SOC 1 Report
The e-InnoSec team is experienced in assessing IoT devices security using ORDR technology. In addition, we provide the following services:
- Review of IoT and BYOD policies
- Review of the approval process for IoT device and security due diligence
- Review of Wi-Fi security and encryption technologies
- Review device hardening standards and network isolation techniques
- Conduct an IoT pen test
Our IoT pen test methodology includes:
- Understanding the Scope
- Attack Surface Mapping - Attack surface mapping means mapping out all the various entry points and exit points that attackers can potentially abuse in an IoT device solution
- Vulnerability Assessment and Exploitation
- Reporting
We looked at a couple of IoT security technologies in the market and tried to understand the foundation of those technologies. Below are the e-InnoSec team thoughts in brief.
Inventory – In order to secure the IoT environment, corporations need to know the inventory of devices and the type of devices in use. This also means an automated way of identifying devices in the domain.
Classification of inventory – Inventory is further classified in types and business functions it performs. The classification of devices can take many forms. The IoT devices could be classified according to manufactures, hardware version, software versions, data handled by devices, etc.
Assess the risk to the devices – Risk assessment including threat modelling is the first step in information technology cybersecurity. This includes understanding threats and vulnerabilities within devices and the impact it will cause if threats exploit the vulnerability.
Behavior analysis – An important aspect of IoT security is the agentless diagnostic of devices. In order to do so, the technologies try to understand the normal behavior of the devices; understanding of what each device should be talking to, the workflow of information originating from the device, etc.
Operating systems - One of the biggest challenges with IoT devices is the use of legacy operating systems with minimum or no patching capabilities to defend. Also use of a shared communication network between IoT devices and other infrastructural systems is another challenge.
Below are five Infamous IoT Hacks:
- The cyber-attack related to the Mirai DDoS botnet
- A data breach related to a children’s toy
- The Devil’s Ivy Rube-Goldberg attack
- Wi-Fi baby hard monitors
- Virtual carjacking
Services
- Review of IoT and BYOD policies
- Review of the approval process for IoT device and security due diligence
- Review of Wi-Fi security and encryption technologies
- Review device hardening standards and network isolation techniques
- Conduct an IoT pen test