A New Security Model for the IoE World

Henry Ong

SE Manager - ASEAN

Cisco Global Security Sales Organization

”The Internet of Everything brings together people, process, data and things to make networked connections more relevant and valuable than ever before - turning information into actions that create new capabilities, richer experiences andunprecedented economic opportunity for businesses, individuals and countries.”

Internet of Everything

7.26.8 7.6

IoE Is Here Now – and Growing!

Rapid Adoption Rate of Digital Infrastructure:5X Faster Than Electricity and Telephony

50 Billion

“Smart Objects”

5050

20102010 20152015 20202020

00

4040

3030

2020

1010

BIL

LIO

NS

OF

DE

VIC

ES

25

12.5

InflectionPoint

TIMELINE

World Population

� Cisco IBSG projections, UN Economic & Social Affairshttp://www.un.org/esa/population/publications/longrange2/WorldPop2300final.pdf

During this 1 hour session we will create more data than

Hundreds of Years of civilization

Hourly we are....

Creating 4320 hours (180 days) of YouTube content

Downloading 2.8 Million apps from the iTunes store

Creating 34,000 new websites

Connecting 300,000 new devices to the IoE

Which is okay because we have……

340,282,366,920,938,463,463,374,607,431,768,211,456 (340 undecillion)

unique ipv6 addresses or

(4.25 ^28 per person or 2 ^13 per cell in your body)

Network as the Platform

GROWTH & INNOVATION

EXPERIENCEEXPECTATIONS

NEW BUSINESSMODELS

GLOBALIZATIONSECURITY &

PRIVACY

Technology Transitions

BYOD NEW BREED OF APPSCLOUD BIG DATA ANALYTICSSENSORS & DEVICES

We are seeing more Innovation and Change than at Any Other Point in Our Lifetime

Business Transitions

Why Internet of Things?

EfficiencyNew Economic

ValueQuality of Life

The Connected Car

8

Actionable intelligence, enhanced comfort, unprecedented convenience

WIRELESS ROUTER� Online entertainment

� Mapping, dynamic re-routing, safety and security

CONNECTED SENSORS� Transform “data” to “actionable intelligence”

� Enable proactive maintenance

� Fuel efficiency

URBAN CONNECTIVITY� Reduced congestion

� Increased efficiency

� Safety (hazard avoidance)

The Smart City

9

Safety, financial, and environmental benefits

CONNECTED TRAFFIC SIGNALS� Reduced congestion

� Improved emergency services response times

� Lower fuel usage

PARKING AND LIGHTING� Increased efficiency

� Power and cost savings

� New revenue opportunities

CITY SERVICES� Efficient service delivery

� Increased revenues

� Enhanced environmental monitoring capabilities

10

The Security Problem

Today Reality

11

All were smart. All had security.

All were seriously compromised.

And the Trend Will Continue

Data breaches and

theft will continue to be

a problem

Data breaches and

theft will continue to be

a problem

IoT devices are not

designed for

cybersecurity

IoT devices are not

designed for

cybersecurity

More devices mean

more to protect

More devices mean

more to protect

� Cybercrime is lucrative

� Malware sophistication

and ease of use has

grown exponentially

� The barrier to entry is low

� Some lack basic

authentication

functionality

� Designed under a model

of implicit trust

� Use of unencrypted

protocols

� Do you know the core systems and interconnections to keep your business running?

� How do you prioritize

events?

� What’s the best use of your resources?

Individual components or the system as a whole can be targeted

REMOTE CONTROL� Passenger, train and station monitoring

� PTZ camera control to avoid detection

SYSTEM CONTROL� Schedule manipulation

� System shutdown

MECHANICAL CONTROL� Sensor manipulation

� Creation of unsafe conditions

Connected Rail Operations

13

Smart City

14

Potential impact to services and public safety

REMOTE ACCESS� Increased traffic congestion

� Creation of unsafe conditions

SYSTEM CONTROL� Device manipulation

� Remote monitoring

� Creation of unsafe conditions

SERVICE MANIPULATION� Environmental degradation

� System shutdown

� Lost revenue

SECURITY CAPABILITIES

NEW MODEL INTELLIGENT INTEGRATED

SECURITY CAPABILITIES

NEW MODEL INTELLIGENT INTEGRATED

The Threat-Centric Security Model

BEFOREDiscover

Enforce

Harden

Discover

Enforce

Harden

AFTERScope

Contain

Remediate

Scope

Contain

Remediate

Attack Continuum

Network Endpoint Mobile Virtual Cloud

Detect

Block

Defend

Detect

Block

Defend

DURING

Point in Time Continuous

Covering the Entire Attack Continuum

Visibility and Context

Firewall

NGFW

NAC + Identity Services

VPN

UTM

NGIPS

Web Security

Email Security

Advanced Malware Protection

Network Behavior Analysis

BEFOREDiscover

Enforce

Harden

Discover

Enforce

Harden

AFTERScope

Contain

Remediate

Scope

Contain

Remediate

Attack Continuum

Detect

Block

Defend

Detect

Block

Defend

DURING

SECURITY CAPABILITIES

NEW MODEL INTELLIGENT INTEGRATED

Discover Your Environment

Network Servers

Operating Systems

Routers and Switches

Mobile Devices

Printers

VoIP Phones

Virtual Machines

Client Applications

Files

Users

Web Applications

Application Protocols

Services

Malware

Command and Control Servers

Vulnerabilities

NetFlow

NetworkBehavior

Processes

You cannot protect what you don’t know

Cisco Platform Exchange Grid – pxGridEnabling the Potential of Network-Wide Context Sharing

I have NBAR info!

I need identity…

I have firewall logs!

I need identity…

I have sec events!I need reputation…

I have NetFlow!

I need entitlement…

I have reputation info!

I need threat data…

I have MDM info!

I need location…

I have app inventory info!

I need posture…

I have identity & device-type!

I need app inventory & vulnerability…

I have application info!

I need location & auth-group…

I have threat data!

I need reputation…

I have location!

I need identity…

SIO

ProprietaryAPIs aren’t

the solution

SingleFramework

Direct, Secured Interfaces

pxGridContext

Sharing

We need to share data

INFRASTRUCTURE FOR A ROBUST ECOSYSTEM

• Single framework – develop once

• Customize and secure what context gets shared and with which platforms

• Bi-directional – share and consume context

• Enables any pxGrid partner to share with any other pxGrid partner

• Integrates with Cisco ONE for broad network control functions

Cisco’s largest Global Security Intelligence data source

Daily Security IntelligenceDaily Web RequestsDeployed Security DevicesDaily Malware Sandbox Reports

100TBSecurity

Intelligence

100TBSecurity

Intelligence

1.6MDeployed

Devices

1.6MDeployed

Devices

13BWeb

Requests

13BWeb

Requests

150,000Micro-

applications

150,000Micro-

applications

1,000Application

s

1,000Application

s

93BDaily Email

Messages

93BDaily Email

Messages

35%Enterprise

Email

35%Enterprise

Email

5,500IPS

Signatures

5,500IPS

Signatures

150MDeployed

Endpoints

150MDeployed

Endpoints

3-5 minUpdates

3-5 minUpdates

Cisco Security Intelligence

Broadest Visibility

Global Footprint

Defense in Depth

5BDaily Email

Connections

5BDaily Email

Connections

4.5BDaily Email

Blocks

4.5BDaily Email

Blocks

14MDeployed

Access Gateways

14MDeployed

Access Gateways

75,000FireAMP

Updates

75,000FireAMP

Updates

6,000New Clam

AV Sigs

6,000New Clam

AV Sigs

120KSandbox

Reports

120KSandbox

Reports

Actionable Intelligence Across Entire Security Portfolio

Email Web Firewall Intrusion Prevention Endpoint

WWW

Cisco Security Intelligence Signatures

Global

Threat

Research

Location &

Registration

Content

Inspection with

Sandboxing

Spam Traps,

Honeypots,

Crawlers

Blocklists &

Reputation

Machine

Learning

Algorithms

SECURITY CAPABILITIES

NEW MODEL INTELLIGENT INTEGRATED

100 0111100 011 1010011101 1000111010011101 10001110 10011 101 010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

01000 01000111 0100 11101 1000111010011101 1000111010011101 1100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101

The Problem with Traditional Next-Generation Firewalls

Focus on the apps But miss the threat…

01000 01000111 0100 1110101001 1101 111 0011 0

100 0111100 011 1010011101 1

01000 01000111 0100 111001 1001 11 111 0

Existing NGFWs can reduce attack surface area but advanced malware often evades security controls.

Actual Disposition = Bad = Blocked

Antivirus

Sandboxing

Initial Disposition = Clean

Point-in-time Detection

Retrospective Detection,

Analysis Continues

Initial Disposition = Clean

Continuous

Blind to scope of

compromise

Sleep Techniques

Unknown Protocols

Encryption

Polymorphism

Actual Disposition = Bad = Too Late!!

Turns back time

Visibility and

Control are Key

Not 100%

Analysis Stops

Beyond the Event HorizonAddresses limitations of point-in-time detection

Automated, Integrated Threat DefenseSuperior Protection for Entire Attack Continuum

Retrospective Security

ReduceTime Between Detection and Cure

PDFMail

Admin

Request

PDF

Mail

Admin

Request

Multivector Correlation

Early Warning for Advanced Threats

Host A

Host B

Host C

3 IoCs

Adapt Policy to Risks

WWWWWWWWW

Dynamic Security Control

http://http://WWWWEB

Context and Threat Correlation

Priority 1

Priority 2

Priority 3

Impact Assessment

5 IoCs

� When a host in the network map is seen to exhibit signs of compromise

Indications of Compromise (IOC)

Security Intelligence Events

C&C Detection

via Protocol Analysis

Contextual NGIPS

Events (Impact 1)

FireAMP Endpoint

Malware Events

Announced globally September 16

Industry’s First Threat-Focused NGFW

#1 Cisco Security announcement of the year!

Proven Cisco ASA firewalling

+ Industry leading Sourcefire NGIPS and AMP

Cisco ASA with FirePOWER Services

• Integrating defense layers helps organizations get the best visibility

• Enable dynamic controls to automatically adapt

• Protect against advanced threats across the entire attack continuum

29

Security andPrivacy

Why Cisco Security for IoT?

� Unmatched visibility and consistent controls across Wired/Wireless/VPN

� All devices in the network have security controls embedded

� Highly scalable and proven designs for Wired/Wireless

� Built in, not bolted on

� Reduced complexity

� A trusted vendor with 30 years experience

Deep Security Controls

Delivers Security Across the Extended Network –Before, During, and After An Attack

Key Takeaways

New Security Model New Security Model New Security Model New Security Model –––– We must adapt to the new ways of protecting our changing network environments (BYOD, IoT)

Intelligent Intelligent Intelligent Intelligent – Real time threat awareness that can be leverage with local context and Global Intelligence.

Integrated Integrated Integrated Integrated –––– Security technologies embedded in the infrastructure to identify and thwart attacks quickly and efficiently.

BEFOREDiscover

Enforce

Harden

Discover

Enforce

Harden

AFTERScope

Contain

Remediate

Scope

Contain

Remediate

Detect

Block

Defend

Detect

Block

Defend

DURING

test