Phosphorus, an extended Internet of Things (xIoT) security company, has launched Phosphorus Labs, its new global security research division, according to a prepared release.
Additionally, Phosphorus released its first xIoT Threats and Trends Report, which summarizes five years of security research and device testing. Phosphorus noted that its research is based on analysis of millions of xIoT devices deployed in enterprise network environments across major verticals.
Phosphorus focus on xIoT research
Comprised of leading IoT, OT and IT security experts, Phosphorus Labs will focus exclusively on advanced xIoT threat research, security analytics and device-based threat assessments . According to Phosphorus, this effort will allow companies to create more robust and mature security programs for today’s ever-changing cyber threat landscape.
Phosphorus CEO and Founder Chris Rouland explained the inspiration behind the company’s new Labs division:
“Security research has been at the heart of Phosphorus’ mission since day one. Through our new Labs division, we are significantly expanding the company’s current research efforts to include more in-depth security testing and analysis of IoT, OT and enterprise network devices. We will also continue to develop our unique field research program, which collects key insights into active threats and security risks for xIoT devices already deployed in enterprise networks.
A Closer Look at Phosphorus Laboratories
To collect accurate, real-time data on current security issues and threats, Phosphorus Labs research includes:
- In-depth analysis of xIoT devices
- Penetration tests
- Vulnerability search
- Regular polling of actively deployed xIoT devices
Phosphorus said it aims to provide “the industry’s most advanced and comprehensive understanding of the unique xIoT attack surface, coding challenges, design limitations, vulnerabilities, exploitation methods and security risks for every major xIoT device used by enterprises today.” This will allow businesses to put in place more robust cybersecurity defenses to protect against potential threats.
As Phosphorus Chief Security Officer Brian Contos explained:
“The goal of Phosphorus Labs is not to create yet another vulnerability research program. xIoT vulnerabilities are in spades. While they often make a lot of noise in the media, what’s more important from a security perspective is that we learn how to prevent these attacks by hardening devices and reducing their attack surface. Vulnerabilities come and go, but device-level security must be consistent.
MSSPs and MSPs can join Phosphorus’ partner program to integrate the company’s xIoT platform into their offerings. In addition to MCS and EverSec, Phosphorus partners include Optiv, a security solutions integrator and Top 250 MSSP, and cybersecurity services company Defy Security.
The xIoT report provides a guide to current threats
In its new xIoT Threats and Trends Report, Phosphorus Labs provides an overview of the top security issues facing today’s enterprise-level IoT, OT and networking devices. The report includes key findings from the company’s five years of research and field testing – “to help enterprise security teams better understand the risks posed by xIoT devices.”
Some of Phosphorus Labs security discoveries include:
- 99% of xIoT device passwords do not comply with best practices
- 68% of xIoT devices have high-risk or critical vulnerabilities (CVSS score 8-10)
- 80% of security teams cannot identify the majority of their xIoT devices
Phosphorus notes that the report also highlights specific xIoT devices that enterprise security teams should pay close attention to. As a result, Phosphorus Labs’ “10 Worst xIoT Offenders” list includes several high-risk devices that are often overlooked. These include server racks/cabinets and KVM switches, as well as easy-to-operate desktop devices such as connected printers and VoIP phone systems.
#Phosphorus #Launches #Research #Division #Releases #Extended #Internet #xIoT #Report #MSSP #Alert