You cannot control what you cannot see

The number of network-connected devices in enterprise networks is growing which unlike workstations, laptops and servers are not properly identified by traditional IT asset discovery solutions for the following reasons:
  • Proprietary protocols are often used for managing and monitoring IoT devices that are not known to the asset discovery solution.
  • Agent based asset discovery is not possible because most of the IoT devices are resource constrained systems with proprietary operating systems that do not allow installation of discovery agent software on them.
Furthermore, traditional IT vulnerability scanning solutions have limited coverage when it comes to IoT devices:
  • Device discovery is often limited to the devices with a history of known vulnerabilities.
  • Fuzz testing method used by these solutions often time caused device operating system crash and reliability issues.

How does IoTVAS API discover devices and their risks?

Firmalyzer IoTVAS API is an IoT/connected device identification and vulnerability assessment solution that can be easily integrated with asset discovery, network port scanners and IT vulnerability scanning tools and enable them to perform:
  • Accurate identification of device manufacturer, model name, device type, device end of life status, firmware version and firmware release date
  • Safe and in-depth vulnerability assessment of identified device including publicly known vulnerabilities (CVE) and unknown vulnerabilities in device firmware code including vulnerable 3rd party components, default credentials, crypto keys, certificates and default configuration issues
IoTVAS API can be easily integrated with vulnerability scanning and network port scanner tools. For example, we have also released the IoTVAS NSE script that turns the nmap port scanner to a IoT/connected device discovery and real-time risk assessment tool.
IoTVAS API NMAP plugin Discovers the printer and its vulnerabilities

Try IoTVAS API for free


If you are interested in running on-prem deployment of IoTVAS API or licensing it for integrating with your commercial product, please contact us for details.

IoTVAS API device discovery and vulnerability assessment