a new security model for the ioe world - cisco - global ... new security model for the ioe world...

35
A New Security Model for the IoE World Timothy Snow, CCIE Consulting Systems Engineer, Asia Pacific Cisco

Upload: lethuy

Post on 30-Mar-2018

223 views

Category:

Documents


1 download

TRANSCRIPT

A New Security Model for the IoE World

Timothy Snow, CCIEConsulting Systems Engineer, Asia PacificCisco

A New Security Model for the IoE World

• What is IoE and IoT?

• Cisco’s strategy and solution offerings for a connected world

• How Will the IoT affect your business?

• The ramifications of not securely connecting these devices

”The Internet of Everything brings together people, process, data and things to make networked connections more relevant and valuable than ever before - turning information into actions that create new capabilities, richer experiences andunprecedented economic opportunity for businesses, individuals and countries.”

Internet of Everything

7.26.8 7.6

IoT Is Here Now – and Growing!

Rapid Adoption Rate of Digital Infrastructure:5X Faster Than Electricity and Telephony

50 Billion

“Smart Objects”

50

2010 2015 2020

0

40

30

20

10

BIL

LIO

NS

OF

DE

VIC

ES

25

12.5

InflectionPoint

TIMELINE

World Population

Cisco IBSG projections, UN Economic & Social Affairshttp://www.un.org/esa/population/publications/longrange2/WorldPop2300final.pdf

During this 1 hour session we will create more data than

Hundreds of Years of civilization

Hourly we are....

Creating 4320 hours (180 days) of YouTube content

Downloading 2.8 Million apps from the iTunes store

Creating 34,000 new websites

Connecting 300,000 new devices to the IoE

Which is okay because we have……

340,282,366,920,938,463,463,374,607,431,768,211,456

(340 undecillion)

unique ipv6 addresses or

(4.25 ^28 per person or 2 ^13 per cell in your body)

Network as the Platform

GROWTH & INNOVATION

EXPERIENCE

EXPECTATIONS

NEW BUSINESS

MODELSGLOBALIZATION

SECURITY &

PRIVACY

Technology Transitions

BYOD NEW BREED OF APPSCLOUD BIG DATA ANALYTICSSENSORS & DEVICES

We are seeing more Innovation and Change than at Any Other Point in Our Lifetime

Business Transitions

Why Internet of Things?

EfficiencyNew Economic

ValueQuality of Life

The Connected Car

9

Actionable intelligence, enhanced comfort, unprecedented convenience

Online entertainment

Mapping, dynamic re-routing, safety and security

Transform “data” to “actionable intelligence”

Enable proactive maintenance

Fuel efficiency

Reduced congestion

Increased efficiency

Safety (hazard avoidance)

The Smart City

10

Safety, financial, and environmental benefits

Reduced congestion

Improved emergency services response times

Lower fuel usage

Increased efficiency

Power and cost savings

New revenue opportunities

Efficient service delivery

Increased revenues

Enhanced environmental monitoring capabilities

Cisco Customer IoT Deployments

Traffic service center

Integrated with Traffic Situation Display, Lane

Control System, and Road Weather

Information System

K-Power: Electrical Grid

National dam monitoring system

Integrated with water-level sensor

POSCO: Manufacturing

IMC Center, Production monitoring, Quality Control Tower

Device/Machinery tracking

Education Sector

Campus Video Monitoring

Physical Access Controls (Doors, Windows)

Linkage to Emergency Response (Medical / Police)

Campus Address/Loudspeaker system

Technology shifts creating The Perfect Storm

SaaSSOCIAL +

CONSUMERIZATION

CLOUD +

VIRTUALIZATIONMOBILITY + BYOD

Threat Dynamics are changing

13

Increased Attack Surface

Threat Diversity

Impact and Risk

Remediation

Management Complexity

Compliance and Regulation

All were smart. All had security.

All were seriously compromised.

And the Trend Will Continue

Data breaches and

theft will continue to be

a problem

IoT devices are not

designed for

cybersecurity

More devices mean

more to protect

Cybercrime is lucrative

Malware sophistication

and ease of use has

grown exponentially

The barrier to entry is low

Some lack basic

authentication

functionality

Designed under a model

of implicit trust

Use of unencrypted

protocols

Do you know the core

systems and

interconnections to keep

your business running?

How do you prioritize

events?

What’s the best use of

your resources?

Smart City

15

Potential impact to services and public safety

Increased traffic congestion

Creation of unsafe conditions

Device manipulation

Remote monitoring

Emergency Response shutdown

Environmental degradation

System shutdown

Lost revenue

SECURITY CAPABILITIES

NEW MODEL INTEGRATED INTELLIGENT

SECURITY CAPABILITIES

NEW MODEL INTEGRATED INTELLIGENT

The New Security Model

BEFOREDiscover

Enforce

Harden

AFTERScope

Contain

Remediate

Attack Continuum

Detect

Block

Defend

DURING

Network Endpoint Mobile Virtual Cloud

Point in Time Continuous

The New Security Model

BEFOREDiscover

Enforce

Harden

AFTERScope

Contain

Remediate

Attack Continuum

Detect

Block

Defend

DURING

Point in Time Continuous

Visibility and Context

Firewall

App Control

VPN

Patch Mgmt

Vuln Mgmt

IAM/NAC

IPS

Antivirus

Email/Web

IDS

FPC

Forensics

AMP

Log Mgmt

SIEM

Global Protection

Visibility Reduces Exposure

20

Typical crisis begins without warning

Network visibility allows reaction before compromise

Insight increases security posture

Impact

to the B

usin

ess (

$ )

Time

credit card data

compromised

*

attack

identified*

vulnerability

closed

*

CRISIS

REGION

attack

onset

*

*attack

thwarted

*early

warning

*attack

identified

*vulnerability

closed

INSIGHT

REGION

MTTK

SECURITY CAPABILITIES

NEW MODEL INTEGRATED INTELLIGENT

The Problem with Traditional Next-Generation Firewalls

Focus on the apps But miss the threat…

100 0111100 011 1010011101 1

Existing NGFWs can reduce attack surface area but advanced malware often evades security controls.

Announced globally September 16

Industry’s First Threat-Focused NGFW

#1 Cisco Security announcement of the year!

Proven Cisco ASA firewalling

+ Industry leading Sourcefire NGIPS and AMP

Cisco ASA with FirePOWER Services

• Integrating defense layers helps organizations get the best visibility

• Enable dynamic controls to automatically adapt to threat conditions

• Protect against advanced threats across the entire attack continuum

23© 2013-2014 Cisco and/or its affiliates. All rights reserved.

NSS Labs – Next-Generation Firewall Security Value Map

Source: NSS Labs 2014

NGFW

Collective Security

Intelligence (CSI)

Contextual Device, Network and End-Point Visibility

Classic Stateful Firewall

Gen1 IPS

Application Visibility

Web—URL Controls

AV and Basic Protections

NGIPS

Vulnerability

Management*Client Anti-

Malware (AMP)

Correlated SIEM

Eventing

Incident Control

System

Network Anti-

Malware Controls

(AMP)

Behavioral

Indications of

Compromise

User Identity

Open APP-ID SNORT Open IPS

Host Trajectory Retrospective Analysis

NG Sandbox for Evasive MalwareAuto-Remediation / Dynamic Policies

*Agent

Adaptive Security

Sandboxing

Classic Stateful Firewall

Retrospective DetectionMalware File Trajectory

Threat Hunting

Forensics and Log Management

Dynamic Outbreak ControlsURL and IP Reputation

The only Threat-Focused NGFWBEFORE DURING AFTER

Cisco Only

Automated, Integrated Threat DefenseSuperior Protection for Entire Attack Continuum

Retrospective Security

ReduceTime Between Detection and Cure

PDFMail

Admin

Request

PDF

Mail

Admin

Request

Multivector Correlation

Early Warning for Advanced Threats

Host A

Host B

Host C

3 IoCs

Adapt Policy to Risks

WWWWWWWWW

Dynamic Security Control

http://http://WWWWEB

Context and Threat Correlation

Priority 1

Priority 2

Priority 3

Impact Assessment

5 IoCs

SECURITY CAPABILITIES

NEW MODEL INTEGRATED INTELLIGENT

Cisco’s largest Global Security Intelligence data source

100TBSecurity

Intelligence

1.6MDeployed

Devices

13BWeb

Requests

150,000Micro-

applications

1,000Application

s

93BDaily Email

Messages

35%Enterprise

Email

5,500IPS

Signatures

150MDeployed

Endpoints

3-5 minUpdates

5BDaily Email

Connections

4.5BDaily Email

Blocks

14MDeployed

Access

Gateways

75,000FireAMP

Updates

6,000New Clam

AV Sigs

120KSandbox

Reports

Actionable Intelligence Across Entire Security Portfolio

Email Web Firewall Intrusion Prevention Endpoint

WWW

Cisco Security Intelligence Signatures

Global

Threat

Research

Location &

Registration

Content

Inspection with

Sandboxing

Spam Traps,

Honeypots,

Crawlers

Blocklists &

Reputation

Machine

Learning

Algorithms

Bringing in local intelligence

Network Endpoint Mobile Virtual Cloud

SIEM Integration

Complete suite of all Cisco

Security products. Real-time forensics

Cyber Threat Detection

Network based visibility and

Security Intelligence

Identity Services

User and Device policy compliance and

Network wide identity services

Cisco Platform Exchange Grid – pxGridEnabling the Potential of Network-Wide Context Sharing

31

I have NBAR info!

I need identity…

I have firewall logs!

I need identity…

I have sec events!I need reputation…

I have NetFlow!

I need entitlement…

I have reputation info!

I need threat data…

I have MDM info!

I need location…

I have app inventory info!

I need posture…

I have application info!

I need location & auth-group…

I have threat data!

I need reputation…

I have location!

I need identity…

SIO

Proprietary

APIs aren’t

the solution

SingleFramework

Direct, Secured Interfaces

pxGridContext

Sharing

We need to

share data

INFRASTRUCTURE FOR A ROBUST ECOSYSTEM

• Single framework – develop once

• Customize and secure what context gets shared and with which platforms

• Bi-directional – share and consume context

• Enables any pxGrid partner to share with any other pxGrid partner

• Integrates with Cisco ONE for broad network control functions

Faster Detection/Remediation of CyberThreats with SIEM / TD

Extension of Access Policy & Compliance with MDM

Endpoint Vulnerability Quarantine/Remediation

Context-driven OT Policy and Segmentation for IoT

Simplified Network Troubleshooting and Forensics

Single Sign On (SSO) to Sensitive Data on Mobile Devices

Strengthening Cisco Security through PartnershipsSharing Context with an Even Broader Ecosystem

Security and

Privacy

Why Cisco Security for IoT?

Unmatched visibility and consistent controls across Wired/Wireless/VPN

All devices in the network have security controls embedded

Highly scalable and proven designs for Wired/Wireless

Built in, not bolted on

Reduced complexity

A trusted vendor with 30 years experience

Deep Security Controls

Delivers Security Across the Extended Network –Before, During, and After An Attack

Key Takeaways

New Security Model – We must adapt to the new ways of protecting our changing network environments (BYOD, IoT)

Integrated – Security technologies embedded in the infrastructure to identify and thwart attacks quickly and efficiently.

Intelligent – Real time threat awareness that can be leveraged with local context and user awareness.

BEFOREDiscover

Enforce

Harden

AFTERScope

Contain

Remediate

Detect

Block

Defend

DURING

test