Securing IoT and OT Devices Amid Ransomware ThreatsDaniel dos Santos of Forescout Technologies on How to Stay Ahead of the Curve
IoT and OT devices, which include network-attached storage devices, hold valuable data that ransomware groups seek to compromise. NAS devices are often exposed on the internet and lack the robust security measures found in other endpoints.
Engineering workstations provide a bridge between IT and OT networks, making them appealing entry points for attackers seeking to affect operational technology, said Daniel dos Santos, head of security research at Forescout Technologies. Implementing endpoint detection and response on IoT and OT devices is challenging due to a lack of agent support and specific security features, he said.
Dos Santos also discussed using generative AI from offensive and defensive perspectives. "We keep an eye out on the threat landscape - what attackers are doing, what kinds of devices they're leveraging - and try to keep track of how that threat landscape evolves," he said. "Understanding all these new types of devices that are always emerging - whether that is in the medical field/healthcare, industrial control systems, or just consumer IoT, enterprise, IoT, and so on - the new extended attack surface is something that we're looking at."
In this video interview with Information Security Media Group at Black Hat USA 2023, Dos Santos also discussed:
- Monitoring network behavior and communication protocols for detecting anomalies and potential attacks;
- The use of generative AI in enhancing the speed and volume of attacks on medical devices;
- Data tampering and its impact on threat detection.
Dos Santos leads a team of researchers at Forescout Technologies that identifies new vulnerabilities and monitors active threats. He has published over 30 journal and conference papers on cybersecurity and has spoken at conferences such as Black Hat, Hack In The Box and x33fcon.