San Jose, California, May 22, 2019 - Zscaler, Inc., the leader in cloud security, announced today the release of its 2019 report, IOT in the Enterprise: An Analysis of Traffic and Threats, which examines traffic stemming from IoT device footprints across the Zscaler™ cloud over the course of 30 days. The Zscaler™ ThreatLabZ research team analysed 56 million IoT device transactions to understand the types of devices in use, the protocols used, the locations of the servers with which they communicated, and the frequency of inbound and outbound communications.
Over a 30-day period, 56 million transactions were processed in the Zscaler cloud from 270 different types of IoT devices made by 153 different manufacturers. The analysis showed that more than 1,000 organisations have at least one IoT device transmitting data from the network to the internet via the Zscaler cloud platform.
The most commonly detected IoT device categories across the Zscaler cloud, included IP cameras, smart watches, printers, smart TVs, set top boxes, IP phones, medical devices, and data collection terminals, among others.
“As is often the case with new innovations, the use of IoT technology has moved more quickly than the mechanisms available to safeguard these devices and their users. Within only one month of traffic, our threat research team saw an astronomical amount of traffic stemming from both corporate and personal IoT devices,” said Amit Sinha, Executive Vice President of Engineering and Cloud Operations, Chief Technology Officer, Zscaler. “Enterprises need to take steps to safeguard these devices from malware attacks and other outside threats.”
Top IoT Security Concerns:
- Weak default credentials
- Plain-text HTTP communication to a server for firmware or package updates
- Plain-text HTTP authentication
- Use of outdated libraries
“We observed that over 90 percent of IoT transactions are occurring over a plain text channel, which we believe makes these devices and the enterprises that house them vulnerable to crafted attacks,” said Deepen Desai, Vice President of Security Research, Zscaler. “Enterprises need to assess their IoT footprint, as they will only continue to expand and raise the risk of cyberattacks. From changing default credentials to restricting access to IoT devices from external networks, there are a variety of steps that can be taken to increase the IoT security posture.”
The Zscaler ThreatLabZ research team consists of security experts, researchers, and network engineers responsible for analyzing and eliminating threats across the Zscaler security cloud and investigating the global threat landscape. The team shares its research and cloud data with the industry at large to help promote a safer internet.
For more information on the Zscaler cloud, please visit: https://www.zscaler.com/threatlabz/cloud-activity-dashboard
Zscaler (NASDAQ: ZS) enables the world’s leading organisations to securely transform their networks and applications for a mobile and cloud-first world. Its flagship services, Zscaler Internet Access™ and Zscaler Private Access™, create fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100 percent cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances are unable to match. Used in more than 185 countries, Zscaler operates a multi-tenant distributed cloud security platform, protecting thousands of customers from cyberattacks and data loss. Learn more at zscaler.com or follow us on Twitter @zscaler. Learn more at: https://www.zscaler.com or follow us on Twitter: @zscaler
Each of Zscaler, Zscaler Internet Access and Zscaler Private Access is a trademark or registered trademark of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the properties of their respective owners.
Increasing mandates around the security of personal data have made encryption for every business. Australian businesses are leading the world in the use of encryption to protect backups, payment-related data, and laptops – and yet they still have a long way to go before encryption is both ubiquitous and manageable.
If your last access-control update was even a few years ago, you’re probably more exposed to fraud and exploitation than you’d like to be.
It’s not hard to understand why bot management is critical to maintaining business availability and customer satisfaction – but do you know how to properly deal with bots?
Increasing use of encryption has created new challenges for enterprise security managers. Ever more-sophisticated encryption such as Perfect Forward Secrecy (PFS) protects data and may even boost your Google ranking – but it also provides a haven for malicious code that may use encryption to bypass enterprise security controls.
Why nation-state attacks are everyone’s problem