Rise of the Machines The State of IoT, OT, and Agentless Devices
"Rise of the Machines: The State of IoT, OT, and Agentless Devices — Report 2024" is Ordr's annual data report analyzing the real-world security posture of agentless and unmanaged devices across enterprise networks. Drawing from analysis of over 100 million device profiles, it quantifies exactly how large the blind spot is, how risky those blind spots are, and what the attack pathways look like — making the case with data rather than theory.
What you'll learn
- 42% of enterprise assets are agentless — and they carry 64% of mid-to-high risk. IoT, OT, facilities, and specialty devices are both the majority of your unseen attack surface and disproportionately the most dangerous, since they lack authentication, encryption, and the ability to run security agents.
- Shadow IoT is bigger and stranger than most teams realize. The average enterprise network contains 50+ banned or high-risk devices — including Teslas, PlayStation consoles, Peloton bikes, and robot vacuums — sitting alongside critical systems, often without any segmentation.
- Coverage gaps persist even for manageable devices. Only 84% of EDR-capable devices actually have EDR installed; only 1 in 3 manageable devices are actually managed. The security tool deployment problem isn't just about IoT — it's across the board.
- 85% of healthcare VLANs are polluted with mixed assets. Only 5% of VLANs contain exclusively the device type they're meant to — meaning critical and legacy devices routinely share network segments, and 40,000 lateral movement attacks were detected in 2024 alone.
Access resource
Rise of the Machines The State of IoT, OT, and Agentless Devices
- Why are agentless devices so much riskier than their numbers suggest?
- CVSS scores alone don't tell the full story. Agentless devices account for only 21% of devices with critical CVSS scores, yet represent 64% of actual enterprise risk — because context matters: these devices often sit in sensitive locations, connect to critical systems, and can't be patched or monitored conventionally.
- What makes Shadow IoT such a serious threat?
- Consumer devices like gaming consoles and smart TVs connect both internally and externally, introducing unmonitored communication pathways with no security controls, no ownership accountability, and often no awareness that they're even on the network.
- How exposed are devices to the internet?
- 35.7% of enterprise devices have external network connections, and 14% of agentless devices connect to both the internet and internal networks — communicating with an average of 6.2 other internal devices, creating significant blast radius if compromised.
- What's the recommended path forward?
- A four-phase maturity model: (1) identify all assets, managed and unmanaged; (2) assess risk in context of device role, location, and connectivity; (3) remediate strategically by prioritizing business-critical risks; and (4) implement proactive, continuously adaptive policies like microsegmentation.
This resource is published by ORDR, the connected asset security company. ORDR delivers AI-powered visibility, risk assessment, and automated protection for IoT, OT, and IoMT devices across healthcare, manufacturing, government, and financial environments. Browse all resources →