CyberArk (NASDAQ: CYBR), the global leader in privileged access management, announced it is working with Forescout and Phosphorus to enable organizations to secure the increasing number of IoT devices and technologies resulting from digital business transformation. Customers can significantly reduce risk using the joint integration to continuously discover, secure and manage IoT devices connected to corporate networks.
By 2030, it’s projected that there will be 25.4 billion active IoT devices, up from 7.7 billion in 2019. Any connected device – from printers and sensors, to cameras and tablets – can represent privilege risk based on the systems and data it is connected to, and who can access the device. Additionally, IoT devices often have well-known firmware or software vulnerabilities that can be accessed via weak credentials or default credentials that are hardcoded into the device. Attackers target connected devices to gain a foothold within networks, where they can then move laterally and eventually gain access to an organization’s most critical and sensitive assets.
In order to reduce risk as the attack surface expands, organizations must maintain an up-to-date inventory of their IoT assets and continually assess the network to help ensure that patches are pushed and weak or default credentials do not remain in use. However, maintaining visibility and managing the full lifecycle of IoT is difficult, and costly, to do manually. CyberArk’s new integration with Forescout and Phosphorus reduces risk by providing an automated solution that grants visibility into enterprise IoT networks and automatically shrinks the attackable surface area by actively managing, securing and monitoring the credentials used to access their solutions.
“As organizations are increasing investments in transformative digital technologies like IoT, the number of privileged accounts and credentials in these devices can mean that each new device brings with it the potential for security and compliance vulnerabilities,” said Adam Bosnian, executive vice president, Global Business Development, CyberArk. “Through our integration with Forescout and Phosphorus, CyberArk dramatically improves security and compliance, and alleviates the burden on IT and security teams through greater automation and operational efficiencies related to the influx of interconnected devices.”
Through the integration, the Forescout platform continuously discovers IoT assets as they are added to the network, while Phosphorus Enterprise Solution assesses each asset, assigns it a risk level, and remediates firmware vulnerabilities. The CyberArk Privileged Access Security Solution then enforces security best practices by centralizing the management of privileged accounts, applying threat analytics and automating detection and credential rotation.
“Forescout actively defends the Enterprise of Things by identifying, segmenting and enforcing compliance of every connected thing,” said Pedro Abreu, chief product and strategy officer at Forescout. “We embrace an integrated, automated approach with our partners to eliminate security gaps and are thrilled to combine the power of Forescout’s technology with the latest innovation from CyberArk and Phosphorus so customers can realize complete and continuously active IoT security that dramatically reduces risk and manual overhead.”
“IoT devices are proliferating much faster than enterprise security teams can manage, creating a growing threat with huge risks,” said Earle Ady, Phosphorus co-founder and CTO. “Together with CyberArk and Forescout, we’re providing end-to-end IoT protection—automatically detecting and enrolling devices, providing agentless firmware updates for rapid security patching, and providing automated credential management. The result is comprehensive IoT security visibility and remediation across the enterprise.”
Forescout and Phosphorus are both members of the C3 Alliance, CyberArk’s global technology partner program. The integrations are available on the CyberArk Marketplace, the industry’s broadest and deepest inventory of privileged access-related technology integrations.