4 Reasons Why Your Vulnerability Scanner Needs Help on IoT Devices

Most organizations, especially those that care about security, have security programs in place. These programs include all kinds of important tests and regular scans. These programs work, they help to keep the traditional devices secure at least. While traditional vulnerability scanning is effective, it misses a majority of the other connected devices like IoT, Biomedical, OT, and SCADA to name a few.

In most standard vulnerability management programs, the software has been developed over the course of years or even decades to specifically find vulnerabilities on traditional devices like laptops, servers, and the like. What they do not do well is find the other connected devices and if they do they are exceptionally bad at identifying them or their issues.

These shortcomings stem from multiple issues in the way that the classic vuln scanning applications work.

Why Vulnerability Scanners Fail

1. Not Designed for IoT – Traditional vulnerability scanners are designed to use a combination of login credentials and software agents and they work well on devices where software can be installed, or the login functions are controlled by the AD or LDAP. Connected devices, like IoT and biomed are not capable of running a software agents and rarely are their logins managed by any central mechanism.
2. Too Intrusive for resource-constrained IoT – Traditional vulnerability scanners are generally noisy on the network and use try-it-all approaches when it finds a new device. This is perfectly fine for a PC, but connected devices like IoT and OT cannot handle this and often crash as a result of the scans. This means that many organizations have long since blacklisted the vulnerable connected devices leaving them prone to attack and being an entry point for malicious attackers.
3. Vulnerability scanners do not run in real time – They typically run on a schedule, assessing devices on the network at a regularly scheduled time. But, what about devices that are only online at other times of the day, what about devices that come online between scans. These are all left wide open for attackers and ransomware attacks.
4. Device inventory and tracking is severely lacking in most modern vulnerability scanning suites – For example, if a device is identified as vulnerable the team tasked with remediation may well not be able to find it, devices move and users take things home.

Why not find out what IoT threats your vulnerability scanner is missing? Check out our IoT-mini!