DEVICES, INDUSTRIAL IOT
Businesswire | April 18, 2023
Armis, the leading asset visibility and security company, today released new research identifying the top connected medical and IoT devices that are exposed to malicious activity in clinical environments. Data analyzed from the Armis Asset Intelligence and Security Platform, which tracks over three billion assets, found nurse call systems to be the riskiest* IoMT device, followed by infusion pumps and medication dispensing systems. When looking at IoT devices, IP cameras, printers and Voice Over Internet Protocol (VoIP) devices are topping the list.
By 2026, smart hospitals are expected to deploy over 7 million IoMT devices, doubling the amount from 2021. Medical and non-medical devices are increasingly connected, automatically feeding patient data from monitoring devices into electronic records. These connections and communications within a medical environment help improve patient care but also make it increasingly vulnerable to cyberattacks, which could result in the interruption of patient care.
Upon a comprehensive analysis of the data from all connected medical and IoT devices on the Armis Asset Intelligence and Security Platform, several noteworthy conclusions can be drawn
Nurse call systems are the riskiest connected medical device, with 39% of them having critical severity unpatched Common Vulnerabilities and Exposures (CVEs) and almost half (48%) having unpatched CVEs.
Infusion pumps are second, with 27% having critical severity unpatched CVEs and 30% having unpatched CVEs.
Medication dispensing systems are in third place, with 4% having critical severity unpatched CVEs, but 86% having unpatched CVEs. Moreover, 32% run on unsupported Windows versions.
Almost 1 in 5 (19%) connected medical devices are running unsupported OS versions.
More than half of IP cameras we monitored in clinical environments have critical severity unpatched CVEs (56%) and unpatched CVEs (59%), making it the riskiest IoT device.
Printers are the second riskiest IoT device in clinical environments, with 37% having unpatched CVEs, and 30% having critical severity unpatched CVEs.
VoIP devices are in third place. Although 53% of them have unpatched CVEs, only 2% have critical severityunpatched CVEs.
“These numbers are a strong indicator of the challenges faced by healthcare organizations globally. Advances in technology are essential to improve the speed and quality of care delivery as the industry is challenged with a shortage of care providers, but with increasingly connected care comes a bigger attack surface,” said Mohammad Waqas, Principal Solutions Architect for Healthcare at Armis. “Protecting every type of connected device, medical, IoT, even the building management systems, with full visibility and continuous contextualized monitoring is a key element to ensuring patient safety.”
Armis secures all medical assets and patient care environments in some of the largest healthcare delivery organizations around the world:
“Armis appeared to be a good alternative for us because it immediately provided us with visibility into what devices were plugging into the network. It shows us how they are interacting with each other, creates alerts based on observed behavior and enforces firewall rules based on those alerts,” said Brian Schultz, Director of Network Operations and Security, Burke Rehabilitation Hospital.
“Metrics and accountability are key to understanding how to protect the hospital’s network, and Armis has a major role in making the relevant data available to us in an easy-to-access manner. It has definitely filled in the gaps in our security arsenal by uncovering risks we never knew about previously. At first, I thought Armis was a nice-to-have, but now it’s become an integral part of our cyber defense,” said Dr. Michael Connolly, Chief Information Officer (CIO), Mater Misericordiae University Hospital.
KLAS Research recently named Armis a top performer at the 2023 Best in KLAS Software & Services Report for Healthcare IoT Security. To learn more about how Armis enables healthcare organizations to identify and secure IoMT, IoT, OT and IT assets
Armis is attending HIMSS April 17-21, 2023 in Chicago, IL with a speaking session taking place on Wednesday, April 19, 2023 from 3:45pm - 4:05pm CT titled: Hackers Rush in Where Agents Fear to Tread. To meet with Armis at HIMSS, please visit booth 2276 or Kiosk 4309-48 in the Cyber Command Center.
Armis, the leading asset visibility and security company, provides the industry’s first unified asset intelligence platform designed to address the new extended attack surface that connected assets create. Fortune 100 companies trust our real-time and continuous protection to see with full context all managed, unmanaged assets across IT, cloud, IoT devices, medical devices (IoMT), operational technology (OT), industrial control systems (ICS), and 5G. Armis provides passive cyber asset management, risk management, and automated enforcement. Armis is a privately held company and headquartered in California.
Businesswire | April 19, 2023
Everynet, one of the world’s largest network operators for national LoRaWAN® networks, announces it is working with Amazon Web Services (AWS) to offer long-range wide area network connectivity on the providers’ carrier-grade national LoRaWAN networks around the world.
AWS IoT Core for LoRaWAN is a fully managed LoRaWAN Network Server (LNS) that allows customers to connect wireless devices to AWS using the low-power LoRaWAN technology.
Now, with Everynet’s nationwide, neutral-host LoRaWAN networks, AWS IoT Core for LoRaWAN provides a seamless way to help AWS customers simply connect devices at scale to the cloud without having to deploy and manage the radio networking infrastructure, such as gateways and connectivity backhaul. This eliminates the need to build out and manage dedicated LoRaWAN networks.
The network is available now to AWS customers across Everynet’s national LoRaWAN network footprint in the United States, with plans to expand globally in the coming months.
Low-cost connectivity. Users can avoid the expense and long-term resource investment needed to implement and manage a dedicated LoRaWAN network. It requires no upfront network CAPEX and connectivity is consumed on an ultra-low-cost messaging plan.
Expediate time to market. Quickly and securely connect LoRaWAN devices to the cloud – at scale – via AWS IoT Core for LoRaWAN, reducing the time to deployment from months to minutes and speeding time to revenue.
Simplified billing. With AWS IoT Core for LoRaWAN, powered by Everynet connectivity, customers will receive a single, consolidated bill from AWS encompassing messaging and connectivity. There are no upfront commitments or minimum fees. Subscribers receive simple, transparent billing directly from AWS. Participation in the public preview is free of charge.
"AWS IoT Core for LoRaWAN with Everynet connectivity provides customers with a low-cost, plug-and-play solution that simplifies the process of connecting wireless devices to the cloud at scale,” explains Vitaly Kleban, Everynet co-founder and CTO. "From the start, we have been dedicated to making LoRaWAN more accessible to help address environmental, business, and societal challenges. Working with AWS to offer our carrier-grade LoRaWAN national network to their customers across our global network footprint is a big step forward in that accessibility. This simplifies and reduces the expense of connecting wireless devices to the cloud at scale."
“LoRaWAN is becoming the technology of choice for IoT deployments that require long range and low power consumption,” said Yasser Alsaied, Vice President of IoT at AWS. “LoRaWAN network operators are building new types of public infrastructure to meet future IoT networking requirements. Enabling our customers to deploy LoRaWAN devices using public networks not only reduces deployment efforts, but also brings new business opportunities for our customers. Working with Everynet was the natural next step for us as we expand our efforts to support the LoRaWAN landscape.”
Quext, a leader in smart multi-unit dwelling technology, is currently using AWS IoT Core, with Everynet LoRaWAN connectivity, to operate a LoRaWAN device that enables building managers and residents to control smart door locks and thermostats through a single application. “At Quext, we’re focused on delivering cost-effective and streamlined smart apartment technology that boosts property values, simplifies building management and improves resident satisfaction. Access to the Everynet LoRaWAN network globally through AWS IoT Core is providing us with the most efficient and immediate way to meet this goal,” explains Tray Johnson, CTO at Quext.
Everynet is a global LoRaWAN® network operator and provides carrier grade networks in Asia, EMEA and the Americas. Everynet’s Neutral Host Network model enables Mobile Network Operators (MNOs), Mobile Virtual Network Operators (MVNOs) and global Managed Service Providers (MSPs) to offer ultra-low cost IoT immediately and profitability with ZERO upfront capital expenditure. Everynet makes IoT accessible across any industry to enable enterprise-grade solutions and is deployed using LoRaWAN® technology, the globally adopted open standard for IoT connectivity.
ENTERPRISE IOT, INFRASTRUCTURE
Keyfactor | March 16, 2023
On March 15, 2023, Keyfactor, the enterprise machine and IoT identity platform, joined the Connectivity Standards Alliance (CSA). CSA is a leading organization that develops and promotes open, universal standards for safer product interaction and connection. Keyfactor's CSA membership affirms the company's approach to authentication and trust between connected devices and applications, joining 260+ innovative brands like Amazon, Apple, and Google.
IoT product manufacturers must enhance the overall security and consumer experience as connected devices become more widespread. As an industry leader in IoT security, Keyfactor recognizes the challenges of device manufacturing. As a new CSA member, the organization will continue to play an essential role in making way for a secure, connected future.
Keyfactor's PKI-based digital integrity and identity capabilities support every aspect of digital trust for Matter-certified devices. Its certificate lifecycle management, common criteria certified PKI, and code-signing technologies provide complete control over the security embedded in IoT products and devices.
Ellen Boehm, SVP of IoT Strategy and Operations at Keyfactor, shared, "Manufacturers continue to grapple with IoT product security implementation; currently, there is a missing link in true authentication and trust between devices and applications that exist in secure IoT systems." She added, "Joining CSA alongside other IoT innovators, many of which are existing Keyfactor customers, will widen our reach and sustain our commitment towards helping IoT OEMs around the globe achieve reliable, secure connectivity."
(Source – Business Wire)
Keyfactor is the trusted name in machine and IoT identity management. The company's end-to-end solutions provide secure authentication and unique identity management for devices, transactions, and workloads. Its identity-first approach to security ensures organizations have the tools to create a secure digital ecosystem, reducing risk and protecting against cyber threats. Keyfactor's merger with PrimeKey in 2021 combined the world's most widely used and trusted PKI solution (PrimeKey EJBCA) with Keyfactor's end-to-end machine identity management platform.