently observed hackers exploiting vulnerable IoT systems – including door controllers and camera systems – to launch ransomware attacks inside US company networks.


By leveraging our ability to communicate with billions of xIoT devices, Phosphorus has developed a completely new approach to xIoT security that other vendors thought was not possible or too complicated. Before Phosphorus, there was no security solution that could provide full visibility of the complete xIoT asset inventory and provide comprehensive Attack Surface Management, Hardening and Remediation, and ongoing Detection and Response for every connected ‘Thing.’

We spent years developing an abstraction layer and platform that can safely speak to any xIoT device by communicating in the device’s unique and native language. This is not only very difficult, but imperative, as you cannot secure/manage/remediate/harden xIoT devices if you cannot communicate with and identify them.

The Phosphorus Enterprise xIoT Security Platform integrates seamlessly with existing network systems and includes these patented functionalities:

  • Asset Discovery
  • Posture Assessment
  • Credential Hardening
  • Remediation and Patch Management
  • Detection and Response

I’ve tried to make the infographic simple and fun, outlining how we define, discuss, and secure the exploding xIoT landscape. Much more that I’ll cover in future blogposts and infographics, but I encourage you to schedule a demo anytime to see for yourself and learn more.


John Vecchi

As Chief Marketing Officer, John brings more than 25 years of experience in high-tech marketing, strategy, product marketing, product management, sales and consulting. Most recently, John was Chief Marketing Officer at Anitian, ColorTokens, and Anonyome Labs.