sb-nz logo
Story image

Enterprise IoT ecosystem extends beyond corporate devices - Zscaler

28 May 2019

Cloud security company Zscaler has released its 2019 report,  IOT in the Enterprise: An Analysis of Traffic and Threats, which examines traffic stemming from IoT device footprints across the Zscaler cloud over the course of 30 days.

The Zscaler ThreatLabZ research team analysed 56 million IoT device transactions to understand the types of devices in use, the protocols used, the locations of the servers with which they communicated, and the frequency of inbound and outbound communications.

Over a 30-day period, 56 million transactions were processed in the Zscaler cloud from 270 different types of IoT devices made by 153 different manufacturers.

The analysis showed that more than 1,000 organisations have at least one IoT device transmitting data from the network to the internet via the Zscaler cloud platform.

The most commonly detected IoT device categories across the Zscaler cloud were IP cameras, smart watches, printers, smart TVs, set top boxes, IP phones, medical devices, and data collection terminals, among others.

“As is often the case with new innovations, the use of IoT technology has moved more quickly than the mechanisms available to safeguard these devices and their users,” says Zscaler chief technology officer and engineering and cloud operations executive vice president Amit Sinha.

“Within only one month of traffic, our threat research team saw an astronomical amount of traffic stemming from both corporate and personal IoT devices.”

“Enterprises need to take steps to safeguard these devices from malware attacks and other outside threats.”

Top IoT security concerns were:

  • Weak default credentials
  • Plain-text HTTP communication to a server for firmware or package updates
  • Plain-text HTTP authentication
  • Use of outdated libraries

“We observed that over 90% of IoT transactions are occurring over a plain text channel, which we believe makes these devices and the enterprises that house them vulnerable to crafted attacks,” says Zscaler security research vice president Deepen Desai.

“Enterprises need to assess their IoT footprint, as they will only continue to expand and raise the risk of cyber attacks. From changing default credentials to restricting access to IoT devices from external networks, there are a variety of steps that can be taken to increase the IoT security posture.”

The Zscaler ThreatLabZ research team consists of security experts, researchers, and network engineers responsible for analysing and eliminating threats across the Zscaler security cloud and investigating the global threat landscape.

The team shares its research and cloud data with the industry at large to help promote a safer internet.

Story image
Almost a third of malware threats previously unknown - HP report
A new report has found 29% of malware captured was previously unknown due to the widespread use of packers and obfuscation techniques by attackers seeking to evade detection. More
Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More
Story image
Imperva unveils new data security platform built for cloud
"The cloud has revolutionised IT, offering organisations a strategic opportunity to rapidly pursue new market initiatives and adapt their operations in the face of new business challenges."More
Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More
Story image
Pandemic sees organisations of all sizes and industries invest in CTI
There is opportunity for organisations to better manage their cyber-threat intelligence for greater security and threat intelligence effectiveness by adopting the right tools and processes.More
Story image
Microsoft Exchange breach a wake-up call to ditch the server
"There are owners who still have in-house exchange servers because they are suspicious of the cloud or have concerns about their data sovereignty or don't want to contemplate the capital expenditure. But the warning is clear. Get rid of them."More