CyberArk, a global leader in privileged access management, announced its working with Forescout and Phosphorus. The collaboration enables organizations to secure the increasing number of IoT devices and technologies, an outcome of digital business transformation.
The joint integration helps customers significantly reduce risk and continuously secure, discover, and manage IoT devices connected to corporate networks.
An estimation states that by 2030, there will be about 25.4 billion active IoT devices, which is more than 7.7 billion in 2019. All the connected device represents privilege risk based on the systems and data it is connected to, and who can access the device. Also, IoT devices have well-known firmware or software vulnerabilities that can be accessed hardcoded into the system through weak credentials or default credentials.
In order to gain a foothold within networks, attackers target connected devices, where they can then travel laterally and ultimately gain access to the most important and sensitive assets of an organization.
As the attack surface expands, to reduce risk, organizations need to maintain an updated inventory of their IoT devices and assess the network continuously to help ensure that patches are pushed, and default or weak credentials are not used anymore.
Maintaining visibility and handling the entire IoT lifecycle is, however, difficult and expensive to do manually. The new Forescout and Phosphorus integration of CyberArk reduces risk by offering an integrated solution. It gives exposure to enterprise IoT networks and shrinks the attackable surface area automatically by effectively controlling, protecting, and tracking the credentials that are used to access their solutions.
“As organizations are increasing investments in transformative digital technologies like IoT, the number of privileged accounts and credentials in these devices can mean that each new device brings with it the potential for security and compliance vulnerabilities,” said Adam Bosnian, Executive Vice President, Global Business Development, CyberArk. “Through our integration with Forescout and Phosphorus, CyberArk dramatically improves security and compliance, and alleviates the burden on IT and security teams through greater automation and operational efficiencies related to the influx of interconnected devices.”
Via integration, as they are introduced to the network, the Forescout platform frequently discovers IoT properties, while Phosphorus Enterprise Solution analyses each asset, assigns it a risk level, and remedies firmware vulnerabilities.
The CyberArk Privileged Access Security Solution then enforces best security practices by centralizing privileged account management, applying threat analytics, and automating identification and rotation of credentials.
“Forescout actively defends the Enterprise of Things by identifying, segmenting and enforcing compliance of every connected thing,” said Pedro Abreu, Chief Product and Strategy Officer at Forescout. “We embrace an integrated, automated approach with our partners to eliminate security gaps and are thrilled to combine the power of Forescout’s technology with the latest innovation from CyberArk and Phosphorus so customers can realize complete and continuously active IoT security that dramatically reduces risk and manual overhead.”
“IoT devices are proliferating much faster than enterprise security teams can manage, creating a growing threat with huge risks,” said Earle Ady, Phosphorus Co-founder and Chief Technology Officer. “Together with CyberArk and Forescout, we’re providing end-to-end IoT protection—automatically detecting and enrolling devices, providing agentless firmware updates for rapid security patching, and providing automated credential management. The result is comprehensive IoT security visibility and remediation across the enterprise.”