Integrating IoTVAS API with Qualys Cloud Platform for IoT/connected device discovery and vulnerability assessment

We demonstrate the integration of IoTVAS and Qualys Cloud Platform that is a market leading continuous security and compliance monitoring platform for enterprises. This platform is designed to automate auditing and compliance check of IT assets and mobile endpoints. However, accurate asset discovery and risk assessment of purpose built IoT or connected devices such as IP cameras, network connected printers and OT devices, becomes a challenge.

Read more

Integrating IoTVAS API with Rapid7 InsightVM for IoT/connected device discovery and vulnerability assessment

In this post, we demonstrate integration of IoTVAS with the Rapid7 InsightVM that is a popular IT vulnerability management (VM) solution and is designed to scan and manage vulnerabilities of common IT assets such as servers and common endpoints.

Read more

IoT/connected device discovery and vulnerability assessment using IoTVAS API

Today’s enterprise networks are complex environments with different types of wired and wireless devices being connected and disconnected. Therefore, an effective device discovery system that enables us to identify device type, maker, model and OS/firmware is crucial for successful security management.

Read more

Automatically address IoT Security Guidelines of UK Government by Firmalyzer Enterprise Automated Firmware Security Analysis Platform

In October 2018, Government of UK published code of practice for IoT vendors to improve the security of consumer IoT products. In this blog post, we explore those guidelines that are applicable to IoT device manufacturers and show how they can be addressed automatically using Firmalyzer platform.

Read more

Firmalyzer discovered high-severity vulnerabilities in PLCNext, the next generation PLC device of Phoenix Contact

With the advent of 4th industrial revolution the automation technology has undergone a rapid change. As a result new solutions has been introduced to the market to address new requirements and one of them are the next generation PLC devices. Since those devices are meant to be used in critical infrastructure where security is a high priority, we decided to perform a security assessment on them and our first choice was PLCNext AXC F 2152 made by Phoenix Contact.

Read more

Firmalyzer discovered a high-severity vulnerability in Mydlink-enabled devices

One of Firmalyzer's binary analysis modules is OpenSSL API checker that scans firmware binaries for improper use of OpenSSL APIs such as lack of certificate verification when establishing a TLS connection. Two months ago, Firmalyzer discovered such a vulnerability in a binary named "signalc" included in D-Link DIR-810L "cloud router" firmware.

Read more