security for internet of things (iot) devices · security functions that support iot like any...
Post on 28-May-2020
11 Views
Preview:
TRANSCRIPT
Security for
Internet of Things (IoT) Devices
www.opaq.com
Contact: info@opaq.com www.opaq.com
TABLE OF CONTENTS
Table of Contents
Introduction .................................................................................................................................................................................... 01
The Challenge ............................................................................................................................................................................. 01
The OPAQ Solution .................................................................................................................................................................. 03
Security Functions that Support IoT ........................................................................................................................... 05
Example Use Cases for IoT................................................................................................................................................. 07
Conclusion ..................................................................................................................................................................................... 07
i
1Siobhan Gorman, Wall Street Journal, China Hackers Hit U.S. Chamber, Dec. 21, 2011
IntroductionThe Internet of Things is comprised of specialized electronic devices with embedded computers connected to networks. IoT devices serve a broad range of functions in our homes (and on our bodies); in commercial and enterprise businesses; and in public utility and industrial systems. Such devices will soon outnumber humans on the planet 2:1. Very few of these devices were engineered with inherent cybersecurity protections or controls, including the basic capabilities to authenticate users and upgrade firmware or software.
Contact: info@opaq.com www.opaq.com
The ChallengeA key security challenge most IoT devices presently is that they autonomously follow their embedded programming to communicate to cloud or on-premise systems or other IoT devices while enabling few security controls and presenting users few options for adding them. Nevertheless, at their core most IoT devices are running some derivative of a general purpose open source operating system that can be repurposed by bad actors to do bad things.
1
These conditions result in several types of serious security risks. Compromised devices can be used as entry points into business networks, opening the broader network up for further entrenchment by an attacker. The network is then vulnerable to malicious activity such as a ransomware attack or a data breach.
Some years ago computer systems operated by the U.S. Chamber of Commerce were attacked1, leading to significant data loss. Forensic research indicated the attackers utilized room thermostats and office printers to maintain a backdoor on the organization’s network, thus enabling a continued presence even as workstations and servers were cleaned up. The threat of persistence via IOT devices has only increased in recent years as these sorts of devices have proliferated.
INTRODUCTION
Contact: info@opaq.com www.opaq.com
THE CHALLENGE
2
Another substantial risk is that compromised IoT devices can be brought under control by an outside force and directed to perform malicious acts outside the organization’s network.
An external command and control (C&C) server communicates with the devices to direct their nefarious activities. In 2016, hundreds of thousands of compromised IoT devices such as surveillance cameras and residential routers were controlled by the Mirai botnet, which subsequently attacked the Dyn Internet domain name service. The hours-long denial of service attack caused dozens of major Internet platforms and services to become unavailable to large swathes of users in Europe and North America.
With minimal onboard security controls in these devices, the only recourse security managers have had was to inventory, monitor and isolate them to the best of their ability.
In a world where light bulbs, coffee makers, and smart watches are Wi-Fi-enabled, just keeping knowledgeable about all IoT devices that
have been introduced into an environment is a Sisyphean task.
Understanding normal communications behavior and creating policies to enable just these behaviors while detecting and blocking others is more than can be reasonably accomplished in all but the most sophisticated security environments.
As a result, where practical, companies may partition off network segments dedicated to IoT devices. However, many organizations are not doing that, particularly resource-constrained midsize enterprises that struggle to even maintain basic security hygiene. Organizations need an easy-to-deploy, non-disruptive, yet robust security solution to help them effectively reduce security risks inherent in IoT devices.
The OPAQ SolutionOPAQ’s Security-as-a-Service cloud platform is comprised of fully-integrated products that are configured, operated and managed from a single interface. The OPAQ cloud platform comes with integrated and automated security features for IoT that are configured through the portal and delivered via an agent and the cloud service.
Contact: info@opaq.com www.opaq.com
THE OPAQ SOLUTION
With the OPAQ Cloud, segmenting IoT devices on internal networks can be accomplished without wrestling with complex switch configurations or sniffing network traffic to develop policies.. Rather, OPAQ uses endpoint agents on Windows, MacOS, Linux that provide visibility into internal network traffic and enable Software-Defined Network Segmentation. A single security policy configured in the OPAQ cloud portal orchestrates the delivery of security across all endpoint and network security capabilities within the OPAQ platform, eliminating much of the cost and complexity involved with traditional network security.
3
Contact: info@opaq.com www.opaq.com
HOW IT WORKS
4
How It Works
DATA CENTER, OFFICES,AND REMOTE USERS
INTEGRATED SECURITY CAPABILITIES DELIVERED FROM THE CLOUD
FULLY ENCRYPTEDSD-WAN
3RD PARTYAND IOT
WEB APPLICATIONSAND MOBILE
CLOUD IaaSAND SaaS
A SINGLE MONITORING, MANAGEMENT,AND REPORTING PORTAL
OPAQ: Enterprise-Grade Security from the CloudSimplifying the way security is delivered
Network + Security Integrated into a Single Cloud Platform
HYBRID IT
WAFaaS
FWaaS
Endpoint
Cloud SIEM
Endpoint Protection
Cloud SIEM
Firewall-as-a-Service
Web Application Firewall-as-a-Service
OPAQ modular products include the following — all deployed at the click of a mouse: The OPAQ cloud platform is a self-contained cloud service with ISP-grade peering to most major SaaS vendors and OPAQ’s proprietary, secure SD-WAN.
The flexibility of the OPAQ Cloud enables security managers to select the precise level and functionality required for their specific application, all without writing a single line of integration code or deploying any products, save the endpoint agent that provides control, connectivity and inventory over hosts—all centrally managed from the OPAQ Cloud portal.
Contact: info@opaq.com www.opaq.com
SECURITY FUNCTIONS THAT SUPPORT IOT
5
Function OPAQ Product Feature Description
Identification
Protection
Firewall-as-a-Service
Firewall-as-a-Service
Endpoint Protection
Endpoint Protection
Endpoint Protection
Endpoint Protection
Palo Alto Networks App-ID
Unmanaged Host Detection
Asset Hardware & Software Inventory
Palo Alto Networks C&C Sinkholing
Software-Defined Network Segmentation
Software-Defined Network Access Control
Automatically classify IoT traffic using Palo Alto Networks App-ID
Detect unmanaged hosts (those without OPAQ agents)
Collects inventory information from network-connected devices
Redirects IoT bot command and control domains to a sinkhole address
Redirects IoT bot command and control domains to a sinkhole address
Prevent IoT and other unmanaged devices from communicating with managed hosts
Security Functions that Support IoTLike any security operation, IoT security consists of five basic functions, all of which the OPAQ cloud platform supports:
1. Identification– Knowing what IoT devices are connected to your network is half the battle
2. Protection – Hardening of the environment, reducing the attack surface area (of the IoT devices and from them), network segmentation and access controls
3. Detection – Monitoring for threats to and from IoT devices
4. Response – Taking immediate action to neutralize threats
5. Recovery – Clean-up to restore normal or enhanced operations following an incident
Contact: info@opaq.com www.opaq.com
INTRODUCTION
6
Function OPAQ Product Feature Description
Protection(cont’d.)
Detection
Recovery
Response
Web Application Firewall-as-a-Service
Firewall-as-a-Service
Firewall-as-a-Service
Endpoint Protection
Firewall-as-a-Service
Cloud SIEM
Web Application Firewall-as-a-Service
Endpoint Protection
Endpoint Protection
Endpoint Protection
Cloudflare IP Reputation Blocking
Firewall Policy Configuration
Palo Alto Networks Threat Prevention
Software-Defined Network Segmentation Policy
Palo Alto Networks Threat Intelligence
Log Analysis Workbench
Cloudflare DDoS Protection
Host Analysis Workbench
Host Analysis Workbench
Device Quarantine – Manual or Automatic
Blocks access to IP using shared network intelligence
Inbound, Outbound and Internal firewall policy configuration console
Inbound, Outbound and Internal firewall policy configuration console
Network segmentation policy configuration by user or host groups
Global store of threat intelligence that informs threat prevention
Security log aggregation, normalization and analysis console
Anticipates and Stops DDoS attacks to or from you
Network access control policies
Console for the investigation of traffic or inventory anomalies
Instantaneous capability to remotely quarantine compromised devices
Note that except for the endpoint agent (which is deployed to workstations, servers and mobile devices) and an optional edge-connect device, the entire security stack is hosted and operated from the OPAQ Cloud.
Cloud SIEM
Cloud SIEM
Endpoint Protection
Log Analysis and Reporting
Controls Monitoring and Reporting
East/West Traffic Behavioral Learning
Security log collection, transformation and metrics generation
Security technical controls compliance mapping, monitoring and reporting
UDP/TCP traffic monitoring and learning of “normal” behavior for constructing policies
SECURITY FUNCTIONS THAT SUPPORT IOT
Contact: info@opaq.com www.opaq.com
EXAMPLE USE CASES FOR IOT
7
Example Use Cases for IoTHere are just a few examples of how the OPAQ solution can strengthen network security for IoT.
PreventunwantedinternaltrafficoriginatingfromIoTdevices
OPAQ Endpoint Protection includes a software agent that installs on devices running Windows, Linux or MacOS. This agent enforces access control policies and monitors all communications behavior. IoT devices on a business network might not run the endpoint agent; however, adjacent servers and workstations will. For example, in an industrial control system where programmable logic computers (PLCs) cannot run third party endpoint agents, the PLCs often communicate with a Windows-based workstation that can run it. With a security policy, the organization can prevent IoT devices from communicating across the network to workstations that aren’t expecting such contact. This prevents a compromised IoT device – perhaps a thermostat or printer – from transmitting a malicious payload like malware to other devices on the network.
PreventunwantedInternettrafficoriginatingfromorgoingtoIoTdevices
OPAQ Firewall-as-a-Service (FWaaS) is hosted in the OPAQ Cloud, which makes it easier for an organization to administer its firewall(s). The default security posture of the OPAQ cloud-based firewall is that all outbound traffic from an organization’s network is prohibited unless it is explicitly authorized. Concerning IoT traffic to and from the Internet, this security posture prevents communications with IP addresses that are not on a whitelist of addresses that a device needs to communicate with, such as the device manufacturer’s website. Therefore, traffic will be blocked to or from command and control servers that could take illicit control of the IoT device.
ConclusionThe OPAQ cloud platform provides a full range of security operations functions - from identification of devices through protection, detection, response and recovery. The OPAQ Cloud can accommodate legacy IoT devices with weak security controls as well as modern devices. The flexibility and modularity of the OPAQ Security-as-a-Service platform presents a unique opportunity for security operations to include IoT controls with enterprise-grade security afforded to other network devices.
About the OPAQ CloudOPAQ is the premier network security cloud company. The OPAQ Cloud empowers midsize enterprises with Fortune 100-grade security-as-a-service on a fully encrypted SD-WAN optimized for speed and performance. With OPAQ, service providers and their midsize enterprises are equipped with a simpli ed ability to centrally monitor security performance and compliance maturity, generate reports, manage security infrastructure, and enforce policies – all through a single interface. For more information, visit opaq.com.
Contact: info@opaq.com
top related