(IoT) Security
advertisement
Internet Of Things (IoT) Security: Understanding The Challenges While Mitigating the Risks Demetris Booth, APJC Lead – Product Management & Product Marketing Agenda • Overview & Benefits • Security Challenges • Mitigating Challenges • • High Level View Technical View • Bringing It All Together Presentation_ID Cisco and/or its affiliates. All rights reserved. Cisco Public IoT Is Here Now – and Growing! 50 Billion “Smart Objects” 40 30 20 10 Billions of Devices 50 Inflection point Adoption rate of digital infrastructure: 5X faster than electricity and telephony 25 12.5 World Population 6.8 0 7.2 7.6 Timeline 2010 Presentation_ID 2015 Cisco and/or its affiliates. All rights reserved. 2020 Cisco Public Relation to Internet of Everything (IoE) Networked Connection of People, Process, Data, Things Process People Connecting people in more relevant, valuable ways Delivering the right information to the right person (or machine) at the right time IoE Things Data Physical devices and objects connected to the Internet and each other for intelligent decision making Leveraging data into more useful information for decision making IoE: Connecting the Unconnected to Generate Business Value Presentation_ID Cisco and/or its affiliates. All rights reserved. Cisco Public IoT Delivers Extraordinary Benefits What Comprises IoT Networks? Information Technology (IT) Presentation_ID Operational Technology (OT) 7 Cisco and/or its affiliates. All rights reserved. Smart Objects Cisco Public Smart City Reduced congestion Improved emergency services response times Lower fuel usage Increased efficiency Power and cost savings New revenue opportunities Efficient service delivery Increased revenues Enhanced environmental monitoring capabilities Safety, financial, and environmental benefits Presentation_ID 8 Cisco and/or its affiliates. All rights reserved. Cisco Public The Connected Car Online entertainment Mapping, dynamic re-routing, safety and security Transform “data” to “actionable intelligence” Enable proactive maintenance Collision avoidance Fuel efficiency Reduced congestion Increased efficiency Safety (hazard avoidance) Actionable intelligence, enhanced comfort, unprecedented convenience Presentation_ID 9 Cisco and/or its affiliates. All rights reserved. Cisco Public IoT Transforms Data into Wisdom More Important Wisdom (Scenario Planning) Knowledge Information 01010100101010101010101010101 01010101010001010100101010101 01110101010101010101 Data Less Important Big Data Becomes Open Data for Customers, Consumers to Use Presentation_ID 10 Cisco and/or its affiliates. All rights reserved. Cisco Public … but it also adds complexity. New Business Models Partner Ecosystem Applications Application Interfaces Unified Platform Infrastructure Interfaces Infrastructure Presentation_ID 11 Cisco and/or its affiliates. All rights reserved. Cisco Public … but it also adds complexity. APPLICATION AND BUSINESS INNOVATION New Business Models Partner Ecosystem Data Integration Big Data Analytics Applications Control Systems Application Interfaces Unified Platform PLATFORM APPLICATION ENABLEMENT Infrastructure Interfaces APPLICATION CENTRIC INFRASTRUCTURE Infrastructure Device and Sensor Innovation Presentation_ID 12 Cisco and/or its affiliates. All rights reserved. Cisco Public Application Integration The Flip Side: Major Security Challenges We’ve Created the Perfect Storm… > Device Explosion + > Connectivity Explosion + > Industrialization of Hacking + = > State Cyber Programs + > “Hactivism” Presentation_ID Cisco and/or its affiliates. All rights reserved. Cisco Public Security Challenges Traditional Security Challenges Increased Attack Surface Information Breach Data Privacy Presentation_ID Cisco and/or its affiliates. All rights reserved. Smart Objects 6 130 Devices Per Person Sensors Per Person Cisco Public IoT Security Challenges Superior Visibility Granular Control Advanced Threat Protection Actionable Intelligence Automated Decisions Advanced video analytics, remote management, and multi-site event correlation Differentiated policy enforcement across the extended network Comprehensive cyber security threat detection and mitigation Internetworked security solutions for superior intelligence and rapid response Machine-to-machine enabled security control with no human intervention required Presentation_ID Cisco and/or its affiliates. All rights reserved. Cisco Public IoT Expands Security Needs New Applications Threat Diversity Impact and Risk Remediation Protocols Compliance and Regulation Converged, Managed Network Resilience at Scale Security Distributed Intelligence IoT CONNECTIVITY Presentation_ID 17 Cisco and/or its affiliates. All rights reserved. Cisco Public Application Enablement Mitigating The Security Risk Across the Extended Network – The 20,000 FT View IT and OT are Inherently Different IT OT • Connectivity: “Any-to-Any” • Connectivity: Hierarchical • Network Posture: Confidentiality, Integrity, Availability (CIA) • Network Posture: Availability, Integrity, Confidentiality (AIC) • Security Solutions: Cybersecurity; Data Protection • Security Solutions: Physical Access Control; Safety • Response to Attacks: Quarantine/Shutdown to Mitigate • Response to Attacks: Non-stop Operations/Mission Critical – Never Stop, Even if Breached Presentation_ID 19 Cisco and/or its affiliates. All rights reserved. Cisco Public OT Config Mgmt Supervisory Automation & Control Presentation_ID 20 Cisco and/or its affiliates. All rights reserved. Secure Access Demilitarised Zone Identity Services DMZ Application Control Enterprise Network Network Security IT Cloud IT/OT Converged Security Model Cisco Public The Secure IoT Architecture – IT Plus OT! APPLICATION AND BUSINESS INNOVATION New Business Models Partner Ecosystem Data Integration Services Big Data Analytics Applications Control Systems Application Integration Cloud-based Threat Analysis / Protection Application Interfaces Network and Perimeter Security Application Enablement Platform Security Physical Security Infrastructure Interfaces Application Centric Infrastructure End-to-End Data Encryption Device and Sensor Innovation Presentation_ID 21 Cisco and/or its affiliates. All rights reserved. Device-level Security / Anti-tampering Cisco Public Cisco Security Model Attack Continuum BEFORE DURING AFTER Control Enforce Harden Detect Block Defend Scope Contain Remediate Network Endpoint Mobile Point in time Presentation_ID Cisco and/or its affiliates. All rights reserved. Virtual Cloud Continuous Cisco Public Security/Attack Continuum - IT BEFORE DURING AFTER Control Enforce Harden Detect Block Defend Scope Contain Remediate Cloud-based threat detection and prevention; policy enforcement via firewall, VPN and identity services Quarantine based on real-time analysis and actionable security intelligence from IPS and WSA Presentation_ID Cisco and/or its affiliates. All rights reserved. Remediate using advanced protection and network behavioral analysis Cisco Public Security/Attack Continuum - OT BEFORE DURING AFTER Control Enforce Harden Detect Analyze Respond Disable Contain Remove Networked cyber and physical security solutions with OT-specific policies Response based on real-time analysis and actionable security intelligence Presentation_ID Cisco and/or its affiliates. All rights reserved. Lockdown physical spaces or disable access to critical infrastructure Cisco Public Mitigating The Security Risk Across The Extended Network – Technical View Exposure In IoT Networks MITM • Sniff traffic • Modify data • Impersonation MITM • • • • Compromise Sniff traffic Modify data Impersonation Service disruption • Unauthorized use • Malware infection Compromise Compromise Hack Device • • • • Unauthorized access Device tampering Service disruption Sniff traffic • Unauthorized device • Device tampering • Malware infection Compromise • Unauthorized access • Device tampering • Service disruption • Sniff traffic • Unauthorized access • Device tampering • Service disruption • Sniff traffic management IoT device Presentation_ID aggregation core Cisco and/or its affiliates. All rights reserved. dataCisco center Public wan / internet [vpn] Required Security Model for IoT Attack Continuum BEFORE Before Control Discover Enforce Harden Enforce Harden Network as an Enforcer Presentation_ID DURING During Detect AFTER After Scope Block Defend Scope Contain Remediate Contain Remediate Network as a Sensor Network as a Mitigation Accelerator Cisco and/or its affiliates. All rights reserved. Cisco Public 27 BEFORE an attack management DURING an attack AFTER an attack www NF analyzer policy server (ISE) web security email security firewall ips advanced malware protection IoT device Presentation_ID aggregation core Cisco and/or its affiliates. All rights reserved. data center Cisco Public wan / internet [vpn] BEFORE an attack BEFORE an attack management Profiling • • • ISE builds device database by MAC address Profile with SNMP (LLDP), DHCP, NMAP, NetFlow drives MAC-based access policy ISE manages policy www NF analyzer policy server (ISE) web security Benefit • • • email security firewall ips advanced malware protection Visibility and access control MAC linked with device ID and location Custom access by device profile MAB IoT device Presentation_ID aggregation core Cisco and/or its affiliates. All rights reserved. data center Cisco Public wan / internet [vpn] BEFORE an attack management 802.1x • • Authenticates device before activating access ISE manages policy www NF analyzer policy server (ISE) web security email security Benefit • • • Operational simplicity and control Dynamic device authentication Single policy management firewall ips advanced malware protection IoT device Presentation_ID aggregation 802.1x 802.1x 802.1x core Cisco and/or its affiliates. All rights reserved. data center Cisco Public wan / internet [vpn] BEFORE an attack management SGT / SGACL • • • Tags traffic based on device policy Enforces access control based on tag ISE manages policy www NF analyzer policy server (ISE) web security email security Benefit • • • Operational simplicity and speed Dynamic, topology-independent enforcement Single access control policy firewall ips advanced malware protection SGT IoT device Presentation_ID aggregation SGT SGT SGT core Cisco and/or its affiliates. All rights reserved. data center Cisco Public wan / internet [vpn] DURING an attack DURING an attack management NetFlow Analyzer • • • Collect full NetFlow across network Detect behavioral anomalies ISE provides context www NF analyzer policy server (ISE) web security email security Benefit • • • • Full threat visibility Detect threats in any part of network Detect access abuse Detect attacks missed by security systems firewall ips advanced malware protection NF IoT device Presentation_ID aggregation NF NF NF core Cisco and/or its affiliates. All rights reserved. data center Cisco Public wan / internet [vpn] DURING an attack management IPS / AMP • Monitor traffic and file threats Benefit • • www NF analyzer policy server (ISE) web security email security Integrated advanced threat detection Detects advanced attacks and malware firewall ips advanced malware protection IoT device Presentation_ID aggregation core Cisco and/or its affiliates. All rights reserved. data center Cisco Public wan / internet [vpn] DURING an attack management WSA / ESA • • Reputation-based web threat blocking Reputation-based email threat blocking www NF analyzer policy server (ISE) web security email security Benefit • • Block advanced web / email threats Intelligence-driven threat detection IoT device Presentation_ID aggregation firewall ips advanced malware protection core Cisco and/or its affiliates. All rights reserved. data center Cisco Public wan / internet [vpn] AFTER an attack AFTER an attack management NF Analyzer • • • Record 90 days of communications activity Scope extent of breach Report policy and compliance www NF analyzer policy server (ISE) web security Benefit • • • email security firewall ips advanced malware protection Full Accountability Map threat trajectory Evidence-based auditing NF IoT device Presentation_ID aggregation NF NF NF core Cisco and/or its affiliates. All rights reserved. data center Cisco Public wan / internet [vpn] AFTER an attack management IPS / AMP • • • Retrospective analysis of threats Contain infected devices and files ISE provides quarantine www NF analyzer policy server (ISE) web security email security Benefit • • • Fast threat scoping and remediation Trace and eliminate infections with the click of a button Map threat trajectory IoT device Presentation_ID aggregation firewall ips advanced malware protection core Cisco and/or its affiliates. All rights reserved. data center Cisco Public wan / internet [vpn] Continuous IoT Threat Protection Advanced Malware Protection For IoT AMP for Networks AMP for Endpoints Detection Services & Big Data analytics ✖ ✔ On-Prem SSL:443 | 32137 proxy FireSIGHT Management Center SaaS Manager Heartbeat: 80 # FireSIGHT/ASA Sensor # The catch? Detection is “in the cloud”. AMP Malware license “On-prem” addresses cloud objections. Presentation_ID Cisco and/or its affiliates. All rights reserved. Cisco Public 44 Sophisticated and Continuous Protection Point-in-Time Protection Retrospective Security Breadth and Control points: WWW Email Network Endpoints IPS Web Devices Telemetry Stream One-to-One Fuzzy Signature Finger-printing Machine Learning Advanced Analytics Dynamic Analysis File Fingerprint and Metadata Continuous feed 1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110 0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 File and Network I/O Process Information File Reputation & Sandboxing Presentation_ID Cisco and/or its affiliates. All rights reserved. Continuous Analysis Cisco Public Analyse The IoT Threat! 1. Submission Analyst (portal) or system (API) submits suspicious sample to Threat Grid. 4. Enriched Content Integration Actionable intel generated that can be packaged and integrated in to a variety of existing systems 2. Proprietary Analysis An automated engine observes, deconstructs, and analyzes using multiple techniques. 3. Correlation at Unprecedented Scale System correlates sample result with millions of other samples / billions of artifacts. Presentation_ID Cisco and/or its affiliates. All rights reserved. Cisco Public 100I II0I III00II 0II00II I0I000 0II0 00 Endpoints Web II II0000I II0 Advanced Industry Disclosures WWW Email I00I II0I III00II 0II00II 101000 0110 00 I00I II0I III0011 0110011 101000 0110 00 Research Response 1100001110001III0 110000III000III0 1100001 110 101000 0II0 00 0III000 III0I00II Threat I00I III0I III00II 0II00II I0I000 0110 00 Intelligence 10I000 0II0 00 0III000 II1010011 101 Networks IPS Devices Outreach Activities Dynamic Analysis 100 TB Intelligence Threat Centric Detection Content 1.6M sensors 180,000+ Files per Day 150 million+ endpoints 1B SBRS Queries per Day Sandbox 35% email world wide 3.6PB Monthly though CWS VDB SEU/SRU Security Intelligence FireAMP™, 3+ million Email & Web Reputation 13B web req Presentation_ID Cisco and/or its affiliates. All rights reserved. Cisco Public Bringing It All Together Network-Wide Security with Differential Applications Security Activity IT • • Secure Access • Before • Role-based access for individuals and groups VPN/remote access for most systems throughout the network Complex passwords with lockout policies Tags traffic based on device policy Enforces access control based on tag • • • • • Role-based access to few individuals VPN to few systems and users Badge readers/integrated sensors Simplified passwords (except for the most critical systems) Enhanced segmentation for required groups only Dynamic, topologyindependent enforcement Security Group Tagging • Intrusion Prevention/Detection IPS – enforces policies IDS – sends security alert only Threat Mitigation Quarantine affected system Analysis of the threat to determine appropriate action Data Integrity and Confidentiality Data Loss Prevention (DLP) Combined physical and cybersecurity access controls During Network-wide Policy Enforcement After OT Differentiated actions based on value, function, and location of the device Retrospective Security Policies Presentation_ID • Cisco and/or its affiliates. All rights reserved. Centralised remediation and adaptation Cisco Public IoT Can Actually Increase Security Posture Network of Security Devices – Cyber Security Firewall, IDS – Physical Security NG Firewall IP cameras, badge readers, analytics IDS Security Intelligence Actionable Security Intelligence – Automated / M2M – Human Response Video+Analytics Remote Capabilities Secure Access – Configuration and Management – Collaboration Between Groups Presentation_ID 50 Cisco and/or its affiliates. All rights reserved. Cisco Public Conclusion: Securely Embrace IoT! New challenges require new thinking! – – – – avoid operational siloes networking and convergence are key a sound security solution is integrated throughout build for the future Security must be pervasive – inside and outside the network – device- and data-agnostic – proactive and intelligent Intelligence, not data – convergence, plus analytics – speed is essential for real-time decisions Presentation_ID 52 Cisco and/or its affiliates. All rights reserved. Cisco Public
