detect & defend 2018 it-cube & check point pdfs/dd 18...environments protect it with...

1 ©2018 Check Point Software Technologies Ltd. ©2018 Check Point Software Technologies Ltd.

Christine Schoenig

Technical Manager, Germany

Check Point Infinity for IoT Security –

Die Cyber Security Architektur der Zukunft

DETECT & DEFEND 2018 IT-CUBE & CHECK POINT

[Internal Use] for Check Point employees

2 ©2018 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees

• Das Internet der Dinge (Internet of things, IoT) ist ein Netzwerk aus

physischen Geräten wie z.B. Fahrzeugen, Haushaltsgeräten und

anderen Gegenständen, die mit Elektronik, Software, Sensoren,

Aktoren und Konnektivität versehen sind. Ziel des Internets der Dinge

ist es automatisch relevante Informationen aus der realen Welt zu

erfassen, miteinander zu verknüpfen und im Netzwerk verfügbar zu

machen.

• Die Zahl der online fähigen Geräte stieg in 2017 in nur einem Jahr um

31% auf 8,4 Milliarden im Vergleich zu 2016. Experten schätzen, dass

das IoT bis 2020 aus rund 30 Milliarden Objekten bestehen wird. Es

wird auch geschätzt, dass der globale Marktwert des Internet der

Dinge bis 2020 7,1 Billionen Dollar erreichen wird.

Internet of things


Smart Cities

IoT & ICS

Offices

Smart Buildings

Sensors

Devices

Retail

Automotive

Smart Homes

Utilities Telco's

Fleet Management

[Restricted] for designated teams

Manufacturing

Healthcare


IoT is Already All Around Us

And will be a substantial part of our lives in the coming Future…

Connected Cars Connected Home

Smart Cities

Healthcare

[Protected] Non-confidential content

Smart Buildings

Industrial IoT

Quelle: MIPS


Motivation

[Protected] Distribution or modification is subject to approval

Quelle: Deloitte

7 ©2018 Check Point Software Technologies Ltd. [Restricted] for designated teams

ATM

POS

Vending Machines

Manufacturing

Machines

Surveillance Cameras

Printers

What do they all have in Common?

Routers Sensors

©2016 Check Point Software Technologies Ltd.

8

“

“

More than 25% of cyber attacks will involve the internet of things (IoT) by 2020

Gartner

90% of IoT devices are unsecured (Gartner)


Default Passwords

Software Vulnerabilities

Mirai Botnet Attack

Remote Admin

C&C

©2018 Check Point Software Technologies Ltd. 13

How could one build a network of IoT bots?

• Search for the latest CVE for IoT device.

• Locate the devices model and brand

• Search www.shodan.io for online devices of that model.

• Execute the attack.


14 ©2018 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals

Let‘s have a look


The Internet of

Ransomware Things


Why Attacks on IoT Are Possible?

Vulnerable Software & Hardware

Default Configuration Less/No Updates Less/No Encryption

Hard Coded Credentials

Unattended Devices Less/No

Segmentation No Standards/

Too Many Standards




The Enterprise Environment

While Some See Things… We See a Trojan Horse

Building Office


A German steel mill – thousands of employees


BSI Assessment Of The Attack

„ The technical capabilities of the attackers are considered to be very advanced. The compromise reached from a multitude of different internal systems to industrial components. The know-how of the attackers was not only very pronounced in the area of classic IT security, but also extended to detailed expertise on the industrial controls and production processes used."

The challenge to protect borderless networks

[Confidential] ONLY for designated groups and individuals


How would you…

Keep attackers

from hitting OT

Prevent exploits of vulnerable

systems

Build and monitor

rules that cover

everything

24 ©2018 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval

CHECK POINT SOFTWARE DEFINED PROTECTION (SDP) CONVERTING INTELLIGENCE INTO PROTECTION

ENFORCEMENT LAYER

THREAT PREVENTION CONTROL LAYER

MANAGEMENT LAYER SINGLE MANAGEMENT

ENDPOINT SECURITY

NETWORK SECURITY GATEWAY

MOBILE SECURITY

VIRTUAL SYSTEMS

CLOUD SECURITY OT

Networks


CLOUD MOBILE THREAT PREVENTION

CONSOLIDATED SYSTEM

OT Networks

26 ©2018 Check Point Software Technologies Ltd. 26 ©2018 Check Point Software Technologies Ltd.

CHECK POINT INFINITY


Best Practices for Securing OT

Secure Both OT and IT

Environments

Protect IT with Advanced Threat Prevention Technologies

Clear Segmentation between

OT and IT/Internet

Deploy Specialized ICS/SCADA Security Technologies


ICS Solution Building Blocks

Unified IT/OT Management

• Customized Visibility

• Unified Policy

• Anomaly detection

• Integration with SIEM systems

Environment

• Ruggedized Appliances for Harsh Environments

• Visibility and Granular Control of ICS/SCADA Traffic

• Stops exploits of known vulnerabilities

• Using IDS/IPS Signatures

Control & Virtual

Patching



• Visibility and Granular Control of ICS/SCADA Traffic

• Stops exploits of known vulnerabilities

• Using IDS/IPS Signatures

Control & Virtual

Patching


Most Extensive Support of SCADA/ICS-Specific Protocols

[Restricted] ONLY for designated groups and individuals

Over 900 SCADA and IoT commands

in Check Point Application Control

MMS

DNP3

Siemens

Step7

IEC 60870-5-104

IEC 61850

ICCP

OPC

DA & UA

Profinet

CIP IoT


Detailed forensics for incident investigations

Setting the Baseline Granular level logging of SCADA traffic –

DETAILED

GROUPED

ANALYZED

by

Check Point SMARTLOG &

SMARTEVENT


Setting Policy/Rules based on Functions and Values


Allowed values and

ranges

Protocol

Command

(Function)

Active or Passive Policy


Legacy Systems Are Often Unpatched


©2018 Check Point Software Technologies Ltd. 34 [Restricted] ONLY for designated groups and individuals

PROTECTED

by

Check Point

IPS

Virtual patching with over 300 dedicated IDS/IPS signatures

NSS Labs

Highest Rating

Stops exploits of known

vulnerabilities and detects

anomalous traffic


Environment


• Ruggedized Appliances for Harsh Environments


• Fully featured Check Point security gateway


• Compliant to the most rigid regulations:

IEC 61850-3 and IEEE 1613

• 6x1GbE ports and firewall throughput of 2Gbps

• Compact fan-less design with no moving parts; temperature

range from -40°C to 75°C

• Can be used in In-line or Tap (Mirror) modes

• Routing and networking (e.g: BGP, OSPF, IPsec, etc.)

Check Point 1200R New Purpose-Built Ruggedized Security Gateway Appliance


Unified IT/OT Management


• Customized Visibility

• Unified Policy

• Anomaly detection

• Integration with SIEM systems


UNIFIED IT and OT MANAGEMENT FOR BEST ROI AND OPTIMAL PROTECTION

Unified Policy

Customized Visibility

Everywhere Monitoring


Management integration

With Leading SIEM systems:

Q-Radar, ARCSight, Splunk

And more like Predix and

others


REPORTED

by

Check Point COMPLIANCE BLADE

Real-time assessment of

compliance with major regulations

Dedicated Compliance and Regulation Monitoring

SCADA SPECIFIC COMPLIANCE CHECKS



IoT Security Best Practices Segmentation

Access Policy

Patching/Virtual Patching

Pre-Infection/Post-Infection Threat Prevention

Data Leakage Prevention

Encryption

Standardization



Visibility


Enterprise IoT Security

Control Network

PLC PLC

Security Gateway

SCADA Server

NAC - Discovery

Building

Office

MQTT Over Ethernet

WLAN / LAN

MQTT

BACNET

R80

Hospital

HL7, Dicom


ICS/SCADA Environments with Multi-site Sectors: Electricity, Wind, O&G, Water

SCADA Server

Data Center

Smart Event

Communication cloud

Ethernet/IP/MPLS

Cellular

MODBUS High

Availability

1200R

RTU

Electric Sub-station

PLC

MODBUS

IT Zone

1200R

Wind Farms

MODBUS VPN 1200R

PLC

Waste Water

Clean

Water

Control Center

Natural Gas Production

PLC

1200R


Transportation

Manufacturing

Smart cities

Smart buildings

Banking

Utilities

Healthcare

Telecom

Automotive

Energy

Smart homes

cloud

Security in the age of

THINGS


IoT, ICS/SCADA Verticals

Security Solution Examples

1. Check Point ICS Security: https://www.youtube.com/watch?v=crZrh1kQOew

2. Check Point Blog:

http://blog.checkpoint.com/tag/iot

3. Check Point Infinity:

https://youtu.be/FqOTbTRjsu4

Smart Cities Connected Cars Healthcare Smart Homes Smart Buildings Industrial IoT

https://www.youtube.com/watch?v=crZrh1kQOew












ENFORCEMENT

MANAGEMENT

THREAT INTELLIGENCE CLOUD & INFRASTRUCTURE

APPLIANCES CASB 160+ TECHNOLOGY

PARTNERS

MOBILE

COMMUNICATIONS ICS

CHECK POINT PROVIDES ITS CUSTOMERS THE BEST SECURITY EVERYWHERE WITH THE INDUSTRY’S LARGEST SECURITY ECOSYSTEM

Source: https://www.checkpoint.com/partners/opsec


THANK YOU

detect & defend 2018 it-cube & check point pdfs/dd 18...environments protect it with...

Documents