The Necessity of Continuous Vulnerability Detection
Accurately discovering and patching vulnerabilities is one of the biggest issues with securing Internet of Things (IoT) devices. Finding these weaknesses in the device firmware or in the communication protocols and mitigating them quickly can mean the difference between a secure network and one that’s open to cyberattackers. This work is unfortunately complicated by the number of IoT devices.
There were 15.14 billion IoT devices deployed worldwide by the end of 2023, according to Statista, with that number expected to grow to more than 17 billion in 2024. Understanding all possible vulnerabilities on these devices is a herculean task. And one that’s made worse because most vulnerability scanning must be scheduled for times when it’s least likely to interrupt business operations.
Passive, continuous vulnerability detection is the simplest and safest way to surface weaknesses in your IoT devices. Among other benefits, no agents are required. Security teams are often limited in the amount of time they can spend running vulnerability scans on their systems. With continuous vulnerability detection, organizations gain a more accurate picture of what possible weaknesses there are in their IoT devices on a more consistent basis.
Why Continuous Vulnerability Detection Is Critical
There were more than 28,000 CVEs identified in 2023 and reported to the National Vulnerability Database, with 9,351 already reported in 2024. This brings the total number of active CVEs to more than 244,000 in the database. Not every vulnerability is actively exploited or relevant to a specific company’s architecture, but any one of them could be used in an attack chain at any time.
Security teams using traditional vulnerability management tools have to proactively scan their networks to discover active weaknesses. Once those are uncovered, they then examine the severity associated with the vulnerability and determine when or if to patch the weakness. That’s if there is a patch available.
Making it possible to continuously detect vulnerabilities is a game-changer when it comes to patch management. For IoT devices, having the ability to detect weaknesses automatically and continuously means that security teams can more efficiently allocate resources to mitigate risks including the ability to prioritize these weaknesses based on the likelihood of exploitation is even more powerful.
Continuously vulnerability detection without the ability to prioritize those weaknesses creates more noise for resource-strapped security teams. More to the point, IoT devices are often used for years beyond traditional enterprise IT investments. These are function and feature-limited devices that may not have vulnerabilities immediately apparent to a casual scan. Running continuous vulnerability detection thus enables security teams to be alerted when a new issue is discovered.
The how of these detections matters as well. Security teams should ideally rely on a method that surfaces device type, communication protocol, and firmware version in addition to any potential weakness. This enables security professionals to also build an accurate inventory of the IoT devices in their network.
It also means that companies can understand which devices they have in their network and which ones they might need to emphasize in the continuous scan. Then, when new vulnerabilities are discovered, security teams know where to focus their energy. It could be a vulnerability affecting a common software component across multiple devices, or all devices of a single manufacturer. All this is meant to make it easier to surface potential weaknesses and resolve the most risky ones first and efficiently.
Continuous Vulnerability Detection Enables a Risk-Based Approach
Risk-based vulnerability prioritization is one of the best ways to reduce the possibility of a successful cyberattack. The CVEs hosted in the NVD database are all assigned a severity score with the Common Vulnerability Scoring System (CVSS) that ranges from 0.0 to 10.0. These scores are then assigned a severity ranging from Low to Critical depending on how much damage would be caused should the CVE be exploited.
What this measure does not do is explain how likely it is that the vulnerability will actually be exploited. For example, if there’s a vulnerability in an IoT security camera that allows for remote code execution including hijacking the video feed, that could be very bad. If that camera doesn’t point to anything sensitive and has been separated from the rest of your network though, then a threat actor using that exploit on that particular device isn’t a high cause for concern.
That’s one example of a successful exploit not having much of an impact on your operations. Another thing the CVSS number doesn’t account for is how difficult the exploit is to execute. The Log4Shell exploit of December 2021 created a firestorm because of how easy it was for a threat actor to use as part of their attack chain.
Some CVE’s ranked as critical are incredibly hard to execute. Perhaps they require the threat actor to already have gained initial access to your systems, or need highly specialized knowledge to actually have any value as part of an attack. If a vulnerability is critical, but difficult to use as part of a cyberattack, then it can be prioritized at a lower level because of how unlikely it is to be deployed.
Continuous vulnerability detection empowers you to see where those opportunities are for more efficient prioritization far more quickly than running a manual vulnerability scan. Ultimately, the ability to see which vulnerabilities exist in your IoT devices at any given time and prioritize those on the fly makes your security team’s patch management processes far more efficient.
How Asimily Continuous Vulnerability Detection Simplifies Risk Mitigation
The Asimily platform uses passive scanning technology to identify all devices connected to your networks without disrupting functionality. It also ingests data from other trustworthy inventory sources in your organization, for higher accuracy and faster inventory generation from scratch. For environments like healthcare or manufacturing where taking IoT devices offline isn’t an easy task, the ability to discover connected devices without interrupting their operation provides great value.
Asimily also identifies and classifies every connected device on your network down to the specific model, operating system, and software version. We define where they are on the network, where they are physically located, and track them as they move so you can build accurate device profiles that include the following for each device connected to their networks:
- Operating system
- IP address
- MAC address
- Port numbers
- Hostname
- Version number
Collecting this information simplifies continuous vulnerability detection by ensuring that Asimily can track the most relevant vulnerabilities.
Asimily also adopts a risk-oriented approach to vulnerability management, empowering customers with the ability to determine how likely it is for a threat actor to exploit a given vulnerability. This informs risk-based prioritization and streamlines resolving business-critical weaknesses in your IoT devices.
With Asimily, you can prioritize remediation activities and address exploitable CVEs based on the measured risk a vulnerability poses by enabling you to:
- Filter the thousands of CVEs associated with your inventory to just those that are exploitable on your network.
- Prioritize your efforts to address the real risks to your network and not just the published list of potential threats
- Utilize the CVEs criticality score along with the Common Vulnerability Scoring System (CVSS 3.x) and the Risk Rubric for CVSS to rate the exploitable CVEs based on their “Likelihood” to put the device at risk (Low, Medium, High)
Asimily’s continuous vulnerability detection capabilities empower security teams to be more efficient in resolving weaknesses in their IoT systems. The risk-based prioritization that accompanies this process means that security teams can reduce the chance of a cyberattack and better protect their critical systems.
To learn more about Asimily, download our IoT Device Security in 2024: The High Cost of Doing Nothing whitepaper or contact us today.
Reduce Vulnerabilities 10x Faster with Half the Resources
Find out how our innovative risk remediation platform can help keep your organization’s resources safe, users protected, and IoT and IoMT assets secure.