Claroty Archives - Network Security Blog

Only one Too Long; Did Read post this week, The State of XIoT report for 1H 2022 by Claroty’s Team82. The content and analysis of this report was uneven. There is a lot to commend the team for, but also significant sections that left me shaking my head. This is a reimagining of previous reports, so it’s hopeful that future Claroty reports will build on the better aspects of this one.

Regwall: Yes, https://claroty.com/resources/reports/state-of-xiot-security-1h-2022

Target Audience: IoT (or XIoT) experts

Length & Read time: 35 pages, 30-60 minutes, longer if you are not an IoT expert. I finished reading the report in 75 minutes but required extra time to review some of the terminology and the Purdue Model.

Grade: B. Despite some parts being hard to digest, this has more going for it than most.

Overall Impression: I dislike the creation of new initialisms/acronyms in reports, but I think Claroty can get away with it this time. ‘XIoT’ stands for the Extended Internet of Things, meaning medical devices, video cameras, embedded devices, and a whole host of other general connected ‘things’. However, the report often uses the initialism for many of these things without clarifying what they mean and how they are used in the report. Lack of definition is a reoccuring theme of the report, from defining terms, to explaining the statistics used, to plots with no titles or captions.

Be prepared to spend some time identifying and understanding the most important parts of this report on your own. Most of the text is a reading of the visualizations, with confusing context and analysis. It may be because IoT/XIoT isn’t my main area of interest, but I think it’s because I don’t like having plots read at me. The writers left too much to the reader to figure out.

Despite the uneven delivery of the report, I still suggest reading it if you’re interested in IoT in its myriad forms. Several sections contain Key Events and are worth reading on their own. More than anything else, it’s the Mitigations/Remediations section I would point readers at, starting on page 22. Not only does Team82 give specific suggestions, they provide data to show why specific recommendations should be the reader’s priority. This section is why think the report is above average, but in need of tender loving care and focus to make it truly shine.

Tag: Claroty

You don’t have to be an expert, but it helps – Team82 State of XIoT 1H22

Recent Posts

Recent Comments

Archives

Categories