sb-nz logo
Story image

CyberArk launches Forescout and Phosphorus integration to aid with IoT security

CyberArk has teamed up with Forescout and Phosphorus with the aim of helping organisations to secure the increasing number of IoT devices and technologies resulting from digital business transformation.

The idea is to significantly reduce risk using the joint integration to continuously discover, secure and manage IoT devices connected to corporate networks.

In order to reduce risk as the attack surface expands, organisations must maintain an up-to-date inventory of their IoT assets and continually assess the network to help ensure that patches are pushed and weak or default credentials do not remain in use, CyberArk states.

However, maintaining visibility and managing the full lifecycle of IoT can be difficult and costly to do manually.

CyberArk’s new integration with Forescout and Phosphorus help to reduce risk by providing an automated solution that grants visibility into enterprise IoT networks.

It automatically shrinks the attackable surface area by actively managing, securing and monitoring the credentials used to access their solutions.

Through the integration, the Forescout platform continuously discovers IoT assets as they are added to the network, while Phosphorus Enterprise Solution assesses each asset, assigns it a risk level, and remediates firmware vulnerabilities.

The CyberArk Privileged Access Security Solution then enforces security best practices by centralising the management of privileged accounts, applying threat analytics and automating detection and credential rotation.

Forescout and Phosphorus are both members of the C3 Alliance, CyberArk’s global technology partner program.

The integrations are available on the CyberArk Marketplace, an inventory of privileged access-related technology integrations.

According to CyberArk, by 2030 it’s projected that there will be 25.4 billion active IoT devices, up from 7.7 billion in 2019.

Any connected device - from printers and sensors, to cameras and tablets - can represent privilege risk based on the systems and data it is connected to, and who can access the device.

Additionally, IoT devices often have well-known firmware or software vulnerabilities that can be accessed via weak credentials or default credentials that are hardcoded into the device.

Attackers target connected devices to gain a foothold within networks, where they can then move laterally and eventually gain access to an organisation’s most critical and sensitive assets.

CyberArk executive vice president of Global Business Development Adam Bosnian says, “As organisations are increasing investments in transformative digital technologies like IoT, the number of privileged accounts and credentials in these devices can mean that each new device brings with it the potential for security and compliance vulnerabilities.

“Through our integration with Forescout and Phosphorus, CyberArk dramatically improves security and compliance, and alleviates the burden on IT and security teams through greater automation and operational efficiencies related to the influx of interconnected devices.”

Forescout chief product and strategy officer Pedro Abreu says, “Forescout actively defends the Enterprise of Things by identifying, segmenting and enforcing compliance of every connected thing.

“We embrace an integrated, automated approach with our partners to eliminate security gaps and are thrilled to combine the power of Forescout’s technology with the latest innovation from CyberArk and Phosphorus so customers can realise complete and continuously active IoT security that dramatically reduces risk and manual overhead.”

Finally, Phosphorus co-founder and CTO Earle Ady says, “IoT devices are proliferating much faster than enterprise security teams can manage, creating a growing threat with huge risks.

“Together with CyberArk and Forescout, we’re providing end-to-end IoT protection - automatically detecting and enrolling devices, providing agentless firmware updates for rapid security patching, and providing automated credential management. The result is comprehensive IoT security visibility and remediation across the enterprise.”

Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
Cybersecurity budgets still not keeping up with threats — report
Executive teams are failing to recognise the level of damage cyber-threats pose to organisations, according to Sophos — many of them taking a ‘conservative approach’ to cybersecurity expenditure.More
Story image
IT leaders prioritising automation, Zero Trust and API-based security investments
"The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fuelled explosion in distributed and remote work has created a perfect storm for network security teams."More
Story image
New wormable Android malware discovered through auto-replies in WhatsApp
Check Point Research has discovered new malware on Google’s Play Store that could spread through WhatsApp messages. More
Story image
Cloud services top threat vector for healthcare industry
"The coronavirus pandemic continues to highlight the unique cybersecurity needs of the healthcare industry, even as it has increased the number of threats these organisations face."More