Upload
lethuy
View
224
Download
1
Embed Size (px)
Citation preview
A New Security Model for the IoE World
Timothy Snow, CCIEConsulting Systems Engineer, Asia PacificCisco
A New Security Model for the IoE World
• What is IoE and IoT?
• Cisco’s strategy and solution offerings for a connected world
• How Will the IoT affect your business?
• The ramifications of not securely connecting these devices
”The Internet of Everything brings together people, process, data and things to make networked connections more relevant and valuable than ever before - turning information into actions that create new capabilities, richer experiences andunprecedented economic opportunity for businesses, individuals and countries.”
Internet of Everything
7.26.8 7.6
IoT Is Here Now – and Growing!
Rapid Adoption Rate of Digital Infrastructure:5X Faster Than Electricity and Telephony
50 Billion
“Smart Objects”
50
2010 2015 2020
0
40
30
20
10
BIL
LIO
NS
OF
DE
VIC
ES
25
12.5
InflectionPoint
TIMELINE
World Population
Cisco IBSG projections, UN Economic & Social Affairshttp://www.un.org/esa/population/publications/longrange2/WorldPop2300final.pdf
Hourly we are....
Creating 4320 hours (180 days) of YouTube content
Downloading 2.8 Million apps from the iTunes store
Creating 34,000 new websites
Connecting 300,000 new devices to the IoE
Which is okay because we have……
340,282,366,920,938,463,463,374,607,431,768,211,456
(340 undecillion)
unique ipv6 addresses or
(4.25 ^28 per person or 2 ^13 per cell in your body)
Network as the Platform
GROWTH & INNOVATION
EXPERIENCE
EXPECTATIONS
NEW BUSINESS
MODELSGLOBALIZATION
SECURITY &
PRIVACY
Technology Transitions
BYOD NEW BREED OF APPSCLOUD BIG DATA ANALYTICSSENSORS & DEVICES
We are seeing more Innovation and Change than at Any Other Point in Our Lifetime
Business Transitions
The Connected Car
9
Actionable intelligence, enhanced comfort, unprecedented convenience
Online entertainment
Mapping, dynamic re-routing, safety and security
Transform “data” to “actionable intelligence”
Enable proactive maintenance
Fuel efficiency
Reduced congestion
Increased efficiency
Safety (hazard avoidance)
The Smart City
10
Safety, financial, and environmental benefits
Reduced congestion
Improved emergency services response times
Lower fuel usage
Increased efficiency
Power and cost savings
New revenue opportunities
Efficient service delivery
Increased revenues
Enhanced environmental monitoring capabilities
Cisco Customer IoT Deployments
Traffic service center
Integrated with Traffic Situation Display, Lane
Control System, and Road Weather
Information System
K-Power: Electrical Grid
National dam monitoring system
Integrated with water-level sensor
POSCO: Manufacturing
IMC Center, Production monitoring, Quality Control Tower
Device/Machinery tracking
Education Sector
Campus Video Monitoring
Physical Access Controls (Doors, Windows)
Linkage to Emergency Response (Medical / Police)
Campus Address/Loudspeaker system
Technology shifts creating The Perfect Storm
SaaSSOCIAL +
CONSUMERIZATION
CLOUD +
VIRTUALIZATIONMOBILITY + BYOD
Threat Dynamics are changing
13
Increased Attack Surface
Threat Diversity
Impact and Risk
Remediation
Management Complexity
Compliance and Regulation
All were smart. All had security.
All were seriously compromised.
And the Trend Will Continue
Data breaches and
theft will continue to be
a problem
IoT devices are not
designed for
cybersecurity
More devices mean
more to protect
Cybercrime is lucrative
Malware sophistication
and ease of use has
grown exponentially
The barrier to entry is low
Some lack basic
authentication
functionality
Designed under a model
of implicit trust
Use of unencrypted
protocols
Do you know the core
systems and
interconnections to keep
your business running?
How do you prioritize
events?
What’s the best use of
your resources?
Smart City
15
Potential impact to services and public safety
Increased traffic congestion
Creation of unsafe conditions
Device manipulation
Remote monitoring
Emergency Response shutdown
Environmental degradation
System shutdown
Lost revenue
The New Security Model
BEFOREDiscover
Enforce
Harden
AFTERScope
Contain
Remediate
Attack Continuum
Detect
Block
Defend
DURING
Network Endpoint Mobile Virtual Cloud
Point in Time Continuous
The New Security Model
BEFOREDiscover
Enforce
Harden
AFTERScope
Contain
Remediate
Attack Continuum
Detect
Block
Defend
DURING
Point in Time Continuous
Visibility and Context
Firewall
App Control
VPN
Patch Mgmt
Vuln Mgmt
IAM/NAC
IPS
Antivirus
Email/Web
IDS
FPC
Forensics
AMP
Log Mgmt
SIEM
Global Protection
Visibility Reduces Exposure
20
Typical crisis begins without warning
Network visibility allows reaction before compromise
Insight increases security posture
Impact
to the B
usin
ess (
$ )
Time
credit card data
compromised
*
attack
identified*
vulnerability
closed
*
CRISIS
REGION
attack
onset
*
*attack
thwarted
*early
warning
*attack
identified
*vulnerability
closed
INSIGHT
REGION
MTTK
The Problem with Traditional Next-Generation Firewalls
Focus on the apps But miss the threat…
100 0111100 011 1010011101 1
Existing NGFWs can reduce attack surface area but advanced malware often evades security controls.
Announced globally September 16
Industry’s First Threat-Focused NGFW
#1 Cisco Security announcement of the year!
Proven Cisco ASA firewalling
+ Industry leading Sourcefire NGIPS and AMP
Cisco ASA with FirePOWER Services
• Integrating defense layers helps organizations get the best visibility
• Enable dynamic controls to automatically adapt to threat conditions
• Protect against advanced threats across the entire attack continuum
23© 2013-2014 Cisco and/or its affiliates. All rights reserved.
NGFW
Collective Security
Intelligence (CSI)
Contextual Device, Network and End-Point Visibility
Classic Stateful Firewall
Gen1 IPS
Application Visibility
Web—URL Controls
AV and Basic Protections
NGIPS
Vulnerability
Management*Client Anti-
Malware (AMP)
Correlated SIEM
Eventing
Incident Control
System
Network Anti-
Malware Controls
(AMP)
Behavioral
Indications of
Compromise
User Identity
Open APP-ID SNORT Open IPS
Host Trajectory Retrospective Analysis
NG Sandbox for Evasive MalwareAuto-Remediation / Dynamic Policies
*Agent
Adaptive Security
Sandboxing
Classic Stateful Firewall
Retrospective DetectionMalware File Trajectory
Threat Hunting
Forensics and Log Management
Dynamic Outbreak ControlsURL and IP Reputation
The only Threat-Focused NGFWBEFORE DURING AFTER
Cisco Only
Automated, Integrated Threat DefenseSuperior Protection for Entire Attack Continuum
Retrospective Security
ReduceTime Between Detection and Cure
PDFMail
Admin
Request
Admin
Request
Multivector Correlation
Early Warning for Advanced Threats
Host A
Host B
Host C
3 IoCs
Adapt Policy to Risks
WWWWWWWWW
Dynamic Security Control
http://http://WWWWEB
Context and Threat Correlation
Priority 1
Priority 2
Priority 3
Impact Assessment
5 IoCs
Cisco’s largest Global Security Intelligence data source
100TBSecurity
Intelligence
1.6MDeployed
Devices
13BWeb
Requests
150,000Micro-
applications
1,000Application
s
93BDaily Email
Messages
35%Enterprise
5,500IPS
Signatures
150MDeployed
Endpoints
3-5 minUpdates
5BDaily Email
Connections
4.5BDaily Email
Blocks
14MDeployed
Access
Gateways
75,000FireAMP
Updates
6,000New Clam
AV Sigs
120KSandbox
Reports
Actionable Intelligence Across Entire Security Portfolio
Email Web Firewall Intrusion Prevention Endpoint
WWW
Cisco Security Intelligence Signatures
Global
Threat
Research
Location &
Registration
Content
Inspection with
Sandboxing
Spam Traps,
Honeypots,
Crawlers
Blocklists &
Reputation
Machine
Learning
Algorithms
Bringing in local intelligence
Network Endpoint Mobile Virtual Cloud
SIEM Integration
Complete suite of all Cisco
Security products. Real-time forensics
Cyber Threat Detection
Network based visibility and
Security Intelligence
Identity Services
User and Device policy compliance and
Network wide identity services
Cisco Platform Exchange Grid – pxGridEnabling the Potential of Network-Wide Context Sharing
31
I have NBAR info!
I need identity…
I have firewall logs!
I need identity…
I have sec events!I need reputation…
I have NetFlow!
I need entitlement…
I have reputation info!
I need threat data…
I have MDM info!
I need location…
I have app inventory info!
I need posture…
I have application info!
I need location & auth-group…
I have threat data!
I need reputation…
I have location!
I need identity…
SIO
Proprietary
APIs aren’t
the solution
SingleFramework
Direct, Secured Interfaces
pxGridContext
Sharing
We need to
share data
INFRASTRUCTURE FOR A ROBUST ECOSYSTEM
• Single framework – develop once
• Customize and secure what context gets shared and with which platforms
• Bi-directional – share and consume context
• Enables any pxGrid partner to share with any other pxGrid partner
• Integrates with Cisco ONE for broad network control functions
Faster Detection/Remediation of CyberThreats with SIEM / TD
Extension of Access Policy & Compliance with MDM
Endpoint Vulnerability Quarantine/Remediation
Context-driven OT Policy and Segmentation for IoT
Simplified Network Troubleshooting and Forensics
Single Sign On (SSO) to Sensitive Data on Mobile Devices
Strengthening Cisco Security through PartnershipsSharing Context with an Even Broader Ecosystem
Security and
Privacy
Why Cisco Security for IoT?
Unmatched visibility and consistent controls across Wired/Wireless/VPN
All devices in the network have security controls embedded
Highly scalable and proven designs for Wired/Wireless
Built in, not bolted on
Reduced complexity
A trusted vendor with 30 years experience
Deep Security Controls
Delivers Security Across the Extended Network –Before, During, and After An Attack
Key Takeaways
New Security Model – We must adapt to the new ways of protecting our changing network environments (BYOD, IoT)
Integrated – Security technologies embedded in the infrastructure to identify and thwart attacks quickly and efficiently.
Intelligent – Real time threat awareness that can be leveraged with local context and user awareness.
BEFOREDiscover
Enforce
Harden
AFTERScope
Contain
Remediate
Detect
Block
Defend
DURING