detect & defend 2018 it-cube & check point pdfs/dd 18...environments protect it with...
TRANSCRIPT
1 ©2018 Check Point Software Technologies Ltd. ©2018 Check Point Software Technologies Ltd.
Christine Schoenig
Technical Manager, Germany
Check Point Infinity for IoT Security –
Die Cyber Security Architektur der Zukunft
DETECT & DEFEND 2018 IT-CUBE & CHECK POINT
[Internal Use] for Check Point employees
2 ©2018 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees
• Das Internet der Dinge (Internet of things, IoT) ist ein Netzwerk aus
physischen Geräten wie z.B. Fahrzeugen, Haushaltsgeräten und
anderen Gegenständen, die mit Elektronik, Software, Sensoren,
Aktoren und Konnektivität versehen sind. Ziel des Internets der Dinge
ist es automatisch relevante Informationen aus der realen Welt zu
erfassen, miteinander zu verknüpfen und im Netzwerk verfügbar zu
machen.
• Die Zahl der online fähigen Geräte stieg in 2017 in nur einem Jahr um
31% auf 8,4 Milliarden im Vergleich zu 2016. Experten schätzen, dass
das IoT bis 2020 aus rund 30 Milliarden Objekten bestehen wird. Es
wird auch geschätzt, dass der globale Marktwert des Internet der
Dinge bis 2020 7,1 Billionen Dollar erreichen wird.
Internet of things
3 ©2018 Check Point Software Technologies Ltd.
4 ©2018 Check Point Software Technologies Ltd.
Smart Cities
IoT & ICS
Offices
Smart Buildings
Sensors
Devices
Retail
Automotive
Smart Homes
Utilities Telco's
Fleet Management
[Restricted] for designated teams
Manufacturing
Healthcare
5 ©2018 Check Point Software Technologies Ltd.
IoT is Already All Around Us
And will be a substantial part of our lives in the coming Future…
Connected Cars Connected Home
Smart Cities
Healthcare
[Protected] Non-confidential content
Smart Buildings
Industrial IoT
Quelle: MIPS
6 ©2018 Check Point Software Technologies Ltd.
Motivation
[Protected] Distribution or modification is subject to approval
Quelle: Deloitte
7 ©2018 Check Point Software Technologies Ltd. [Restricted] for designated teams
ATM
POS
Vending Machines
Manufacturing
Machines
Surveillance Cameras
Printers
What do they all have in Common?
Routers Sensors
©2016 Check Point Software Technologies Ltd.
8
“
“
More than 25% of cyber attacks will involve the internet of things (IoT) by 2020
Gartner
90% of IoT devices are unsecured (Gartner)
9 ©2018 Check Point Software Technologies Ltd.
10 ©2018 Check Point Software Technologies Ltd.
11 ©2018 Check Point Software Technologies Ltd.
12 ©2018 Check Point Software Technologies Ltd.
Default Passwords
Software Vulnerabilities
Mirai Botnet Attack
Remote Admin
C&C
©2018 Check Point Software Technologies Ltd. 13
How could one build a network of IoT bots?
• Search for the latest CVE for IoT device.
• Locate the devices model and brand
• Search www.shodan.io for online devices of that model.
• Execute the attack.
[Protected] Non-confidential content
14 ©2018 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals
Let‘s have a look
15 ©2018 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval
©2016 Check Point Software Technologies Ltd. 16
The Internet of
Ransomware Things
©2018 Check Point Software Technologies Ltd. 17
Why Attacks on IoT Are Possible?
Vulnerable Software & Hardware
Default Configuration Less/No Updates Less/No Encryption
Hard Coded Credentials
Unattended Devices Less/No
Segmentation No Standards/
Too Many Standards
[Protected] Non-confidential content
[Restricted] for designated teams
18 ©2018 Check Point Software Technologies Ltd. [Restricted] for designated teams
The Enterprise Environment
While Some See Things… We See a Trojan Horse
Building Office
19 ©2018 Check Point Software Technologies Ltd. [Restricted] for designated teams
©2015 Check Point Software Technologies Ltd. 20
A German steel mill – thousands of employees
21 ©2018 Check Point Software Technologies Ltd.
BSI Assessment Of The Attack
„ The technical capabilities of the attackers are considered to be very advanced. The compromise reached from a multitude of different internal systems to industrial components. The know-how of the attackers was not only very pronounced in the area of classic IT security, but also extended to detailed expertise on the industrial controls and production processes used."
The challenge to protect borderless networks
[Confidential] ONLY for designated groups and individuals
23 ©2018 Check Point Software Technologies Ltd.
How would you…
Keep attackers
from hitting OT
Prevent exploits of vulnerable
systems
Build and monitor
rules that cover
everything
24 ©2018 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval
CHECK POINT SOFTWARE DEFINED PROTECTION (SDP) CONVERTING INTELLIGENCE INTO PROTECTION
ENFORCEMENT LAYER
THREAT PREVENTION CONTROL LAYER
MANAGEMENT LAYER SINGLE MANAGEMENT
ENDPOINT SECURITY
NETWORK SECURITY GATEWAY
MOBILE SECURITY
VIRTUAL SYSTEMS
CLOUD SECURITY OT
Networks
©2015 Check Point Software Technologies Ltd. 25
CLOUD MOBILE THREAT PREVENTION
CONSOLIDATED SYSTEM
OT Networks
26 ©2018 Check Point Software Technologies Ltd. 26 ©2018 Check Point Software Technologies Ltd.
CHECK POINT INFINITY
27 ©2018 Check Point Software Technologies Ltd. [Restricted] for designated teams
Best Practices for Securing OT
Secure Both OT and IT
Environments
Protect IT with Advanced Threat Prevention Technologies
Clear Segmentation between
OT and IT/Internet
Deploy Specialized ICS/SCADA Security Technologies
28 ©2018 Check Point Software Technologies Ltd. [Restricted] for designated teams
ICS Solution Building Blocks
Unified IT/OT Management
• Customized Visibility
• Unified Policy
• Anomaly detection
• Integration with SIEM systems
Environment
• Ruggedized Appliances for Harsh Environments
• Visibility and Granular Control of ICS/SCADA Traffic
• Stops exploits of known vulnerabilities
• Using IDS/IPS Signatures
Control & Virtual
Patching
29 ©2018 Check Point Software Technologies Ltd.
ICS Solution Building Blocks
• Visibility and Granular Control of ICS/SCADA Traffic
• Stops exploits of known vulnerabilities
• Using IDS/IPS Signatures
Control & Virtual
Patching
©2018 Check Point Software Technologies Ltd. 30
Most Extensive Support of SCADA/ICS-Specific Protocols
[Restricted] ONLY for designated groups and individuals
Over 900 SCADA and IoT commands
in Check Point Application Control
MMS
DNP3
Siemens
Step7
IEC 60870-5-104
IEC 61850
ICCP
OPC
DA & UA
Profinet
CIP IoT
©2018 Check Point Software Technologies Ltd. 31
Detailed forensics for incident investigations
Setting the Baseline Granular level logging of SCADA traffic –
DETAILED
GROUPED
ANALYZED
by
Check Point SMARTLOG &
SMARTEVENT
©2018 Check Point Software Technologies Ltd. 32
Setting Policy/Rules based on Functions and Values
[Restricted] ONLY for designated groups and individuals
Allowed values and
ranges
Protocol
Command
(Function)
Active or Passive Policy
©2018 Check Point Software Technologies Ltd. 33
Legacy Systems Are Often Unpatched
[Restricted] ONLY for designated groups and individuals
©2018 Check Point Software Technologies Ltd. 34 [Restricted] ONLY for designated groups and individuals
PROTECTED
by
Check Point
IPS
Virtual patching with over 300 dedicated IDS/IPS signatures
NSS Labs
Highest Rating
Stops exploits of known
vulnerabilities and detects
anomalous traffic
35 ©2018 Check Point Software Technologies Ltd. [Restricted] for designated teams
Environment
ICS Solution Building Blocks
• Ruggedized Appliances for Harsh Environments
©2018 Check Point Software Technologies Ltd. 36
• Fully featured Check Point security gateway
[Restricted] ONLY for designated groups and individuals
• Compliant to the most rigid regulations:
IEC 61850-3 and IEEE 1613
• 6x1GbE ports and firewall throughput of 2Gbps
• Compact fan-less design with no moving parts; temperature
range from -40°C to 75°C
• Can be used in In-line or Tap (Mirror) modes
• Routing and networking (e.g: BGP, OSPF, IPsec, etc.)
Check Point 1200R New Purpose-Built Ruggedized Security Gateway Appliance
37 ©2018 Check Point Software Technologies Ltd. [Restricted] for designated teams
Unified IT/OT Management
ICS Solution Building Blocks
• Customized Visibility
• Unified Policy
• Anomaly detection
• Integration with SIEM systems
©2018 Check Point Software Technologies Ltd. 38
UNIFIED IT and OT MANAGEMENT FOR BEST ROI AND OPTIMAL PROTECTION
Unified Policy
Customized Visibility
Everywhere Monitoring
[Restricted] ONLY for designated groups and individuals
Management integration
With Leading SIEM systems:
Q-Radar, ARCSight, Splunk
And more like Predix and
others
©2018 Check Point Software Technologies Ltd. 39
REPORTED
by
Check Point COMPLIANCE BLADE
Real-time assessment of
compliance with major regulations
Dedicated Compliance and Regulation Monitoring
SCADA SPECIFIC COMPLIANCE CHECKS
[Restricted] ONLY for designated groups and individuals
©2018 Check Point Software Technologies Ltd. 40
IoT Security Best Practices Segmentation
Access Policy
Patching/Virtual Patching
Pre-Infection/Post-Infection Threat Prevention
Data Leakage Prevention
Encryption
Standardization
[Restricted] ONLY for designated groups and individuals
41 ©2018 Check Point Software Technologies Ltd.
Visibility
[Restricted] for designated teams
Enterprise IoT Security
Control Network
PLC PLC
Security Gateway
SCADA Server
NAC - Discovery
Building
Office
MQTT Over Ethernet
WLAN / LAN
MQTT
BACNET
R80
Hospital
HL7, Dicom
42 ©2018 Check Point Software Technologies Ltd.
ICS/SCADA Environments with Multi-site Sectors: Electricity, Wind, O&G, Water
SCADA Server
Data Center
Smart Event
Communication cloud
Ethernet/IP/MPLS
Cellular
MODBUS High
Availability
1200R
RTU
Electric Sub-station
PLC
MODBUS
IT Zone
1200R
Wind Farms
MODBUS VPN 1200R
PLC
Waste Water
Clean
Water
Control Center
Natural Gas Production
PLC
1200R
43 ©2018 Check Point Software Technologies Ltd.
44 ©2018 Check Point Software Technologies Ltd.
Transportation
Manufacturing
Smart cities
Smart buildings
Banking
Utilities
Healthcare
Telecom
Automotive
Energy
Smart homes
cloud
Security in the age of
THINGS
45 ©2017 Check Point Software Technologies Ltd.
IoT, ICS/SCADA Verticals
Security Solution Examples
1. Check Point ICS Security: https://www.youtube.com/watch?v=crZrh1kQOew
2. Check Point Blog:
http://blog.checkpoint.com/tag/iot
3. Check Point Infinity:
https://youtu.be/FqOTbTRjsu4
Smart Cities Connected Cars Healthcare Smart Homes Smart Buildings Industrial IoT
ENFORCEMENT
MANAGEMENT
THREAT INTELLIGENCE CLOUD & INFRASTRUCTURE
APPLIANCES CASB 160+ TECHNOLOGY
PARTNERS
MOBILE
COMMUNICATIONS ICS
CHECK POINT PROVIDES ITS CUSTOMERS THE BEST SECURITY EVERYWHERE WITH THE INDUSTRY’S LARGEST SECURITY ECOSYSTEM
Source: https://www.checkpoint.com/partners/opsec
47 ©2018 Check Point Software Technologies Ltd.
THANK YOU