The company’s new research division, Phosphorus Labs, has already found a high rate of CVEs, default passwords, end-of-life devices, and other security risks in millions of xIoT devices deployed in corporate environments.
NASHVILLE, TN — Phosphorus, the leading provider of proactive and full-scope security for the extended Internet of Things (xIoT), today announced the launch of its new global security research division, Phosphorus Labs. The company also released its first “xIoT Threat & Trend Report,” which encapsulates over five years of security research and device testing, based on the analysis of millions of xIoT devices deployed in corporate network environments across leading verticals.
Comprised of leading experts in IoT, OT, and IT security, Phosphorus’s new Labs division is exclusively focused on advanced xIoT threat research, security analysis, and device-based threat assessments that will enable enterprises to build more robust and mature security programs for today’s evolving cyber threat landscape.
“Security research has been central to Phosphorus’s mission, ever since day one,” said Chris Rouland, Founder and CEO of Phosphorus. “Through our new Labs division, we are significantly expanding the company’s current research efforts to include more in-depth security testing and analysis of enterprise IoT, OT, and Network devices. We will also continue to grow our unique field research program, which collects key intelligence on active threats and security risks to xIoT devices already deployed in enterprise networks.”
New Research Division
Armed with Phosphorus’s unique technology platform for actively communicating with xIoT devices in their native languages, Phosphorus Labs will conduct rigorous testing and analysis of a diverse range of IoT, OT, and Network devices.
This research includes in-depth xIoT device analysis, penetration testing, vulnerability research, and regular interrogations of actively deployed xIoT devices in corporate, government, and industrial networks in order to collect accurate, real-time data on current security issues and threats.
The goal of the company’s research division is to provide the industry’s most advanced and comprehensive understanding of the unique xIoT attack surface, coding challenges, design limitations, vulnerabilities,exploit methods, and security risks for every important xIoT device in use among enterprises today. This will allow companies to put in place more robust cybersecurity defenses to protect against potential threats.
“The purpose behind Phosphorus Labs is not to create yet another vulnerability research program,” said Brian Contos, Chief Security Officer of Phosphorus. “xIoT vulnerabilities are a dime a dozen. While they often make a lot of noise in the news media, what is more important from a security standpoint is that we learn how to prevent these attacks by hardening devices and reducing their attack surface. Vulnerabilities will come and go, but device-level security should be consistent.”
xIoT Report Provides High-Level Guide to Current Threats
In its new “xIoT Threat & Trend Report,” Phosphorus Labs provides an overview of the top security problems facing today’s enterprise-level IoT, OT, and Network devices. The report includes key findings from the company’s more than five years of field research and testing that will help enterprise security teams better understand the risks posed by xIoT devices.
Some of Phosphorus Labs’ security findings include:
- 99% of xIoT device passwords are out of compliance with best practices
- 68% of xIoT devices have high-risk or critical vulnerabilities (CVSS score of 8-10)
- 80% of security teams can’t identify the majority of their xIoT devices
The report also highlights specific xIoT devices that enterprise security teams need to pay special attention to. The Phosphorus Labs “Top 10 Worst xIoT Offenders” list includes several high-risk devices that are often overlooked, such as server racks/cabinets and KVM switches, as well as ubiquitous office devices which are easy to exploit, like connected printers and VoIP phone systems.