The riskiest device types by domain, according to ForeScout, include application delivery controllers and firewalls, on the IT side; NVRs, NAS, VoIP, and IP cameras in IoT; and universal gateways and building management systems in OT.
Matt Middleton-Leal, managing director for EMEA at Qualys, says that visibility, vulnerability remediation, and network segmentation need to be treated as more important internally if CISOs want to get support for security remediation projects.
“There are two issues here: how to get complete visibility of all your IT assets, and why end-of-life software or hardware still exists within the business,” Middleton-Leal says. “For CISOs, dealing with these issues involves working with the business around risk.”
