internet of things (iot) security - cisco.com · internet of things (iot) security: understanding...

Internet Of Things (IoT) Security: Understanding The Challenges While Mitigating the Risks

Demetris Booth, APJC Lead – Product Management & Product Marketing

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Agenda

• Overview & Benefits

• Security Challenges

• Mitigating Challenges • High Level View

• Technical View

• Bringing It All Together


7.2 6.8 7.6 World Population

Adoption rate of digital infrastructure:

5X faster than electricity and telephony

50 Billion

“Smart Objects”

50

2010 2015 2020

0

40

30

20

10 Bill

ions o

f D

evic

es

25

12.5

Inflection point

Timeline

IoT Is Here Now – and Growing!


Relation to Internet of Everything (IoE)

IoE

Connecting people in more relevant, valuable ways

People

Leveraging data into more useful information for decision making

Data

Delivering the right information to the right person (or machine) at the right time

Process

Physical devices and objects connected to the Internet and each other for intelligent decision making

Things

Networked Connection of People, Process, Data, Things

IoE: Connecting the Unconnected to Generate Business Value

IoT Delivers Extraordinary Benefits


What Comprises IoT Networks?

Information Technology

(IT)

Operational Technology

(OT)

Smart Objects

7


Smart City

Safety, financial, and environmental benefits

Reduced congestion

Improved emergency services response times

Lower fuel usage

Increased efficiency

Power and cost savings

New revenue opportunities

Efficient service delivery

Increased revenues

Enhanced environmental monitoring capabilities

8


The Connected Car

Actionable intelligence, enhanced comfort, unprecedented convenience

Online entertainment

Mapping, dynamic re-routing, safety and security

Transform “data” to “actionable intelligence”

Enable proactive maintenance

Collision avoidance

Fuel efficiency

Reduced congestion

Increased efficiency

Safety (hazard avoidance)

9


Big Data Becomes Open Data for Customers, Consumers to Use

More Important

Less Important

01010100101010101010101010101

01010101010001010100101010101

01110101010101010101

IoT Transforms Data into Wisdom

Wisdom (Scenario Planning)

Data

Information

Knowledge

10


… but it also adds complexity.

Application Interfaces

Infrastructure Interfaces

New Business Models Partner Ecosystem

Applications

Unified Platform

Infrastructure

11


… but it also adds complexity.




Applications

Device and Sensor Innovation

Unified Platform

Infrastructure

APPLICATION ENABLEMENT PLATFORM

APPLICATION CENTRIC INFRASTRUCTURE

APPLICATION AND BUSINESS INNOVATION

Data Integration Big Data Analytics Control Systems Application

Integration

12

The Flip Side: Major Security Challenges


We’ve Created the Perfect Storm…

> Device Explosion

> Connectivity Explosion

> State Cyber Programs

> Industrialization of Hacking

> “Hactivism”

+

+

+

+

=


Traditional Security Challenges

Increased Attack Surface

Information Breach

Data Privacy

Smart Objects

Devices

Per Person

Sensors

Per Person

6

130

Security Challenges


Superior Visibility

Advanced video analytics, remote management, and multi-site event correlation

Granular Control

Differentiated policy enforcement across the extended network

Advanced Threat Protection

Comprehensive cyber security threat detection and mitigation

Actionable Intelligence

Internetworked security solutions for superior intelligence and rapid response

Automated Decisions

Machine-to-machine enabled security control with no human intervention required

IoT Security Challenges


IoT Expands Security Needs

IoT CONNECTIVITY

Converged, Managed Network

Resilience at Scale Security Application Enablement

Distributed Intelligence

New Applications

Threat Diversity

Impact and Risk

Remediation

Protocols

Compliance and Regulation

17

Mitigating The Security Risk Across the Extended Network – The 20,000 FT View


IT and OT are Inherently Different

IT OT

• Connectivity: “Any-to-Any”

• Network Posture: Confidentiality, Integrity, Availability (CIA)

• Security Solutions: Cybersecurity; Data Protection

• Response to Attacks: Quarantine/Shutdown to Mitigate

• Connectivity: Hierarchical

• Network Posture: Availability, Integrity, Confidentiality (AIC)

• Security Solutions: Physical Access Control; Safety

• Response to Attacks: Non-stop Operations/Mission Critical – Never Stop, Even if Breached

19


IT/OT Converged Security Model

20

IT

DMZ

OT

Enterprise Network

Supervisory

Demilitarised Zone

Automation & Control

Ide

nti

ty S

erv

ice

s

Clo

ud

Ne

two

rk S

ec

uri

ty

Se

cu

re A

cc

es

s

Ap

pli

ca

tio

n C

on

tro

l

Co

nfi

g

Mg

mt


The Secure IoT Architecture – IT Plus OT!

Services




Applications

Device and Sensor Innovation

Application Enablement Platform

Application Centric Infrastructure

Security

APPLICATION AND BUSINESS INNOVATION

Data Integration

Big Data Analytics Control Systems

Application Integration

Network and Perimeter Security

Physical Security

Device-level Security /

Anti-tampering

Cloud-based Threat Analysis /

Protection

End-to-End Data Encryption

Services

21


Cisco Security Model

Attack Continuum

Network Endpoint Mobile Virtual Cloud

Point in time Continuous

Detect

Block

Defend

DURING BEFORE Control

Enforce

Harden

AFTER Scope

Contain

Remediate


Security/Attack Continuum - IT

Detect

Block

Defend


Enforce

Harden

AFTER Scope

Contain

Remediate

Cloud-based threat

detection and

prevention; policy

enforcement via

firewall, VPN and

identity services

Quarantine based

on real-time

analysis and

actionable security

intelligence from

IPS and WSA

Remediate using

advanced

protection and

network behavioral

analysis


Security/Attack Continuum - OT

Detect

Analyze

Respond


Enforce

Harden

AFTER Disable

Contain

Remove

Networked cyber

and physical

security solutions

with OT-specific

policies

Response based

on real-time

analysis and

actionable security

intelligence

Lockdown physical

spaces or disable

access to critical

infrastructure

Mitigating The Security Risk Across The Extended Network – Technical View


IoT device aggregation core data center

wan / internet [vpn]

management

Hack Device • Unauthorized device • Device tampering • Malware infection

MITM • Sniff traffic • Modify data • Impersonation

Compromise • Unauthorized access • Device tampering • Service disruption • Sniff traffic

MITM • Sniff traffic • Modify data • Impersonation • Service disruption

Compromise • Unauthorized

access • Device tampering • Service disruption • Sniff traffic

Compromise • Unauthorized

access • Device tampering • Service disruption • Sniff traffic

Compromise • Unauthorized use • Malware infection

Exposure In IoT Networks


Required Security Model for IoT

27

Before Discover

Enforce

Harden

During After Scope

Contain

Remediate

Attack Continuum

Network as

an Enforcer

Network as a

Mitigation Accelerator

Network as

a Sensor

Detect

Block

Defend


Enforce

Harden

AFTER Scope

Contain

Remediate


aggregation core data center

wan / internet [vpn]

firewall ips advanced malware protection

NF analyzer policy server (ISE)

www

web security email security

management

BEFORE an attack

DURING an attack

AFTER an attack

IoT device

BEFORE an attack


aggregation data center

BEFORE an attack



www


management

MAB

Profiling • ISE builds device database by MAC address • Profile with SNMP (LLDP), DHCP, NMAP,

NetFlow drives MAC-based access policy • ISE manages policy

Benefit • Visibility and access control • MAC linked with device ID and location • Custom access by device profile

wan / internet [vpn] core

IoT device



BEFORE an attack



www


management

802.1x 802.1x 802.1x

802.1x • Authenticates device before activating

access • ISE manages policy

Benefit • Operational simplicity and control • Dynamic device authentication • Single policy management


IoT device



BEFORE an attack



www


management

SGT SGT SGT

SGT / SGACL • Tags traffic based on device policy • Enforces access control based on tag • ISE manages policy

Benefit • Operational simplicity and speed • Dynamic, topology-independent

enforcement • Single access control policy

SGT


IoT device

DURING an attack



DURING an attack



www


management

NF NF NF

NetFlow Analyzer • Collect full NetFlow across network • Detect behavioral anomalies • ISE provides context

Benefit • Full threat visibility • Detect threats in any part of network • Detect access abuse • Detect attacks missed by security

systems NF


IoT device



DURING an attack



www


management

IPS / AMP • Monitor traffic and file threats

Benefit • Integrated advanced threat detection • Detects advanced attacks and malware


IoT device



DURING an attack



www


management

WSA / ESA • Reputation-based web threat blocking • Reputation-based email threat blocking

Benefit • Block advanced web / email threats • Intelligence-driven threat detection


IoT device

AFTER an attack



AFTER an attack



www


management

NF NF NF

NF Analyzer • Record 90 days of communications

activity • Scope extent of breach • Report policy and compliance

Benefit • Full Accountability • Map threat trajectory • Evidence-based auditing

NF


IoT device



AFTER an attack



www


management

IPS / AMP • Retrospective analysis of threats • Contain infected devices and files • ISE provides quarantine

Benefit • Fast threat scoping and remediation • Trace and eliminate infections with the

click of a button • Map threat trajectory


IoT device

Continuous IoT Threat Protection

Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public 44

Advanced Malware Protection For IoT

SaaS Manager

FireSIGHT/ASA Sensor

FireSIGHT Management Center

AMP Malware

license

#

✔ ✖

#

Detection Services &

Big Data analytics

AMP for Networks AMP for Endpoints

SSL:443 | 32137

Heartbeat: 80

The catch? Detection is “in the cloud”.

“On-prem” addresses cloud objections.

On-Prem

proxy


Sophisticated and Continuous Protection

Retrospective Security

Continuous Analysis

0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110 1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

Breadth and Control points:

File Fingerprint and Metadata

File and Network I/O

Process Information

Telemetry

Stream

Continuous feed

Web WWW

Endpoints

Network Email

Devices IPS

Point-in-Time Protection

File Reputation & Sandboxing

Dynamic

Analysis

Machine

Learning

Fuzzy

Finger-printing

Advanced

Analytics

One-to-One

Signature


Analyse The IoT Threat!

3. Correlation at Unprecedented Scale

System correlates sample result with millions

of other samples / billions of artifacts.

1. Submission

Analyst (portal) or system (API) submits

suspicious sample to Threat Grid.

2. Proprietary Analysis

An automated engine observes,

deconstructs, and analyzes

using multiple techniques.

4. Enriched Content Integration

Actionable intel generated that can

be packaged and integrated in to a

variety of existing systems


100 TB

Intelligence

1.6M sensors

150 million+

endpoints

35%

email world wide

FireAMP™, 3+

million

13B web req

180,000+ Files per

Day

1B SBRS Queries

per Day

3.6PB Monthly

though CWS

Advanced Industry Disclosures

Outreach Activities

Dynamic Analysis

Threat Centric Detection Content

SEU/SRU

Sandbox

VDB

Security Intelligence

Email & Web Reputation

Email Endpoints Web Networks IPS Devices

WWW

10I000 0II0 00 0III000 II1010011 101 1100001 110

110000III000III0 I00I II0I III0011 0110011 101000 0110 00

I00I III0I III00II 0II00II I0I000 0110 00

101000 0II0 00 0III000 III0I00II II II0000I II0

1100001110001III0 I00I II0I III00II 0II00II 101000 0110 00

100I II0I III00II 0II00II I0I000 0II0 00

Research Response

Threat

Intelligence

Bringing It All Together


Network-Wide Security with Differential Applications

Security Activity IT OT

Before

Secure Access

• Role-based access for

individuals and groups

• VPN/remote access for most

systems throughout the network

• Complex passwords with

lockout policies

• Role-based access to few

individuals

• VPN to few systems and users

• Badge readers/integrated

sensors

• Simplified passwords (except

for the most critical systems)

Security Group Tagging

• Tags traffic based on device policy

• Enforces access control based on tag

• Enhanced segmentation for

required groups only

• Dynamic, topology-independent enforcement

During

Intrusion Prevention/Detection IPS – enforces policies IDS – sends security alert only

Threat Mitigation Quarantine affected system Analysis of the threat to determine

appropriate action

Data Integrity and Confidentiality Data Loss Prevention (DLP) Combined physical and

cybersecurity access controls

Network-wide Policy Enforcement Differentiated actions based on value, function, and location of the device

After Retrospective Security Policies Centralised remediation and adaptation


IoT Can Actually Increase Security Posture

Network of Security Devices

– Cyber Security Firewall, IDS

– Physical Security IP cameras, badge readers, analytics

Actionable Security Intelligence

– Automated / M2M

– Human Response

Remote Capabilities

– Configuration and Management

– Collaboration Between Groups

IDS

Secure Access Video+Analytics

NG Firewall

Security

Intelligence

50


Conclusion: Securely Embrace IoT!

New challenges require new thinking!

– avoid operational siloes

– networking and convergence are key

– a sound security solution is integrated throughout

– build for the future

Security must be pervasive

– inside and outside the network

– device- and data-agnostic

– proactive and intelligent

Intelligence, not data

– convergence, plus analytics

– speed is essential for real-time decisions

52

internet of things (iot) security - cisco.com · internet of things (iot) security: understanding...

Documents