Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
A New Security Model for the IoE World
Henry Ong
SE Manager - ASEAN
Cisco Global Security Sales Organization
”The Internet of Everything brings together people, process, data and things to make networked connections more relevant and valuable than ever before - turning information into actions that create new capabilities, richer experiences andunprecedented economic opportunity for businesses, individuals and countries.”
Internet of Everything
7.26.8 7.6
IoE Is Here Now – and Growing!
Rapid Adoption Rate of Digital Infrastructure:5X Faster Than Electricity and Telephony
50 Billion
“Smart Objects”
5050
20102010 20152015 20202020
00
4040
3030
2020
1010
BIL
LIO
NS
OF
DE
VIC
ES
25
12.5
InflectionPoint
TIMELINE
World Population
� Cisco IBSG projections, UN Economic & Social Affairshttp://www.un.org/esa/population/publications/longrange2/WorldPop2300final.pdf
During this 1 hour session we will create more data than
Hundreds of Years of civilization
Hourly we are....
Creating 4320 hours (180 days) of YouTube content
Downloading 2.8 Million apps from the iTunes store
Creating 34,000 new websites
Connecting 300,000 new devices to the IoE
Which is okay because we have……
340,282,366,920,938,463,463,374,607,431,768,211,456 (340 undecillion)
unique ipv6 addresses or
(4.25 ^28 per person or 2 ^13 per cell in your body)
Network as the Platform
GROWTH & INNOVATION
EXPERIENCEEXPECTATIONS
NEW BUSINESSMODELS
GLOBALIZATIONSECURITY &
PRIVACY
Technology Transitions
BYOD NEW BREED OF APPSCLOUD BIG DATA ANALYTICSSENSORS & DEVICES
We are seeing more Innovation and Change than at Any Other Point in Our Lifetime
Business Transitions
Why Internet of Things?
EfficiencyNew Economic
ValueQuality of Life
The Connected Car
8
Actionable intelligence, enhanced comfort, unprecedented convenience
WIRELESS ROUTER� Online entertainment
� Mapping, dynamic re-routing, safety and security
CONNECTED SENSORS� Transform “data” to “actionable intelligence”
� Enable proactive maintenance
� Fuel efficiency
URBAN CONNECTIVITY� Reduced congestion
� Increased efficiency
� Safety (hazard avoidance)
The Smart City
9
Safety, financial, and environmental benefits
CONNECTED TRAFFIC SIGNALS� Reduced congestion
� Improved emergency services response times
� Lower fuel usage
PARKING AND LIGHTING� Increased efficiency
� Power and cost savings
� New revenue opportunities
CITY SERVICES� Efficient service delivery
� Increased revenues
� Enhanced environmental monitoring capabilities
10
The Security Problem
Today Reality
11
All were smart. All had security.
All were seriously compromised.
And the Trend Will Continue
Data breaches and
theft will continue to be
a problem
Data breaches and
theft will continue to be
a problem
IoT devices are not
designed for
cybersecurity
IoT devices are not
designed for
cybersecurity
More devices mean
more to protect
More devices mean
more to protect
� Cybercrime is lucrative
� Malware sophistication
and ease of use has
grown exponentially
� The barrier to entry is low
� Some lack basic
authentication
functionality
� Designed under a model
of implicit trust
� Use of unencrypted
protocols
� Do you know the core systems and interconnections to keep your business running?
� How do you prioritize
events?
� What’s the best use of your resources?
Individual components or the system as a whole can be targeted
REMOTE CONTROL� Passenger, train and station monitoring
� PTZ camera control to avoid detection
SYSTEM CONTROL� Schedule manipulation
� System shutdown
MECHANICAL CONTROL� Sensor manipulation
� Creation of unsafe conditions
Connected Rail Operations
13
Smart City
14
Potential impact to services and public safety
REMOTE ACCESS� Increased traffic congestion
� Creation of unsafe conditions
SYSTEM CONTROL� Device manipulation
� Remote monitoring
� Creation of unsafe conditions
SERVICE MANIPULATION� Environmental degradation
� System shutdown
� Lost revenue
SECURITY CAPABILITIES
NEW MODEL INTELLIGENT INTEGRATED
SECURITY CAPABILITIES
NEW MODEL INTELLIGENT INTEGRATED
The Threat-Centric Security Model
BEFOREDiscover
Enforce
Harden
Discover
Enforce
Harden
AFTERScope
Contain
Remediate
Scope
Contain
Remediate
Attack Continuum
Network Endpoint Mobile Virtual Cloud
Detect
Block
Defend
Detect
Block
Defend
DURING
Point in Time Continuous
Covering the Entire Attack Continuum
Visibility and Context
Firewall
NGFW
NAC + Identity Services
VPN
UTM
NGIPS
Web Security
Email Security
Advanced Malware Protection
Network Behavior Analysis
BEFOREDiscover
Enforce
Harden
Discover
Enforce
Harden
AFTERScope
Contain
Remediate
Scope
Contain
Remediate
Attack Continuum
Detect
Block
Defend
Detect
Block
Defend
DURING
SECURITY CAPABILITIES
NEW MODEL INTELLIGENT INTEGRATED
Discover Your Environment
Network Servers
Operating Systems
Routers and Switches
Mobile Devices
Printers
VoIP Phones
Virtual Machines
Client Applications
Files
Users
Web Applications
Application Protocols
Services
Malware
Command and Control Servers
Vulnerabilities
NetFlow
NetworkBehavior
Processes
You cannot protect what you don’t know
Cisco Platform Exchange Grid – pxGridEnabling the Potential of Network-Wide Context Sharing
I have NBAR info!
I need identity…
I have firewall logs!
I need identity…
I have sec events!I need reputation…
I have NetFlow!
I need entitlement…
I have reputation info!
I need threat data…
I have MDM info!
I need location…
I have app inventory info!
I need posture…
I have identity & device-type!
I need app inventory & vulnerability…
I have application info!
I need location & auth-group…
I have threat data!
I need reputation…
I have location!
I need identity…
SIO
ProprietaryAPIs aren’t
the solution
SingleFramework
Direct, Secured Interfaces
pxGridContext
Sharing
We need to share data
INFRASTRUCTURE FOR A ROBUST ECOSYSTEM
• Single framework – develop once
• Customize and secure what context gets shared and with which platforms
• Bi-directional – share and consume context
• Enables any pxGrid partner to share with any other pxGrid partner
• Integrates with Cisco ONE for broad network control functions
Cisco’s largest Global Security Intelligence data source
Daily Security IntelligenceDaily Web RequestsDeployed Security DevicesDaily Malware Sandbox Reports
100TBSecurity
Intelligence
100TBSecurity
Intelligence
1.6MDeployed
Devices
1.6MDeployed
Devices
13BWeb
Requests
13BWeb
Requests
150,000Micro-
applications
150,000Micro-
applications
1,000Application
s
1,000Application
s
93BDaily Email
Messages
93BDaily Email
Messages
35%Enterprise
35%Enterprise
5,500IPS
Signatures
5,500IPS
Signatures
150MDeployed
Endpoints
150MDeployed
Endpoints
3-5 minUpdates
3-5 minUpdates
Cisco Security Intelligence
Broadest Visibility
Global Footprint
Defense in Depth
5BDaily Email
Connections
5BDaily Email
Connections
4.5BDaily Email
Blocks
4.5BDaily Email
Blocks
14MDeployed
Access Gateways
14MDeployed
Access Gateways
75,000FireAMP
Updates
75,000FireAMP
Updates
6,000New Clam
AV Sigs
6,000New Clam
AV Sigs
120KSandbox
Reports
120KSandbox
Reports
Actionable Intelligence Across Entire Security Portfolio
Email Web Firewall Intrusion Prevention Endpoint
WWW
Cisco Security Intelligence Signatures
Global
Threat
Research
Location &
Registration
Content
Inspection with
Sandboxing
Spam Traps,
Honeypots,
Crawlers
Blocklists &
Reputation
Machine
Learning
Algorithms
SECURITY CAPABILITIES
NEW MODEL INTELLIGENT INTEGRATED
100 0111100 011 1010011101 1000111010011101 10001110 10011 101 010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
01000 01000111 0100 11101 1000111010011101 1000111010011101 1100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101
The Problem with Traditional Next-Generation Firewalls
Focus on the apps But miss the threat…
01000 01000111 0100 1110101001 1101 111 0011 0
100 0111100 011 1010011101 1
01000 01000111 0100 111001 1001 11 111 0
Existing NGFWs can reduce attack surface area but advanced malware often evades security controls.
Actual Disposition = Bad = Blocked
Antivirus
Sandboxing
Initial Disposition = Clean
Point-in-time Detection
Retrospective Detection,
Analysis Continues
Initial Disposition = Clean
Continuous
Blind to scope of
compromise
Sleep Techniques
Unknown Protocols
Encryption
Polymorphism
Actual Disposition = Bad = Too Late!!
Turns back time
Visibility and
Control are Key
Not 100%
Analysis Stops
Beyond the Event HorizonAddresses limitations of point-in-time detection
Automated, Integrated Threat DefenseSuperior Protection for Entire Attack Continuum
Retrospective Security
ReduceTime Between Detection and Cure
PDFMail
Admin
Request
Admin
Request
Multivector Correlation
Early Warning for Advanced Threats
Host A
Host B
Host C
3 IoCs
Adapt Policy to Risks
WWWWWWWWW
Dynamic Security Control
http://http://WWWWEB
Context and Threat Correlation
Priority 1
Priority 2
Priority 3
Impact Assessment
5 IoCs
� When a host in the network map is seen to exhibit signs of compromise
Indications of Compromise (IOC)
Security Intelligence Events
C&C Detection
via Protocol Analysis
Contextual NGIPS
Events (Impact 1)
FireAMP Endpoint
Malware Events
Announced globally September 16
Industry’s First Threat-Focused NGFW
#1 Cisco Security announcement of the year!
Proven Cisco ASA firewalling
+ Industry leading Sourcefire NGIPS and AMP
Cisco ASA with FirePOWER Services
• Integrating defense layers helps organizations get the best visibility
• Enable dynamic controls to automatically adapt
• Protect against advanced threats across the entire attack continuum
29
Security andPrivacy
Why Cisco Security for IoT?
� Unmatched visibility and consistent controls across Wired/Wireless/VPN
� All devices in the network have security controls embedded
� Highly scalable and proven designs for Wired/Wireless
� Built in, not bolted on
� Reduced complexity
� A trusted vendor with 30 years experience
Deep Security Controls
Delivers Security Across the Extended Network –Before, During, and After An Attack
Key Takeaways
New Security Model New Security Model New Security Model New Security Model –––– We must adapt to the new ways of protecting our changing network environments (BYOD, IoT)
Intelligent Intelligent Intelligent Intelligent – Real time threat awareness that can be leverage with local context and Global Intelligence.
Integrated Integrated Integrated Integrated –––– Security technologies embedded in the infrastructure to identify and thwart attacks quickly and efficiently.
BEFOREDiscover
Enforce
Harden
Discover
Enforce
Harden
AFTERScope
Contain
Remediate
Scope
Contain
Remediate
Detect
Block
Defend
Detect
Block
Defend
DURING
test