internet of things (iot) security - cisco.com internet of things (iot) security: understanding the...
Post on 07-Sep-2019
0 views
Embed Size (px)
TRANSCRIPT
Internet Of Things (IoT) Security: Understanding The Challenges While Mitigating the Risks
Demetris Booth, APJC Lead – Product Management & Product Marketing
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Agenda
• Overview & Benefits
• Security Challenges
• Mitigating Challenges • High Level View
• Technical View
• Bringing It All Together
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
7.2 6.8 7.6 World Population
Adoption rate of digital infrastructure:
5X faster than electricity and telephony
50 Billion
“Smart Objects”
50
2010 2015 2020
0
40
30
20
10 B ill
io n s o
f D
e v ic
e s
25
12.5
Inflection point
Timeline
IoT Is Here Now – and Growing!
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Relation to Internet of Everything (IoE)
IoE
Connecting people in more relevant, valuable ways
People
Leveraging data into more useful information for decision making
Data
Delivering the right information to the right person (or machine) at the right time
Process
Physical devices and objects connected to the Internet and each other for intelligent decision making
Things
Networked Connection of People, Process, Data, Things
IoE: Connecting the Unconnected to Generate Business Value
IoT Delivers Extraordinary Benefits
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
What Comprises IoT Networks?
Information Technology
(IT)
Operational Technology
(OT)
Smart Objects
7
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Smart City
Safety, financial, and environmental benefits
Reduced congestion
Improved emergency services response times
Lower fuel usage
Increased efficiency
Power and cost savings
New revenue opportunities
Efficient service delivery
Increased revenues
Enhanced environmental monitoring capabilities
8
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
The Connected Car
Actionable intelligence, enhanced comfort, unprecedented convenience
Online entertainment
Mapping, dynamic re-routing, safety and security
Transform “data” to “actionable intelligence”
Enable proactive maintenance
Collision avoidance
Fuel efficiency
Reduced congestion
Increased efficiency
Safety (hazard avoidance)
9
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Big Data Becomes Open Data for Customers, Consumers to Use
More Important
Less Important
01010100101010101010101010101
01010101010001010100101010101
01110101010101010101
IoT Transforms Data into Wisdom
Wisdom (Scenario Planning)
Data
Information
Knowledge
10
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
… but it also adds complexity.
Application Interfaces
Infrastructure Interfaces
New Business Models Partner Ecosystem
Applications
Unified Platform
Infrastructure
11
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
… but it also adds complexity.
Application Interfaces
Infrastructure Interfaces
New Business Models Partner Ecosystem
Applications
Device and Sensor Innovation
Unified Platform
Infrastructure
APPLICATION ENABLEMENT PLATFORM
APPLICATION CENTRIC INFRASTRUCTURE
APPLICATION AND BUSINESS INNOVATION
Data Integration Big Data Analytics Control Systems Application
Integration
12
The Flip Side: Major Security Challenges
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
We’ve Created the Perfect Storm…
> Device Explosion
> Connectivity Explosion
> State Cyber Programs
> Industrialization of Hacking
> “Hactivism”
+
+
+
+
=
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Traditional Security Challenges
Increased Attack Surface
Information Breach
Data Privacy
Smart Objects
Devices
Per Person
Sensors
Per Person
6
130
Security Challenges
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Superior Visibility
Advanced video analytics, remote management, and multi-site event correlation
Granular Control
Differentiated policy enforcement across the extended network
Advanced Threat Protection
Comprehensive cyber security threat detection and mitigation
Actionable Intelligence
Internetworked security solutions for superior intelligence and rapid response
Automated Decisions
Machine-to-machine enabled security control with no human intervention required
IoT Security Challenges
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
IoT Expands Security Needs
IoT CONNECTIVITY
Converged, Managed Network
Resilience at Scale Security Application Enablement
Distributed Intelligence
New Applications
Threat Diversity
Impact and Risk
Remediation
Protocols
Compliance and Regulation
17
Mitigating The Security Risk Across the Extended Network – The 20,000 FT View
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
IT and OT are Inherently Different
IT OT
• Connectivity: “Any-to-Any”
• Network Posture: Confidentiality, Integrity, Availability (CIA)
• Security Solutions: Cybersecurity; Data Protection
• Response to Attacks: Quarantine/Shutdown to Mitigate
• Connectivity: Hierarchical
• Network Posture: Availability, Integrity, Confidentiality (AIC)
• Security Solutions: Physical Access Control; Safety
• Response to Attacks: Non-stop Operations/Mission Critical – Never Stop, Even if Breached
19
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
IT/OT Converged Security Model
20
IT
DMZ
OT
Enterprise Network
Supervisory
Demilitarised Zone
Automation & Control
Id e
n ti
ty S
e rv
ic e
s
C lo
u d
N e
tw o
rk S
e c
u ri
ty
S e
c u
re A
c c
e s
s
A p
p li
c a
ti o
n C
o n
tr o
l
C o
n fi
g
M g
m t
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
The Secure IoT Architecture – IT Plus OT!
Services
Application Interfaces
Infrastructure Interfaces
New Business Models Partner Ecosystem
Applications
Device and Sensor Innovation
Application Enablement Platform
Application Centric Infrastructure
Security
APPLICATION AND BUSINESS INNOVATION
Data Integration
Big Data Analytics Control Systems
Application Integration
Network and Perimeter Security
Physical Security
Device-level Security /
Anti-tampering
Cloud-based Threat Analysis /
Protection
End-to-End Data Encryption
Services
21
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Cisco Security Model
Attack Continuum
Network Endpoint Mobile Virtual Cloud
Point in time Continuous
Detect
Block
Defend
DURING BEFORE Control
Enforce
Harden
AFTER Scope
Contain
Remediate
Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Security/Attack Continuum - IT
Detect
Block
Defend
DURING BEFORE Control
Enforce
Harden
AFTER Scope
Contain
Remediate
Cloud-based threat
detection and
prevention; policy
enforcement via
firewall, V