Phosphorus Launches Research Division and Releases Expanded Internet of Things (xIoT) Report.

Phosphorusa security company for the extended Internet of Things (xIoT), has been launched Phosphorus laboratoriesits new global security research division, according to a prepared statement.

Also, Phosphorus has released its first Report on xIoT trends and threats, which encompasses five years of security research and device testing. Phosphorus noted that its research is based on analyzing millions of xIoT devices deployed in enterprise network environments in key vertical markets.

Phosphorus focus on xIoT research

Composed of leading experts in IoT, OT and IT security, Phosphorus Labs will focus exclusively on advanced xIoT threat research, security analysis and device-based threat assessments. The effort, Phosphorus says, will enable companies to build more robust and mature security programs for today’s ever-changing cyber threat landscape.

Phosphorus CEO and founder Chris Rouland explained the inspiration behind the company’s new Labs division:

“Security research has been central to the Phosphorus mission, from day one. Through our new Labs division, we are significantly expanding the company’s current research efforts to include more in-depth security testing and analysis of IoT, OT, and enterprise network devices. We will also continue to grow our unique field research program, which gathers key intelligence on the active threats and security risks of xIoT devices already deployed in enterprise networks.”

A closer look at the phosphor laboratories

To gather accurate, real-time data on current security issues and threats, Phosphorus Labs research includes:

  • In-depth analysis of xIoT devices
  • Penetration testing
  • Vulnerability research
  • Regular interrogations of actively deployed xIoT devices

Phosphorus said it aims to provide “the industry’s most advanced and comprehensive understanding of the unique xIoT attack surface, coding challenges, design limitations, vulnerabilities, exploit methods and security risks for every important xIoT device in use today among companies. This will enable businesses to put in place stronger cybersecurity defenses to protect against potential threats.”

As Brian Contos, chief security officer at Phosphorus explained:

“The purpose of Phosphorus Labs is not to create another vulnerability research program. There are a dozen xIoT vulnerabilities. While they often make a lot of noise in the media, what’s more important from a security perspective is that we learn how to prevent these attacks by hardening devices and reducing their attack surface. Vulnerabilities come and go, but device-level security should be consistent.”

MSSPs and MSPs can join Phosphorus’ partner program to integrate the company’s xIoT platform into their offerings. Along with MCS and EverSec, Phosphorus partners include Optionala security solutions integrator e Top 250 MSSPsand cyber security services companies Challenge security.

The xIoT report provides guidance on current threats

In its new xIoT Threat & Trend Report, Phosphorus Labs provides an overview of the top security issues facing today’s enterprise-grade IoT, OT, and networking devices. The report includes key findings from the company’s five years of research and field testing, “to help corporate security teams better understand the risks posed by xIoT devices.”

Some of Phosphorus Labs’ safety findings include:

  • 99% of xIoT device passwords do not comply with best practices
  • 68% of xIoT devices have high-risk or critical vulnerabilities (CVSS score of 8-10)
  • 80% of security teams cannot identify the majority of their xIoT devices

Phosphorus notes that the report also highlights specific xIoT devices that enterprise security teams need to pay close attention to. As a result, Phosphorus Labs’ “Top 10 Worst xIoT Offenders” list includes several high-risk devices that are often overlooked. These include server racks/cabinets and KVM switches, as well as easy-to-exploit office devices such as connected printers and VoIP phone systems.