internet of things (iot) security - cisco.com internet of things (iot) security: understanding the...

Download Internet Of Things (IoT) Security - cisco.com Internet Of Things (IoT) Security: Understanding The Challenges

Post on 07-Sep-2019

0 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Internet Of Things (IoT) Security: Understanding The Challenges While Mitigating the Risks

    Demetris Booth, APJC Lead – Product Management & Product Marketing

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    Agenda

    • Overview & Benefits

    • Security Challenges

    • Mitigating Challenges • High Level View

    • Technical View

    • Bringing It All Together

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    7.2 6.8 7.6 World Population

    Adoption rate of digital infrastructure:

    5X faster than electricity and telephony

    50 Billion

    “Smart Objects”

    50

    2010 2015 2020

    0

    40

    30

    20

    10 B ill

    io n s o

    f D

    e v ic

    e s

    25

    12.5

    Inflection point

    Timeline

    IoT Is Here Now – and Growing!

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    Relation to Internet of Everything (IoE)

    IoE

    Connecting people in more relevant, valuable ways

    People

    Leveraging data into more useful information for decision making

    Data

    Delivering the right information to the right person (or machine) at the right time

    Process

    Physical devices and objects connected to the Internet and each other for intelligent decision making

    Things

    Networked Connection of People, Process, Data, Things

    IoE: Connecting the Unconnected to Generate Business Value

  • IoT Delivers Extraordinary Benefits

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    What Comprises IoT Networks?

    Information Technology

    (IT)

    Operational Technology

    (OT)

    Smart Objects

    7

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    Smart City

    Safety, financial, and environmental benefits

     Reduced congestion

     Improved emergency services response times

     Lower fuel usage

     Increased efficiency

     Power and cost savings

     New revenue opportunities

     Efficient service delivery

     Increased revenues

     Enhanced environmental monitoring capabilities

    8

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    The Connected Car

    Actionable intelligence, enhanced comfort, unprecedented convenience

     Online entertainment

     Mapping, dynamic re-routing, safety and security

     Transform “data” to “actionable intelligence”

     Enable proactive maintenance

     Collision avoidance

     Fuel efficiency

     Reduced congestion

     Increased efficiency

     Safety (hazard avoidance)

    9

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    Big Data Becomes Open Data for Customers, Consumers to Use

    More Important

    Less Important

    01010100101010101010101010101

    01010101010001010100101010101

    01110101010101010101

    IoT Transforms Data into Wisdom

    Wisdom (Scenario Planning)

    Data

    Information

    Knowledge

    10

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    … but it also adds complexity.

    Application Interfaces

    Infrastructure Interfaces

    New Business Models Partner Ecosystem

    Applications

    Unified Platform

    Infrastructure

    11

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    … but it also adds complexity.

    Application Interfaces

    Infrastructure Interfaces

    New Business Models Partner Ecosystem

    Applications

    Device and Sensor Innovation

    Unified Platform

    Infrastructure

    APPLICATION ENABLEMENT PLATFORM

    APPLICATION CENTRIC INFRASTRUCTURE

    APPLICATION AND BUSINESS INNOVATION

    Data Integration Big Data Analytics Control Systems Application

    Integration

    12

  • The Flip Side: Major Security Challenges

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    We’ve Created the Perfect Storm…

    > Device Explosion

    > Connectivity Explosion

    > State Cyber Programs

    > Industrialization of Hacking

    > “Hactivism”

    +

    +

    +

    +

    =

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    Traditional Security Challenges

    Increased Attack Surface

    Information Breach

    Data Privacy

    Smart Objects

    Devices

    Per Person

    Sensors

    Per Person

    6

    130

    Security Challenges

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    Superior Visibility

    Advanced video analytics, remote management, and multi-site event correlation

    Granular Control

    Differentiated policy enforcement across the extended network

    Advanced Threat Protection

    Comprehensive cyber security threat detection and mitigation

    Actionable Intelligence

    Internetworked security solutions for superior intelligence and rapid response

    Automated Decisions

    Machine-to-machine enabled security control with no human intervention required

    IoT Security Challenges

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    IoT Expands Security Needs

    IoT CONNECTIVITY

    Converged, Managed Network

    Resilience at Scale Security Application Enablement

    Distributed Intelligence

    New Applications

    Threat Diversity

    Impact and Risk

    Remediation

    Protocols

    Compliance and Regulation

    17

  • Mitigating The Security Risk Across the Extended Network – The 20,000 FT View

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    IT and OT are Inherently Different

     IT  OT

    • Connectivity: “Any-to-Any”

    • Network Posture: Confidentiality, Integrity, Availability (CIA)

    • Security Solutions: Cybersecurity; Data Protection

    • Response to Attacks: Quarantine/Shutdown to Mitigate

    • Connectivity: Hierarchical

    • Network Posture: Availability, Integrity, Confidentiality (AIC)

    • Security Solutions: Physical Access Control; Safety

    • Response to Attacks: Non-stop Operations/Mission Critical – Never Stop, Even if Breached

    19

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    IT/OT Converged Security Model

    20

    IT

    DMZ

    OT

    Enterprise Network

    Supervisory

    Demilitarised Zone

    Automation & Control

    Id e

    n ti

    ty S

    e rv

    ic e

    s

    C lo

    u d

    N e

    tw o

    rk S

    e c

    u ri

    ty

    S e

    c u

    re A

    c c

    e s

    s

    A p

    p li

    c a

    ti o

    n C

    o n

    tr o

    l

    C o

    n fi

    g

    M g

    m t

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    The Secure IoT Architecture – IT Plus OT!

    Services

    Application Interfaces

    Infrastructure Interfaces

    New Business Models Partner Ecosystem

    Applications

    Device and Sensor Innovation

    Application Enablement Platform

    Application Centric Infrastructure

    Security

    APPLICATION AND BUSINESS INNOVATION

    Data Integration

    Big Data Analytics Control Systems

    Application Integration

    Network and Perimeter Security

    Physical Security

    Device-level Security /

    Anti-tampering

    Cloud-based Threat Analysis /

    Protection

    End-to-End Data Encryption

    Services

    21

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    Cisco Security Model

    Attack Continuum

    Network Endpoint Mobile Virtual Cloud

    Point in time Continuous

    Detect

    Block

    Defend

    DURING BEFORE Control

    Enforce

    Harden

    AFTER Scope

    Contain

    Remediate

  • Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

    Security/Attack Continuum - IT

    Detect

    Block

    Defend

    DURING BEFORE Control

    Enforce

    Harden

    AFTER Scope

    Contain

    Remediate

    Cloud-based threat

    detection and

    prevention; policy

    enforcement via

    firewall, V