Rapid7 Announces Strategic Consulting and Assessment Services to Secure the Internet of Things
Compromised IoT devices can be used to amplify and launch crippling denial of service (DDoS) attacks against others. Recent cyber-attacks have taken advantage of IoT device weaknesses, most notably, the Mirai malware. In addition to securing IoT devices themselves, IT and security professionals are charged with defending their networks against this new threat vector.
“The risk posed by IoT devices has moved from theoretical to real-world. When we consider IoT, we’re no longer talking about a single or highly unlikely, targeted instance of a vulnerable device that leads to one compromised system or consumer. We’re now seeing large-scale attacks that leverage huge numbers of devices against extremely popular organizations,” said
According to Gartner’s Internet of Things Primer for 2016, “by 2020, over 20 billion connected things will be in use across a range of industries.” While driving significant productivity gains for businesses and consumers, this exploding growth also creates new attack vectors for malicious attackers and presents increased risk. IoT devices not only create new opportunities for attackers to invade networks to steal information, they can also be hacked to gain access to physical spaces and assets, or even cause harm to users. As users become more dependent on the functionality of connected devices, the risk represented by loss of use or corrupted use becomes even greater.
Planes, trains, and automobiles often have a complex set of requirements. Rapid7’s deep expertise goes beyond understanding CAN, LIN, FlexRay, and other network protocols to provide assessments and recommendations that will not affect the product's performance, but will solve manufacturers’ specific needs and concerns.
Rapid7’s transportation offering will be led by
Consulting and assessment service areas
- Strategic Guidance: Specialist consultancy on how to develop IoT technologies with security built-in from the ground up. The consultants will work with industry experts and trade groups to help develop standards and best practices for IoT security and will funnel this expertise into engagements with IoT developers.
- Threat Modeling: Development of comprehensive threat models of your entire system that can evolve with your complete product lifecycle to help you identify and mitigate the most critical issues, as well as to document your product’s security posture.
Device Design Consulting: Designing hardware is often the first step of a major project and can determine your limitations and weaknesses. The company offers consulting from the ground up so that hardware issues don’t become the Achilles’ heel of your software security architecture.
- Incident Response: After an attack, getting forensic information from anything more than device logs can be a non-trivial task. Rapid7’s hardware teams can assist in getting the information you need directly from a product.
- Security Testing and Vulnerability Analysis
- IoT Penetration Testing:
Rapid7penetration and system analysis testing goes beyond basic analysis to consider the whole ecosystem of the IoT technology, including the IoT mobile application, cloud APIs, communication and protocols, and embedded hardware and firmware.
- Hardware Testing:
Rapid7will examine the physical security and internal architecture of the device – including internal components – to determine the breadth and depth of its physical attack surface. The Company also provides practical advice to help improve and remediate identified issues.
- Protocol Testing:
Rapid7will assess and test communications to and from the device, including protocols used, the cryptographic security of encrypted transmissions, the ability to capture and modify transmissions of data, and fuzzing of the communication protocols, to determine the risk to an organization and clients. The Company provides actionable advice to prioritize and reduce risks uncovered.
- Firmware Analysis:
Rapid7experts extract and examine the content of the firmware to discover backdoor accounts, injection flaws, buffer overflows, format strings, and other vulnerabilities, extending analysis to the firmware upgrade process to ensure that public key encryption and upgrade functionality is also secure.
- IoT Penetration Testing:
Responsible security research driving innovation in IoT
About Rapid7 Strategic Advisory Services
The company conducts more than 1,000 penetration tests each year, and its experts in threat modeling, incident detection, breach response, and security program strategy are featured speakers and contributors at major security conferences, including RSA, Black Hat, DEF CON, and SXSW.
Cautionary Language Concerning Forward-Looking Statements
This press release includes forward-looking statements. All statements contained in this press release other than statements of historical facts, including, without limitation, statements regarding our growth strategy, future market opportunities and plans and objectives for future operations, are forward-looking statements. The words “anticipate,” “believe,” “continue,” “estimate,” “expect,” “intend,” “may,” “will” and similar expressions are intended to identify forward-looking statements. We have based these forward-looking statements largely on our current expectations and projections about future events and financial trends that we believe may affect our financial condition, results of operations, business strategy, short-term and long-term business operations and objectives and financial needs. These forward-looking statements are subject to a number of risks and uncertainties, including, without limitation, risks related to our rapid growth and ability to sustain our revenue growth rate, the ability of our products and professional services to correctly detect vulnerabilities, competition in the markets in which we operate, market growth, our ability to innovate and manage our growth, our ability to integrate acquired operations, our ability to operate in compliance with applicable laws as well as other risks and uncertainties set forth in the “Risk Factors” section of our Quarterly Report on Form 10-Q filed with the
Investor Relations Contact:
Mark DonohueVice President, Treasury and Investor Relations 857-415-4419 firstname.lastname@example.org Press Contact: Rachel E. AdamSenior PR Manager 857-415-4443 email@example.com