Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
3/30/2021
02:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Optiv Security Introduces Enterprise Lab Focused on IoT in IT

Lab to address client concerns; will identify, assess, and mitigate IoT device security challenges.

DENVER – March 30, 2021 – Optiv Security, a security solutions integrator delivering end-to-end cybersecurity solutions, today unveiled its Enterprise Internet of Things (IoT) Lab in response to a growing and ever-present pain point for client security leaders – the proliferation of IoT devices on organizational networks. Chief information security officers (CISOs) are dealing with sizeable blind spots and have expressed the clear need for support in discovering those devices and bringing them into their existing vulnerability management programs with an expanded objective of total network protection that goes beyond simple device discovery and assessment. Optiv’s Enterprise IoT Lab will:

  • Show organizations how to discover IoT devices present in their environment, assess devices for vulnerabilities, and mitigate outstanding security issues.
  • Provide a baseline platform for development of automated vulnerability management and incident response solutions for IoT.
  • Position IoT/OT/ICS security solutions where their integrations into other technologies can be developed and tested end-to-end.

“Current technologies focused on traditional network assets can fall short when trying to assess IoT targets, and solutions focused on the OT/ICS space don’t always integrate with the enterprise vulnerability management solutions,” said Sean Tufts, practice director, IoT Security, Optiv. “We’re now able to prove out these solutions in an environment that provides access to a wide spectrum of partner technologies.”

Optiv has partnered with Palo Alto Networks, Tenable, and Armis to highlight how these solutions react in a real-world environment of live devices. In addition, Gigamon has been leveraged to enable each solution’s monitoring requirements.

"Our Unit 42 IoT threat research, based on analysis of 1.2 million devices, found that nearly 98 percent of IoT traffic is unencrypted and more than half of all IoT devices are susceptible to severe cyber-attacks. This is why a prevention-first approach is the need of the hour instead of alert-only solutions,” said Muninder Singh Sambi, senior vice president, product management, Palo Alto Networks. "Optiv’s Enterprise IoT Lab is a welcomed development.”

The Lab will drive solutions from real-world sources and/or data supplied from a client environment. More than 50 common corporate IoT targets are in the environment and will be tested and demonstrated on to highlight vulnerability management best practices in live-time as they relate to source (insiders, third parties, bad actors) and threat (unsecured remote access, weak passwords, legacy technologies, pre-installed spyware, hackable devices).

“Optiv has substantial experience in embedded device vulnerability analysis,” said Mark Thurmond, chief operating officer, Tenable. “We’re excited to be a part of Optiv’s IoT lab to lend our converged IT/OT expertise in exploitation techniques and best practices to continue driving innovation in the IoT security space for our shared clients.”

For more information about Optiv’s IoT security services, visit Optiv IoT.

Follow Optiv  

Twitter: www.twitter.com/optiv  
LinkedIn: www.linkedin.com/company/optiv-inc  
Facebook: www.facebook.com/optivinc  
YouTube: https://www.youtube.com/c/OptivInc  
Blog: https://www.optiv.com/explore-optiv-insights/blog  

Optiv Security: Secure your security.TM 
Optiv is a security solutions integrator – “one-stop” trusted partner with a singular focus on cybersecurity. Our end-to-end cybersecurity capabilities span risk management and transformation, cyber digital transformation, threat management, cyber operations, identity and data management, and integration and innovation, helping organizations realize stronger, simpler and more cost-efficient cybersecurity programs that support business requirements and outcomes. At Optiv, we are modernizing cybersecurity to enable clients to innovate their consumption models, integrate infrastructure and technology to maximize value, achieve measurable outcomes, and realize complete solutions and business alignment. For more information about Optiv, please visit us at www.optiv.com.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24376
PUBLISHED: 2021-06-21
The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory w...
CVE-2021-24377
PUBLISHED: 2021-06-21
The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on t...
CVE-2021-24378
PUBLISHED: 2021-06-21
The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execute w...
CVE-2021-24379
PUBLISHED: 2021-06-21
The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some...
CVE-2021-24383
PUBLISHED: 2021-06-21
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue