Connected device discovery and vulnerability assessment, made

automated, proactive and effective.

Bring in-depth connected device risk visibility into your cyber risk management program.
GET THE FIRMALYZER SOLUTIONS BRIEF

Discover IoT/connected devices, their CVEs and their firmware risks

IoTVAS extends the reach of your vulnerability management program to the IoT/connected devices. It can integrate with your existing IT asset management and vulnerability assessment solution, providing accurate device discovery and real-time vulnerability assessment at the firmware code level without requiring network traffic collection or installation of software agents on devices. This allows you to get the most of your existing security tools and proactively find high risk connected devices.

Device discovery

Accurate identification of device manufacturer, model name, device type, firmware version and firmware release date

Firmware risk analysis

Comprehensive vulnerability detection and risk assessment in firmware code level

Configuration risk analysis

Detection of backdoor crypto keys and accounts on devices

Lifecycle risk analysis

Detection of End-of-Life and unpatched devices

Reduce Risk

Proactively identify and fix devices with vulnerable firmware or insecure factory configuration

Reduce Cost

Use your cyber security budget efficiently by integrating IoTVAS API into your existing IT asset management or vulnerability scanning solution

Check Reputation

Check the security posture of the devices manufactured or consumed by your organization

Increase Compliance

Verify and demonstrate compliance of your devices with relevant cyber security standards and guidelines

Boost Productivity

Automate device security assessment on-scale and focus on mitigating risks

Enable New Business

Augment your cyber security solutions with connected device risk analysis via Firmalyzer risk API

Who benefits from Firmalyzer platform

Enterprise

Enterprises begin to notice the immense growth in the number of connected devices such as IP cameras, printers and IP phones in their networks that unlike servers, workstations and laptops cannot be monitored, managed and updated by installing “security agents”. Traditional network scanners often fail to detect even most trivial IoT/connected devices vulnerabilities such as default credentials as they are not equipped with IoT/connected devices specific threat knowledge bases.

DISCOVER MORE

Device Manufacturer

connected device manufacturers include software components such as operating systems, drivers and libraries from 3rd party sources in device firmware that could contain security vulnerabilities or insecure cryptographic keys or algorithms. Such vulnerabilities or weaknesses in device firmware could be exploited remotely over the network and put customers at risk.

DISCOVER MORE

Risk Management Solution Provider

Third party risk management platforms need to continuously analyze and monitor the security posture of vendors and their products across different risk groups such as vendor's IT infrastructure and product vulnerabilities over time. In the context of connected device vendors, automatic security risk analysis of millions of firmware files across different vendors and device models, is an integral process.

DISCOVER MORE

Connected device discovery and vulnerability assessment made automated, proactive and effective

IoTVAS API accurately discovers connected devices in your network and provides real time device risk assessment including an in-depth device firmware vulnerability report. This is made possible with Firmalyzer’s proprietary knowledge base of device fingerprints and firmware vulnerabilities that is continuously growing by learning new device fingerprints and automated firmware analysis on a global-scale.

DISCOVER MORE

IoTVAS API NMAP plugin discovers the camera and its vulnerabilities

IoTVAS is one of the missing pieces of enterprise security puzzle

IT Vulnerability management solutions

Detect devices with a history of known vulnerabilities, hence has limited detection coverage
Detect vulnerable network services solely based on version string in network banners
Fail to detect known vulnerabilities in most cases, because of missing version string
Use network port scanning that cannot “see” network client software on the device
Their Crypto tests are limited to keys exposed via network services (public keys)
Usually discover default device passwords using brute-forcing which is time consuming and fails to detect backdoor accounts

IoTVAS

Detects a wide range of enterprise connected devices with more than 50,000 device fingerprints and growing
Provides real-time firmware bill of materials (BOM) and in-depth vulnerability report of all firmware components
Utilizes Firmalyzer’s proprietary firmware vulnerability knowledge base to accurately report vulnerabilities
Reports vulnerabilities in network services, crypto libraries, OS kernel and embedded client software such as busybox
Analyses all crypto keys (public and private) and algorithm usage and detects backdoor private keys across device models and vendors
Detects backdoor or “service” accounts on the devices quickly and with pinpoint accuracy

Passive IoT device security solutions

Require deployment of network taps/sensors or configuration of port mirroring
Passively capture and analyse network traffic that leads to privacy concerns
Detect the publicly known vulnerabilities (CVE) of devices
Do not detect devices that reached their end-of-life or have outdated firmware versions

IoTVAS

No network tap or port mirroring required
Does not collect network traffic
Discovers vulnerabilities in device firmware code in addition to device CVEs
Detects end-of-life devices and devices running outdated firmware version

IT asset discovery solutions

Fail to accurately detect most of IoT/connected devices without access to their network interface MAC addresses
Do not provide security risk status of discovered device or just provide a list of associated CVEs without considering the firmware level risk
Do not usually report devices that reached their end-of-life or have outdated firmware version

IoTVAS

Detects connected devices in the absence of their MAC addresses as IoTVAS does not solely rely on MAC address clustering methods for device fingerprinting
Discovers vulnerabilities in device firmware code in addition to device CVEs
Detects end-of-life devices and devices running outdated firmware versions