• Connected device discovery and vulnerability assessment, made

    automated, proactive and effective.
    Bring in-depth connected device risk visibility into your cyber risk management program.
    GET THE FIRMALYZER SOLUTIONS BRIEF

Discover IoT/connected devices, their CVEs and their firmware risks

IoTVAS extends the reach of your vulnerability management program to the IoT/connected devices. It can integrate with your existing IT asset management and vulnerability assessment solution, providing accurate device discovery and real-time vulnerability assessment at the firmware code level without requiring network traffic collection or installation of software agents on devices. This allows you to get the most of your existing security tools and proactively find high risk connected devices.

Connected device discovery and vulnerability assessment made automated, proactive and effective

IoTVAS API accurately discovers connected devices in your network and provides real time device risk assessment including an in-depth device firmware vulnerability report. This is made possible with Firmalyzer’s proprietary knowledge base of device fingerprints and firmware vulnerabilities that is continuously growing by learning new device fingerprints and automated firmware analysis on a global-scale.

IoTVAS API NMAP plugin discovers the camera and its vulnerabilities

IoTVAS is one of the missing pieces of enterprise security puzzle

IT Vulnerability management solutions

  • Detect devices with a history of known vulnerabilities, hence has limited detection coverage
  • Detect vulnerable network services solely based on version string in network banners
  • Fail to detect known vulnerabilities in most cases, because of missing version string
  • Use network port scanning that cannot “see” network client software on the device
  • Their Crypto tests are limited to keys exposed via network services (public keys)
  • Usually discover default device passwords using brute-forcing which is time consuming and fails to detect backdoor accounts

IoTVAS

  • Detects a wide range of enterprise connected devices with more than 50,000 device fingerprints and growing
  • Provides real-time firmware bill of materials (BOM) and in-depth vulnerability report of all firmware components
  • Utilizes Firmalyzer’s proprietary firmware vulnerability knowledge base to accurately report vulnerabilities
  • Reports vulnerabilities in network services, crypto libraries, OS kernel and embedded client software such as busybox
  • Analyses all crypto keys (public and private) and algorithm usage and detects backdoor private keys across device models and vendors
  • Detects backdoor or “service” accounts on the devices quickly and with pinpoint accuracy

Passive IoT device security solutions

  • Require deployment of network taps/sensors or configuration of port mirroring
  • Passively capture and analyse network traffic that leads to privacy concerns
  • Detect the publicly known vulnerabilities (CVE) of devices
  • Do not detect devices that reached their end-of-life or have outdated firmware versions

IoTVAS

  • No network tap or port mirroring required
  • Does not collect network traffic
  • Discovers vulnerabilities in device firmware code in addition to device CVEs
  • Detects end-of-life devices and devices running outdated firmware version

IT asset discovery solutions

  • Fail to accurately detect most of IoT/connected devices without access to their network interface MAC addresses
  • Do not provide security risk status of discovered device or just provide a list of associated CVEs without considering the firmware level risk
  • Do not usually report devices that reached their end-of-life or have outdated firmware version

IoTVAS

  • Detects connected devices in the absence of their MAC addresses as IoTVAS does not solely rely on MAC address clustering methods for device fingerprinting
  • Discovers vulnerabilities in device firmware code in addition to device CVEs
  • Detects end-of-life devices and devices running outdated firmware versions

Trusted by

Try IoTVAS API for free

Try for free
IoTVAS API device discovery and vulnerability assessment

Get in touch and see a live demonstration of IoTVAS SaaS

Request a demo
IoTVAS vulnerability management dashboard

From our blog

Integrating IoTVAS API with Qualys Cloud Platform for IoT/connected device discovery and vulnerability assessment

Read more

Integrating IoTVAS API with Rapid7 InsightVM for IoT/connected device discovery and vulnerability assessment

Read more

IoT/connected device discovery and vulnerability assessment using IoTVAS API

Read more