​Securing your vehicles, 医疗设备, 以及所有相关的东西.

Smart cars. 智能安防摄像头. 智能医疗植入物. 甚至是智能冰箱里的智能蛋盘. 你周围的一切都是相互联系和交流的, swapping data with other devices and uploading it to the global internet to help your automobile, home, factory, business, 身体表现更好. It's hard to argue IoT's popularity and pervasiveness—or its value.

But as these devices become more integral to our lives, the need to secure them grows at pace. 许多人容易受到漏洞的影响, yet, despite this, security teams often can't dedicate either the time or the expertise to secure connected devices on their own. 幸运的是,你不必一个人去做. 你有Rapid7.


Our team of experts is ready to identify and mitigate risk across your IoT ecosystem.

Contact Us


Whether you’re creating a new IoT product or deploying an IoT solution, our experienced and skilled consultants will help you identify risk and vulnerabilities, and apply solutions to mitigate security issues across your IoT ecosystem.

Rapid7 understands the complexity of IoT and connected systems and will assess the highest risk systems and communications, 所以你可以专注于重要的入口点. 与你的团队紧密合作, we’ll develop comprehensive threat models of your entire system that can evolve and live with your complete product lifecycle and help you identify and mitigate the most critical issues, as well as provide a document of your product’s security posture.

Designing hardware is often the first step of a major project and can determine your limitations and weaknesses. This service provides your engineers with one-on-one time with our security consultants during design time. We offer consulting from the ground up so that hardware issues don’t become the Achilles heel of your software security architecture.

Our penetration and system analysis testing goes beyond basic analysis to consider the whole ecosystem of the IoT technology, covering every segment and how each impacts the security of the whole. 我们的测试包括物联网移动应用程序, cloud APIs, 通信和协议, 以及嵌入式硬件和固件.

Rapid7 will examine the physical security and internal architecture of the device – including internal components – to determine the breadth and depth of its physical attack surface. 此服务可能包括组件指示, 固件提取, 测试点识别, and reconfiguring the device’s hardware to bypass authentication, 拦截交通, and/or inject commands that may pose a significant risk to your organization and clients.

Rapid7将测试设备之间的通信. This includes testing the cryptographic security of encrypted transmissions, 获取和修改数据传输的能力, 以及通信协议的模糊化. We will assess the security of communication protocols and determine the risk to your organization and clients.

Rapid7 will extract and examine the content of the firmware in an attempt to discover backdoor accounts, 注塑缺陷, 缓冲区溢出, 格式字符串, 还有其他的弱点. We will also assess the device's firmware upgrade process for vulnerabilities and perform a secure boot review process to ensure that public key encryption and upgrade functionality is secure.

After an attack, getting information from anything more than device logs can be a non-trivial task. Rapid7’s hardware teams can assist in pulling information directly from a product. This service is focused mainly on criminal cases and law enforcement; often, IoT devices have tracking and recording capabilities not publicly exposed. Our incident response team can determine what information is available for use in an investigation.


Planes, trains, and automobiles – or any things that move – often have complex security requirements. And while many security companies simply add encryption or an IDS solution, this just increases overhead and costs without addressing the real problem. Rapid7超越了对CAN的理解, LIN, FlexRay, and other network protocols to provide assessments and recommendations that won’t affect your product's performance, 但会解决你的特殊需求和担忧.



Internet of Things: The Relationship Between IoT and Security

Deral海兰德, Rapid7的物联网研究主管, discusses how the Internet of Things is becoming part of everyday life, and how monitoring its exposure directly on to the internet is critical for security.

Internet of Things: The Relationship Between IoT and Security物联网:物联网研究方法论物联网:Rapid7的物联网服务

Deral海兰德, CISSP, 在资讯科技方面有超过二十年的经验, and has held multiple positions including: Senior Network Analyst, 网络管理员, 数据库管理器, Financial Systems Manager and Senior Information Security Analyst. Over the last 8+ years Heiland’s career has focused on security research, 安全评估, 渗透测试, 为企业和政府机构提供咨询服务. Heiland has conducted security research on numerous technical subjects, 发布白皮书, 安全警告, and presenting at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, Hackcon挪威, 和Hack In Paris. Heiland’s commentary has appeared in several media outlets and publications including 美国广播公司世界新闻, Bloomberg UTV, MIT Technical Review, MSNBC, SC Magazine, Threat Post and The Register.