* [Blog](https://www.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/) * [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/) * 4 Steps to Reduce IoT Ris... # 4 Steps to Reduce IoT Risk in Your Enterprise [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2020%2F03%2Fnetwork-iot-devices%2F) [](https://twitter.com/share?text=4+Steps+to+Reduce+IoT+Risk+in+Your+Enterprise&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2020%2F03%2Fnetwork-iot-devices%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2020%2F03%2Fnetwork-iot-devices%2F&title=4+Steps+to+Reduce+IoT+Risk+in+Your+Enterprise&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2020/03/network-iot-devices/&ts=markdown) \[\](mailto:?subject=4 Steps to Reduce IoT Risk in Your Enterprise) Link copied By [Mitchell Bezzina](https://www.paloaltonetworks.com/blog/author/mitchell-bezzina/?ts=markdown "Posts by Mitchell Bezzina") Mar 10, 2020 5 minutes [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [enterprise security](https://www.paloaltonetworks.com/blog/tag/enterprise-security/?ts=markdown) [Internet of Things](https://www.paloaltonetworks.com/blog/tag/internet-of-things/?ts=markdown) [IoT](https://www.paloaltonetworks.com/blog/tag/iot/?ts=markdown) The enterprise internet of things (IoT) is rapidly growing, paving the way for innovative new approaches and services in all industries, such as healthcare and manufacturing. Consequently, this is also opening the door for new cybersecurity risks. [Unit 42 recently](https://start.paloaltonetworks.com/unit-42-iot-threat-report) analyzed 1.2 million IoT devices in thousands of physical locations across enterprise IT and healthcare organizations in the United States. The study found that 98% of all IoT traffic is unencrypted and 57% of IoT devices are vulnerable to medium- or high-severity attacks. This provides low-hanging fruit to attackers, and enterprises are at risk for having personal and confidential data exposed on the network. While the surge in IoT devices on corporate networks continues to blossom, there are some steps organizations can take immediately to reduce exposure to IoT-initiated attacks. While these steps won't eliminate all risk, security teams can deploy them quickly, removing some of the easiest targets for attackers. **Step 1: Know your risk -- discover IoT devices on the network** Unit 42's latest report found that [30% of network-connected devices in an average enterprise are IoT assets](https://unit42.paloaltonetworks.com/iot-threat-report-2020/), and this excludes smartphones. Unfortunately, most organizations are unaware of these devices and fail to manage their security posture or risk profile. Using intelligent device scanning and profiling, your IT security teams can gain insight into what IoT devices are connected to the network, their risk profiles and their network behavior when interacting with other devices on the network. Today's [advanced IoT security solutions](https://www.paloaltonetworks.com/blog/2019/10/zingbox-iot-guardian/?ts=markdown) also use machine learning to identify unknown IoT devices and detect malicious network communication patterns before significant damage is caused. **Step 2: Patch printers and other easily patchable devices** It's important to ensure that all IoT devices are running on the latest software and kept up-to-date. An easy way to start decreasing your attack surface is to patch printers and other devices that are easily patchable. The 2020 Unit 42 IoT Threat Report showed that printers and security cameras are the most abundant and vulnerable devices across enterprise networks. Specific industries -- for instance, healthcare -- may have other devices that are abundant and need to be patched, such as imaging and patient monitoring systems. Once you've completed initial IoT discovery to find all the devices on your network, we recommend investing in the security posture of the most abundant network-connected devices in your enterprise. Work with their respective vendors on a patch-management strategy that creates routine maintenance moving forward and reduces overall risk. **Step 3: Segment IoT devices across VLANs** A practice becoming more common for organizations is network segmentation. While it can be tedious to set up, it yields strong security benefits across the entire enterprise, stopping lateral movement of exploits, reducing the attack surface and minimizing any aftermath damage. By leveraging VLAN configurations as well as firewall policies, organizations can effectively implement network segments. A best practice for segmenting an organization's network is to base it on device type, threat levels, usage patterns, and other device profile characteristics. Moreover, inter-segment access and north-south communication should be strictly guarded by the network boundary, switch ACLs, and firewall policies. This essentially creates a strong perimeter defense around network tiers or security zones that protect confined IoT and IT assets, based on their assigned security value or significance to the organization. **Step 4: Enable active monitoring** Once IoT devices on the network have been identified, patched and segmented, it's important to continue monitoring in order to accurately discover attacks, identify vulnerabilities and analyze the behavior of all network-connected devices. This monitoring solution must also be able to scale and run continuously, providing updates in real-time. Typically, sophisticated IoT solutions run in highly scalable cloud architectures and rely heavily on machine learning to discern profile devices and alert security teams about anomalies. Continuing to monitor your network-connected IoT devices will enable you to adapt your security policies as necessary, reduce risk and maintain a strong security posture. ##### **Facing the Challenges of Enterprise IoT** With so many network-connected devices in your organization, it can be a challenge for security teams to keep pace and mitigate risk as each new device type presents a possible new threat vector. Properly classifying IoT devices, keeping software up-to-date with the latest patches, segmenting your network and enabling active monitoring ensures IoT devices are granted access to appropriate resources and placed in the right network segments. This effectively lessens the risk of threats to other resources and networks and reduces your overall attack surface. After following these steps to reduce IoT risk, we suggest creating an effective IoT strategy that will prepare your organization for the long term. For more information and IoT best practices your organization can deploy, read the full [2020 Unit 42 IoT Threat Report](https://start.paloaltonetworks.com/unit-42-iot-threat-report). ##### **Intelligent Network Security: LinkedIn Live Broadcast** AJ Shipley, vice president of product, and Paul Calatayud, Americas CSO, appeared on LinkedIn Live to answer questions about the industry's first ML-Powered NGFW. [Watch the event on-demand](https://www.linkedin.com/video/live/urn:li:ugcPost:6681933905844584448/). *** ** * ** *** ## Related Blogs ### [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown) [#### Tapping the True Potential of the 5G Digital Economy](https://www.paloaltonetworks.com/blog/2020/02/network-5g-digital-economy/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### Made for Each Other: AI and IoT](https://www.paloaltonetworks.com/blog/security-operations/made-for-each-other-ai-and-iot/) ### [5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown) [#### Top 5 5G Security Considerations for Enterprises](https://www.paloaltonetworks.com/blog/2020/09/netsec-top-5-5g-security-considerations/) ### [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [#### 4 Best Practices for Zero Trust for IoT](https://www.paloaltonetworks.com/blog/2020/09/zero-trust-for-iot/) ### [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [#### Announcing IoT Security: No Organization Is Protected Without It](https://www.paloaltonetworks.com/blog/2020/06/network-iot-security/) ### [5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown) [#### The Right Approach to Securing 5G](https://www.paloaltonetworks.com/blog/2020/05/network-securing-5g/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language