The runZero Research Report highlights the challenges organizations face as IT and OT systems merge, increasing the attack surface and exposing critical infrastructure assets to external networks [5].


Outlier devices [1] [2] [3] [4] [5], which show unique characteristics compared to their neighbors [5], are identified as being at higher risk of potential attacks. Security teams often struggle with limited visibility into physical devices and network “dark matter,” complicating their efforts to secure enterprise networks. Additionally, the presence of end-of-life hardware and operating systems poses a significant security risk, with issues such as unexpected IP-forwarding behavior in devices like printers and network-attached storage devices compromising network segmentation controls [5]. Insecure authentication methods [1] [2] [3] [5], such as password-based SSH authentication and hardcoded cryptographic keys [5], leave systems vulnerable to brute force attacks. Outdated TLS implementations and vulnerabilities in RDP configurations further expose systems to potential compromise [5].

runZero’s research emphasizes the importance of outlier analysis in quickly identifying vulnerable systems within an organization’s environment. The unique fingerprinting method used aids in determining the versioning of services based on their behavior. While improvements have been made in RDP security on Windows systems, Linux-based RDP implementations and older configurations on Windows systems remain susceptible to security risks. Security teams lack visibility into over half of physical devices on their networks [1] [2] [3], with “dark matter” devices making up 19% of enterprise networks [3]. SMBv1 is still enabled on 13% of Windows systems [3]. Zero-day attacks at the network edge have increased [4], and vulnerabilities in services like SSH and TLS pose risks. runZero’s research focuses on identifying at-risk devices through precise fingerprinting and fast outlier analysis [2] [3] [4], providing organizations with comprehensive security visibility [2] [4].


The merging of IT and OT systems presents challenges for organizations, with increased attack surfaces and exposure of critical infrastructure assets. To mitigate risks, security teams must prioritize outlier analysis, improve visibility into physical devices [4] [5], and address vulnerabilities in authentication methods and outdated TLS implementations. The findings of runZero’s research underscore the importance of proactive security measures to protect against potential attacks and ensure comprehensive security visibility.