By 2020 it's estimated the number of unmanaged devices will bypass the number of managed devices within a typical organization. These unmanaged devices don't have typical policies or endpoint controls which makes it extremely difficult to understand how they communicate with the network. This lack of visibility makes it virtually impossible to understand what an organization's true threat landscape is. This workshop is the culmination of more than a year of research into identifying unmanaged devices using behavioral cues fundamental to how IoT devices function. This method can be used to understand risks associated with unmanaged IoT devices, including: Has this device provided an entry point into your organization that either completely or partially bypasses your defenses? Do they connect/talk to official resources? Are they trying to? Are these systems participating in any attacks that could affect the reputation of your organization? Ahead of Black Hat 2019, Microsoft released a report on Russia's APT28 using IoT devices as gateways into the network, which highlights that not all environments are segmented the way you'd expect. This workshop will include a demo of an instance from Awake's third-party testing efforts that model this scenario (and more) perfectly.