5 tools to help improve IoT visibility, device security
Device discovery tools can help organizations identify devices that might pose security risks, giving security administrators insight to protect their endpoints.
IoT devices proliferate across enterprise networks faster than ever, and they bring with them serious security and compliance concerns. Many devices lack even rudimentary protections, making them easy to hack, exploit or use as backdoors to launch attacks against corporate resources.
Security experts can find vulnerabilities in IoT devices such as security cameras, climate control systems and radiology workstations. Each device represents a potential weak point that could lead to destroyed or compromised data, disruptions in enterprise operations, or permanent damage to physical systems.
To address IoT security challenges, organizations need visibility into the endpoints connected to their networks, and for that, they require comprehensive tools that discover devices and mitigate potential threats. Some discovery products include IoT devices as part of a range of endpoints, while others focus primarily on IoT. In addition, many tools offer features that go beyond simple device discovery, such as threat detection or endpoint profiling. Here we examine five device discovery tools that each take a different approach to providing IoT visibility.
Armis
Armis is an Agentless security platform that can discover and profile any type of managed or unmanaged device in a customer's environment. This includes laptops, servers and mobile devices, as well as IoT devices, digital assistants, smart TVs, security cameras, HVAC systems and an assortment of other endpoints.
Key features include the following:
- Armis can classify devices on or off a customer's network without requiring software to be installed on those endpoints.
- The platform's cloud knowledge base tracks more than 280 million devices and maintains profile information about each one.
- The platform is deployed on a virtual appliance that sits out-of-band and passively monitors traffic without impacting network or device performance.
- The platform includes a threat detection engine that continuously monitors devices and compares real-time behavior with historical information and the behavior of similar devices.
- If Armis detects a threat, it can send alerts to security teams and incident response systems and trigger automated actions to mitigate the attack.
Integrations. Armis offers extensive integration capabilities that support network infrastructure, firewalls, network access control (NAC) systems, security information and event management (SIEM) platforms, IT asset management platforms, configuration management databases and vulnerability assessment tools.
Pricing. Armis doesn't publish pricing information.
Learning. Customers can access Armis University, which trains individuals in how to use the platform more effectively. The university offers self-paced learning and instructor-led classes. The instructor-led classes include virtual public and dedicated classes, as well as onsite private classes. Customers can also access videos, solution briefs, white papers and other documentation. In addition, they can register for a live demonstration.
Axonius
Axonius is a cybersecurity asset management platform that's installed as a virtual appliance on either VMware ESXi or Amazon AWS. The platform doesn't require endpoint agents but instead uses prebuilt adapters that connect to existing tools and data sources to retrieve asset data about devices and users.
Key features include the following:
- Axonius provides a centralized IoT visibility platform for viewing and controlling virtual, remote and on-premises endpoints, including desktops, mobile devices, cloud instances, industrial control systems and IoT devices.
- Axonius can inventory all of a customer's assets within hours without the need to touch the endpoints.
- A single Axonius virtual appliance can support more than one million devices and more than 50,000 users.
- The Axonius platform can discover security coverage gaps by identifying users and devices that are missing security controls.
- Axonius can automatically create incident response tickets, send alerts to security teams and carry out a variety of actions, such as run remote commands, disable users or deploy software.
Integrations. The Axonius platform includes 277 prebuilt adapters for integration with a range of tools and systems, such as Eset Endpoint Security, Ivanti Unified Endpoint Manager, Oracle Cloud, Cisco switches and routers, Red Hat Ansible Tower and SaltStack Enterprise.
Pricing. Axonius doesn't publish pricing information, but it offers the product as an annual subscription, based on the number of supported assets.
Learning. Axonius offers videos, webinars, e-books, white papers, case studies and other documentation for learning about the Axonius platform. Organizations can also register for a free demonstration or a 30-day free trial.
Forescout
Forescout Technologies offers multiple products for protecting enterprise endpoints. One of these is eyeSight, an agentless device IoT visibility product that organizations can deploy as a virtual or physical appliance. Forescout eyeSight can discover, classify and assess a variety of endpoints, including laptops, mobile devices, virtual computers, storage and network devices, operational technology (OT) systems and IoT devices.
Key features include the following:
- Forescout eyeSight can discover and continuously monitor every IP-connected device without using agents or disrupting critical business operations.
- The product can automatically classify multiple types of devices, with support for over 600 OS versions, over 5,700 vendors and models, and over 10,000 device types.
- The auto-classification capabilities are powered by Forescout Device Cloud, which Forescout Technologies bills as the world's largest data lake of crowdsourced device intelligence.
- The eyeSight platform continuously monitors the network, identifies security and compliance gaps, and assesses adherence to internal and external requirements.
- The platform uses more than 20 passive and active monitoring techniques to discover managed and unmanaged devices across a heterogeneous network infrastructure.
Integrations. The eyeSight platform supports public and private cloud integration with VMware, AWS and Azure, and it offers software-defined networking integration with Cisco Meraki and Cisco Application Centric Infrastructure.
Pricing. Forescout doesn't publish pricing information.
Learning. Forescout offers an authorized training and certification program that includes multiple engineering and administration tracks and instructor-led training courses. Because of COVID-19, all on-site training is currently conducted virtually. Forescout also offers videos, webinars, case studies, solution briefs, white papers and other documentation. In addition, organizations can request a free demonstration.
Palo Alto Networks IoT Security
IoT Security from Palo Alto Networks is a cloud-based IoT security service based on Zingbox technology, which Palo Alto acquired in 2019. The service can discover, secure and protect IoT devices without the need for endpoint agents. The service works in conjunction with the Palo Alto Next-Generation Firewall (NGFW) platform.
Key features include the following:
- Palo Alto enhanced the Zingbox technology with its patented App-ID classification system, making it possible to identify and classify unmanaged IoT and OT devices.
- The service uses a patented three-tier machine learning technique to profile devices based on type, vendor, model and over 50 unique attributes, such as firmware, OS, MAC address and physical location.
- Customers can enable IoT Security on NGFW environments without needing to make any configuration changes or add network infrastructure.
- IoT Security compares metadata from millions of IoT devices with those on a customer's network to determine normal behavior and generate recommended policies for restricting or trusting behavior.
- Customers can implement security best practices that use context-aware segmentation to restrict lateral movement between IT and IoT devices.
Integrations. The Zingbox technology on which IoT Security is based offers integration with a wide range of tools and services, including asset and network management, NAC systems, SIEM platforms and managed security services.
Pricing. Palo Alto doesn't publish pricing information for IoT Security, but the service requires a standalone license and is delivered as a cloud-based subscription.
Learning. Palo Alto's Education Services program includes instructor-led training, e-learning courses and five certification tracks. It also provides a knowledge base for finding answers to common issues, as well as a set of technical documents that include notes, guides, best practices and other information. Organizations can register for a free demonstration.
Securolytics IoT Security
The Securolytics IoT Security platform consists of multiple products that support IoT device discovery, security and control. The platform automates IoT identification without requiring endpoint agents and works with existing tools and processes to help lower total cost of ownership.
Key features include the following:
- Securolytics delivers IoT Security services through an on-premises appliance that admins can connect anywhere on the network, without requiring test access points.
- The IoT Security appliance acts as a syslog collection point, providing a central location for easily gathering log data from across the network.
- The IoT Discovery product automatically finds IoT devices connected to the network and then provides this information to the IoT FingerPrint Engine, an advanced machine learning and AI engine that generates device profiles.
- The IoT Security product, which is part of the IoT Security platform, provides ongoing device-level security monitoring and vulnerability detection, without requiring specific configurations.
- The IoT Control product automatically creates and manages security policy for at-risk devices, and facilitates system and API integration.
Integrations. The IoT Security platform can integrate with NAC systems, SIEM platforms, configuration management databases, incident detection and response systems, and a variety of management offerings. Securolytics provides a REST API for sharing the platform's information with other systems.
Pricing. Unlike many security products, Securolytics publishes its subscription prices, which are based on a per user, per month usage structure. The service runs $1.50 per user, per month for 100 to 1,000 devices; $1.02 for 1,000 to 4,999 devices; and $0.72 for 5,000 to 9,999 devices. Contact Securolytics directly for prices on more than 10,000 devices. The company also offers discounts for yearly subscriptions.
Learning. Securolytics provides webinars, case studies and datasheets for learning about the service. Organizations can also register for a free demonstration.