iot: exploring the threat surfaceintro the big idea securing the edge ... » elasticsearch. threat...
TRANSCRIPT
![Page 1: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/1.jpg)
IOT: EXPLORING THE THREAT SURFACE
Jason Ortiz
Sr. Integration Engineer
![Page 2: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/2.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
CONTENTSINTRO
THE BIG IDEA SECURING THE EDGE SECURING THE REST
SECURING THE DATA
![Page 3: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/3.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
01 | INTRODUCTION
![Page 4: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/4.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
02 | THE BIG IDEA
![Page 5: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/5.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
EVERYTHING I KNOW ABOUT IOT
THE BIG IDEA
![Page 6: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/6.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
EVERYTHING I KNOW ABOUT IOT SECURITY
THE BIG IDEA
![Page 7: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/7.jpg)
QUESTIONS? THANK YOU.
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
![Page 8: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/8.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
EVERYTHING I THINK SORT OF MAKES SENSE…
THE BIG IDEA
» IoT Ecosystem
» The Edge
» The Fog/Mist
» The Cloud
![Page 9: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/9.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
WHAT IS THE BIG IDEA?
THE BIG IDEA
» Data
» Data
» Data
» Simple
![Page 10: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/10.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
03 | SECURING THE EDGE
![Page 11: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/11.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
HARDWARE
THE EDGE
» Physical Ports
» uArt
» JTAG
![Page 12: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/12.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
FIRMWARE
THE EDGE
» Vulnerabilities
» Conventional
» Stored keys?
» Memory dump keys?
» Updates … or NOT
![Page 13: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/13.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
AUTHENTICATION
THE EDGE
» Sooooo many things!
» Based mostly in HTTP
![Page 14: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/14.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
AUTHENTICATION
THE EDGE
» Elliptic Curve Crypto?
» Blockchain?
0
450
900
1350
1800
Bitcoin Ethereum PayPal VISA
Transactions / Second
![Page 15: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/15.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
PAYLOADS
THE EDGE
![Page 16: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/16.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
04 | SECURING THE MIST, OR FOG, OR WHATEVER
![Page 17: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/17.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
OK BUT REALLY
THE … WHATEVER
» The Edge
» The Fog
» The Mist
» The Cloud
![Page 18: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/18.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
COMPONENTS
THE … WHATEVER
» Networking
» Messaging
» Ecosystems
» Data
![Page 19: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/19.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
NETWORKING
THE … WHATEVER
» Which part?
» User -> Stand Alone Device?
» User -> Cloud Connected Device?
» User -> Hub?
» Device -> Hub?
» Hub -> Cloud?
» User -> Cloud?
» Device -> Device?
» Device -> Cloud?
![Page 20: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/20.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
DNS REBINDING
THE … WHATEVER
» Same Origin Policy
» bad.js
» CVEs? You bet
![Page 21: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/21.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
DNS REBINDING
THE … WHATEVER
» Vulns Everywhere!
![Page 22: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/22.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
SECURE NETWORKING?
THE … WHATEVER
» Heavy Use of HTTPS
» Authentication?
» FIDO Alliance
![Page 23: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/23.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
QUEUES
THE … WHATEVER
» RabbitMQ
» Complex setup
» Basic security
» nats.io
» Auth
» TLS
![Page 24: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/24.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
MQTT
THE … WHATEVER
![Page 25: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/25.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
MQTT
THE … WHATEVER
» Anything interesting on a public broker?
» SHODAN
» C2 through MQTT
![Page 26: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/26.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
SECURING MQTT
THE … WHATEVER
» Enterprise Solution (HiveMQ)
» 3rd party broker
![Page 27: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/27.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
NODERED
THE … WHATEVER
![Page 28: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/28.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
NODERED
THE … WHATEVER
» Security?
» Anything live?
» API!
![Page 29: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/29.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
SECURING NODERED
THE … WHATEVER
» Authentication
» Secure Comms
![Page 30: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/30.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
WEB INTERFACES
THE … WHATEVER
» Basic Vulnerabilities
» Custom HTTP servers … but why?
![Page 31: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/31.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
Databases
THE … WHATEVER
» Mongo
» Postgres
pg_hba.conf
![Page 32: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/32.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
INDICES
THE … WHATEVER
» ElasticSearch
![Page 33: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/33.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
05 | SECURING THE DATA
![Page 34: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/34.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
SECURING THE DATA
THE DATA
» Make No Mistake … I mean PRIVACY
» Is perimeter security dead?
![Page 35: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/35.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
SECURING THE DATA
THE DATA
» CamerasUnited States
Japan
Italy
France
UK
0 1500 3000 4500 6000
![Page 36: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/36.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
SECURING THE DATA
THE DATA
» Cars and Cities?
![Page 37: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/37.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
SECURING THE DATA
THE DATA
» Wearable Medical Devices
“Frankly, I don’t give a damn if someone wants to change their heart rate data.”
![Page 38: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/38.jpg)
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING
SECURING THE DATA
THE DATA
» ?
![Page 39: IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat hunting and response | security consulting 05 | securing the data. threat hunting](https://reader033.vdocuments.site/reader033/viewer/2022053011/5f0e97287e708231d43ff908/html5/thumbnails/39.jpg)
QUESTIONS? THANK YOU.
THREAT HUNTING AND RESPONSE | SECURITY CONSULTING