Effective Cybersecurity for the Internet of Things (IoT)...Effective Cybersecurity for the Internet...
20
Effective Cybersecurity for the Internet of Things (IoT) Bret Hartman Vice President and Chief Technology Officer, Cisco Security Business Group November 21, 2014
Transcript of Effective Cybersecurity for the Internet of Things (IoT)...Effective Cybersecurity for the Internet...
Effective Cybersecurity for the Internet of Things (IoT)
Bret Hartman
Vice President and Chief Technology Officer, Cisco Security Business Group
November 21, 2014
Cisco Confidential 2 ©2014 Cisco and/or its affiliates. All rights reserved. CONNECTED THINGS
Cisco Confidential 3 ©2014 Cisco and/or its affiliates. All rights reserved.
Security is Foundational to Gain Greater Value from IoE
Networked Connection of People, Process, Data, Things
People Connecting People in More
Relevant, Valuable Ways
Process Delivering the Right Information
to the Right Person (or Machine)
at the Right Time
Data Leveraging Data into
More Useful Information
for Decision Making
Things Physical Devices and Objects
Connected to the Internet and
Each Other for Intelligent
Decision Making
IoE
Cisco Confidential 4 ©2014 Cisco and/or its affiliates. All rights reserved.
New Risks Present New Challenges
Changing
Business Models
Dynamic
Threat Landscape
Complexity
& Fragmentation
Cisco Confidential 4 ©2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 5 ©2014 Cisco and/or its affiliates. All rights reserved.
Security Policies IT Network IoT Network
Focus Protecting Intellectual
Property and Company Assets
24/7 Operations, High OEE, Safety, and Ease of Use
Implications of a Device Failure
Continues to Operate Could Stop Processes, Impact
Markets, Physical Harm
Threat Protection Shut Down Access to Detected Threat and
Remediate
Potentially Keep Operating with a Detected Threat
Infrastructure Life Cycle
Equipment upgrades and refresh <5 years
Avoid Equipment upgrades (lifespan 15+ years)
New Challenges Require a Shift in Priorities
Cisco Confidential 6 ©2014 Cisco and/or its affiliates. All rights reserved.
Enterprise Network
DMZ
Supervisory Network
Control System Network
Web
Server
App Server
SCADA Historian
Database
Historian HMI
IEDs/PLCs
Remote Facility
VPN
Field Network
IEDs/PLCs
Cloud Systems
Internet
The Attack Surface Grows and Evolves in IoT
Threats through
Remote Access
Threats from Infected HMI’s
Threats from Unauthorized Control
Threats from Cloud Services and Internet
Threats from Unauthorized Control Uncontrolled Access
Exfiltration attacks
Cisco Confidential 7 ©2014 Cisco and/or its affiliates. All rights reserved.
Threat-Centric Security Approach
BEFORE Discover
Enforce
Harden
AFTER Scope
Contain
Remediate
Attack Continuum
Detect
Block
Defend
DURING
Point in Time Continuous
Endpoint Network Mobile Virtual Cloud
Cisco Confidential 8 ©2014 Cisco and/or its affiliates. All rights reserved.
Comprehensive Security Product Portfolio
IPS & NGIPS
• Cisco IPS 4300 Series
• Cisco ASA 5500-X Series integrated IPS
• FirePOWER NGIPS
• FirePOWER NGIPS w/ Application Control
• FirePOWER Virtual NGIPS
NAC + Identity Services
• Cisco Identity Services Engine (ISE)
• Cisco Access Control Server (ACS)
Email Security
• Cisco Email Security Appliance (ESA)
• Cisco Virtual Email Security Appliance (vESA)
• Cisco Cloud Email Security
Web Security
• Cisco Web Security Appliance (WSA)
• Cisco Virtual Web Security Appliance (vWSA)
• Cisco Cloud Web Security
UTM
• Meraki MX
Advanced Malware Protection
• AMP for Networks
• AMP for Endpoints
• AMP for Private Cloud / Virtual Appliance
VPN
• Cisco AnyConnect VPN
Firewall & NGFW
• Cisco ASA 5500-X Series
• Cisco ASA 5500-X w/ NGFW
license
• Cisco ASA 5585-X w/ NGFW
blade
• Cisco ASA with FirePOWER Services
Cisco Confidential 9 ©2014 Cisco and/or its affiliates. All rights reserved.
Platform-Based Threat-Focused Visibility-Driven
Strategic Imperatives
Broad Sensor Base,
Context and Automation
Continuous Advanced Threat
Protection, Cloud-Based
Security Intelligence
Agile and Open Platforms,
Built for Scale, Consistent
Control, Management
Endpoint Network Mobile Virtual Cloud
Cisco Confidential 10 ©2014 Cisco and/or its affiliates. All rights reserved.
Threat Centric Security at Work
HEARTBLEED
STRING OF PAERLS
SNOWSHOE SPAM
CRYPTOLOCKER
Cisco Confidential 11 ©2014 Cisco and/or its affiliates. All rights reserved.
Advanced Malware Protection Everywhere
Dedicated FirePOWER Appliance
Web & Email Security Appliances
Private Cloud
Cloud Based Web Security & Hosted Email
Mac OS X
Virtual Mobile PC
NGIPS /NGFW on FirePOWER
Enterprise
Capabilities
Continuous &
Zero-Day Detection Advanced Analytics
And Correlation
Cisco Confidential 12 ©2014 Cisco and/or its affiliates. All rights reserved.
Collective Security Intelligence
Future Security Platforms Will Reduce Complexity and Increase Capability
Centralized Management Appliances, Virtual
Network/DC Control Platform
Appliances, Virtual
Device Control Platform
Host, Mobile, Virtual
Cloud Services Control Platform
Hosted
Cisco Confidential 13 ©2014 Cisco and/or its affiliates. All rights reserved.
Cisco ASA with FirePOWER Services Industry’s First Threat-Focused Next-Generation Firewall
Cisco ASA firewalling combined with Sourcefire Next-Generation IPS
Advanced Malware Protection (AMP)
Best-in-class security intelligence, application visibility and control (AVC), and URL filtering
Superior, multilayered threat protection
Unprecedented network visibility
Integrated threat defense across the entire attack continuum
Reduced cost and complexity
Cisco Confidential 14 ©2014 Cisco and/or its affiliates. All rights reserved.
How
What
Who
Where
When
Cisco Identity Services Engine (ISE) Delivering the Visibility and Control for Secure Network Access
Network
Partner Context Data
Cisco ISE
Consistent Secure Access Policy
Cisco Confidential 15 ©2014 Cisco and/or its affiliates. All rights reserved.
The Security Perimeter in the Cloud
Cloud Connected Network
Collective Security Intelligence
Telemetry Data Threat Research Advanced Analytics
Mobile Router Firewall
Millions Cloud Web Security Users
6GB Web Traffic Examined, Protected Every Hour
75M Unique Hits Every Hour
10M Blocks Enforced Every Hour
The Distributed Perimeter
Cisco Confidential 16 ©2014 Cisco and/or its affiliates. All rights reserved.
Provisioning
Simplified Service Chaining
Dynamic Policy Management
Rapid Instantiation
Performance
On Demand Scalability
Increased Clustering Size
Multi-Site Clustering
Protection
Integrated Security and Consistent Policy Enforcement (Physical & Virtual)
Active Monitoring & Comprehensive Diagnostics for Threat Mitigation
Cisco Security Integrated into ACI
Intelligent
Fabric Security
Cisco Confidential 17 ©2014 Cisco and/or its affiliates. All rights reserved.
FY15 Security Services
Managed Integration Advisory
Custom Threat Intelligence
Technical Security
Assessments
Integration Services
Security Optimization
Services
Managed Threat Defense
Remote Managed
Services
Cisco Confidential 18 ©2014 Cisco and/or its affiliates. All rights reserved.
Conclusion
• IoT advances present new risks and unique cybersecurity challenges
• To address these challenges requires visibility, continuous control and advanced threat protection across the entire attack continuum—before, during and after an attack
• Cisco is focused on delivering cybersecurity advancements to protect all of the interactions of the IoT
Cisco Confidential 19 ©2014 Cisco and/or its affiliates. All rights reserved.
Reliable Partner
Proven Innovator
Global Operations
Talent
E2E Security
Top Products
COMPANY TECHNOLOGY OUTCOMES
Your Number One Partner for Security
Thank you.
