The Security Consideraon for IoT - documents.grenadine.codocuments.grenadine.co/Pipeline...

11
FIRST LINE OF DEFENSE The Security Considera2on for IoT Dave Larson COO & CTO © 2016 Corero www.corero.com

Transcript of The Security Consideraon for IoT - documents.grenadine.codocuments.grenadine.co/Pipeline...

Page 1: The Security Consideraon for IoT - documents.grenadine.codocuments.grenadine.co/Pipeline Publishing/ICTXS... · FIRST LINE OF DEFENSE So what exactly is a ‘thing’? § In the IOT

FIRST LINE OF DEFENSE

TheSecurityConsidera2onforIoT

DaveLarsonCOO&CTO

©2016Corerowww.corero.com

Page 2: The Security Consideraon for IoT - documents.grenadine.codocuments.grenadine.co/Pipeline Publishing/ICTXS... · FIRST LINE OF DEFENSE So what exactly is a ‘thing’? § In the IOT

FIRST LINE OF DEFENSE

TheTbpsEra?

IoTDDoS

KrebsOVHDYN…

20+YearsofDoSACacks

First Hacktivist event: Zapatista National Liberation Army

DoS for Notoriety

MafiaBoy DDoS: Yahoo!, Amazon, Dell, CNN, Ebay, Etrade

Spammers discover botnets

Organized crime: Extortion

Estonia: Parliament, banks, media, Estonia Reform Party

1993 2013 1995 1997 1999 2001 2003 2005 2007 2009 2011

Anon hits Church of Scientology

Panix.net hit with first major DDoS

2016

Coordinated US bank attacks: Grew to 200 Gbps, and continue today

ProtonMail attack

Spamhaus attack: Reported to reach 310 Gbps

500 Gbps Hong Kong attack France swarmed after terror attack PlayStation & Xbox hit at Christmas

2017

Rio Olympics 540 Gbps

Page 3: The Security Consideraon for IoT - documents.grenadine.codocuments.grenadine.co/Pipeline Publishing/ICTXS... · FIRST LINE OF DEFENSE So what exactly is a ‘thing’? § In the IOT

FIRST LINE OF DEFENSE

Sowhatexactlyisa‘thing’?§  IntheIOTa‘thing’canbemanythings

•  Securitycamera,babymonitor,thermostat,DVR,LEDlightbulb,industrialcontroldevice,refrigerator,etc.

§  Itswhattheyhaveincommonthat’stheproblem•  Generalpurposeprocessor•  RunsLinux•  Highspeedwired/wirelesstrustedconnecXon•  OYendeployedindefaultconfiguraXon•  Rarely,ifever,patchedorevenmonitored•  LiClethoughtgiventosecurityarchitecture

©2016Corerowww.corero.com3

Page 4: The Security Consideraon for IoT - documents.grenadine.codocuments.grenadine.co/Pipeline Publishing/ICTXS... · FIRST LINE OF DEFENSE So what exactly is a ‘thing’? § In the IOT

FIRST LINE OF DEFENSE

AnatomyofaBotnetDDoSACack

©2016Corerowww.corero.com4

A6ackerinstallscodethatcreatesacommandandcontrolenXtythatautomaXcallyidenXfiesandcompromisesanarmyofbots.

CommandandControlServerexecutesthecommandsthatputthebotnettowork.

BotnetanetworkofmalwareinfecteddevicescontrolledremotelybytheaCacker.

Page 5: The Security Consideraon for IoT - documents.grenadine.codocuments.grenadine.co/Pipeline Publishing/ICTXS... · FIRST LINE OF DEFENSE So what exactly is a ‘thing’? § In the IOT

FIRST LINE OF DEFENSE

AnatomyofaBotnetDDoSACack

©2016Corerowww.corero.com5

Infecteddevicessendlargeamountsofbogustraffictotargetedserver(s)orservicesconnectedtotheInternet.

Page 6: The Security Consideraon for IoT - documents.grenadine.codocuments.grenadine.co/Pipeline Publishing/ICTXS... · FIRST LINE OF DEFENSE So what exactly is a ‘thing’? § In the IOT

FIRST LINE OF DEFENSE

DDoSalwaysevolving-“IoT”upsthechallenge§  Gartner,Inc.forecaststhatInternetconnected

thingswillreach20.8billionby2020.§  MiraicodemadeavailableinearlyOct.–malware

spreadstodeviceswithfactorydefaultorhard-codedusernamesandpasswords

§  CountlessaCackvectorsandaCacktypesoutinthewild-NewlydiscoveredCLDAPvectorwithupto55xamplificaXonfactor

§  Newtechniques,combinaXonaCacks,DDoSforhireservicescoupledwithunlimitedmoXvaXonscreateavolaXleDDoSlandscape

©2016Corerowww.corero.com6 hCp://www.gartner.com/newsroom/id/3165317

FriendorFoe?

Page 7: The Security Consideraon for IoT - documents.grenadine.codocuments.grenadine.co/Pipeline Publishing/ICTXS... · FIRST LINE OF DEFENSE So what exactly is a ‘thing’? § In the IOT

FIRST LINE OF DEFENSE

CommunityResponsibility

©2016Corerowww.corero.com7

TheCarriersthemselvesmustdomoretoenable‘cleanpipe’totheirdownstreamsubscribers—cleaningupaCacktrafficaswellasensuringthatcompromiseddevicesontheiraccessnetworkarequicklyidenXfiedandremediated

DeviceManufacturersmustputsecuritymeasuresinplace.NodeviceshouldconnecttotheInternet‘outofthebox’

OtherwisewewillhavegovernmentlegislaXonforcingCarriersandManufacturesofIoTdevicesaliketoworktowardeliminaXngtheproblem

Page 8: The Security Consideraon for IoT - documents.grenadine.codocuments.grenadine.co/Pipeline Publishing/ICTXS... · FIRST LINE OF DEFENSE So what exactly is a ‘thing’? § In the IOT

FIRST LINE OF DEFENSE

NewBreedofBigger‘Surgical’DDoSACacks

8 ©2016Corerowww.corero.com

84% OF ATTACKS ARE

LESS THAN 10 MINUTES

1.6% OF ATTACKS ARE

GREATER THAN 5 Gbps

Page 9: The Security Consideraon for IoT - documents.grenadine.codocuments.grenadine.co/Pipeline Publishing/ICTXS... · FIRST LINE OF DEFENSE So what exactly is a ‘thing’? § In the IOT

FIRST LINE OF DEFENSE

SophisXcatedMulX-LayeredACacks

9 ©2016Corerowww.corero.com

§  EnoughvolumetocrippletargetinfrastructureordesXnaXon§  AdvancedDoSaCackscraYedtoavoiddetecXon§  ShortduraXonsavoidlegacyDDoSscrubbingmiXgaXontechniques(TTM)

Ongoinglow-level,backgrounda6acks

Volumerampedto68Gbforafewminutes

Ini?alA6ackphase

Page 10: The Security Consideraon for IoT - documents.grenadine.codocuments.grenadine.co/Pipeline Publishing/ICTXS... · FIRST LINE OF DEFENSE So what exactly is a ‘thing’? § In the IOT

FIRST LINE OF DEFENSE

DDoSProtecXonRecommendaXons1.   DetermineWheretoProtectfromDDoS

•  DefeaXngDDoSwithanalways-ondeploymentatthenetworkedge,removesthethreatfromyourenvironment

•  LegacyapproachtomiXgaXoncannotkeepupwiththeevolvingthreatlandscape–(TTM)TimeToMiXgaXonandthescaleofaCacks(needtoinspecteverypacket)

•  Newapproach,protecXngyourcustomeraswellasyourinfrastructure,allowsyoutheprovider,tomoneXzetheserviceandupliYexisXngservicesrevenue

2.   ChoosetherightDDoSProtec2onServiceStrategy•  TestsoluXonsforXmetomiXgaXon,performancecapability,scalabilityacrossyour

network,andautomaXcsecuritycoverage.•  AnalyXcstoensureyoucanshowthevaluetoyourcustomerstomeettheir

requirements

10

The image part with relationship ID rId3 was not found in the file.

Page 11: The Security Consideraon for IoT - documents.grenadine.codocuments.grenadine.co/Pipeline Publishing/ICTXS... · FIRST LINE OF DEFENSE So what exactly is a ‘thing’? § In the IOT

FIRST LINE OF DEFENSE

ThankYou!DaveLarson [email protected]


Eclipse IoT stack with Java and the End-to-end IoT solutions IoT... · with Java and the Eclipse IoT stack. IoT is Big. Open IoT Stack for Java. End-to-end IoT? Actuators/Sensors

Eclipse IoT stack with Java and the End-to-end IoT solutions IoT... · with Java and the Eclipse IoT stack. IoT is Big. Open IoT Stack for Java. End-to-end IoT? Actuators/Sensors

Microsoft's IoT Vision... · Microsoft's IoT Vision Crystal Ju Senior Program Manager, Industrial IoT Azure IoT. OPERATIONS PEOPLE ... multiple IoT Hubs Re-provisioning support Supports

Microsoft's IoT Vision... · Microsoft's IoT Vision Crystal Ju Senior Program Manager, Industrial IoT Azure IoT. OPERATIONS PEOPLE ... multiple IoT Hubs Re-provisioning support Supports

Power IoT - datacentrix.co.za · Power IoT . DAVID RANDOLPH HOELSCHER. Director of IOT Marketing . Huawei Technologies . 3. Content C-IoT Insight NB-IoT Industry update NB-IoT Use

Power IoT - datacentrix.co.za · Power IoT . DAVID RANDOLPH HOELSCHER. Director of IOT Marketing . Huawei Technologies . 3. Content C-IoT Insight NB-IoT Industry update NB-IoT Use

Annual General Meengs of Athle cs Canterbury Centre · 5 Consideraon and Approval of Annual Report 6 Consideraon and Approval of Annual Financial Statements 7 Considera on of Remits

Annual General Meengs of Athle cs Canterbury Centre · 5 Consideraon and Approval of Annual Report 6 Consideraon and Approval of Annual Financial Statements 7 Considera on of Remits

COMPANY PROFILE BOSCH: IoT SUITE PLATFORM AND IoT CLOUD ... · BOSCH: IoT Suite platform and IoT cloud ... IoT Suite platform and IoT cloud services ... irregular messages which in

COMPANY PROFILE BOSCH: IoT SUITE PLATFORM AND IoT CLOUD ... · BOSCH: IoT Suite platform and IoT cloud ... IoT Suite platform and IoT cloud services ... irregular messages which in

IoT Connectivity & IoT Analytics

IoT Connectivity & IoT Analytics

Smart@Iot Ai-Iot Healthcare Solution in Smart Homes ...openaccessebooks.com/telemedicine/smart-Iot-ai-Iot-healthcare-solu… · Smart@Iot Ai-Iot Healthcare Solution in Smart Homes

Smart@Iot Ai-Iot Healthcare Solution in Smart Homes ...openaccessebooks.com/telemedicine/smart-Iot-ai-Iot-healthcare-solu… · Smart@Iot Ai-Iot Healthcare Solution in Smart Homes

Internet of threats - the home of IoT news, analysis and ... · IoT security risks Iot threat detection IoT network security IoT encryption ioT security analytics IoT API security

Internet of threats - the home of IoT news, analysis and ... · IoT security risks Iot threat detection IoT network security IoT encryption ioT security analytics IoT API security

ANNUAL REPORT - Province of Manitobavitalstats.gov.mb.ca/pdf/2019_vs_annual_report_en.pdf · On behalf of staff, it is my pleasure to submit for your review and consideraon the 24th

ANNUAL REPORT - Province of Manitobavitalstats.gov.mb.ca/pdf/2019_vs_annual_report_en.pdf · On behalf of staff, it is my pleasure to submit for your review and consideraon the 24th

JOINT ADMISSIONS EXERCISE 2016 - CHIJ Secondary Level/… · can be submi[ed to MoE for consideraon. Decision Making • Strengths, Interests • Learning Environment Personal Characteris2cs

JOINT ADMISSIONS EXERCISE 2016 - CHIJ Secondary Level/… · can be submi[ed to MoE for consideraon. Decision Making • Strengths, Interests • Learning Environment Personal Characteris2cs

IoT Week Rotterdam - Education and IoT

IoT Week Rotterdam - Education and IoT

Agile Monetization for smartdocuments.grenadine.co/Pipeline Publishing/ICTXS...Agile Monetization for smart business Helping you unlock new revenue streams through agile monetization.

Agile Monetization for smartdocuments.grenadine.co/Pipeline Publishing/ICTXS...Agile Monetization for smart business Helping you unlock new revenue streams through agile monetization.

PyPortal IoT Plant Monitor with AWS IoT and …...AWS IoT AWS IoT ( is an IoT service for those looking for an incredibly scalable and secure Internet-of-Things (IoT) service. Integration

PyPortal IoT Plant Monitor with AWS IoT and …...AWS IoT AWS IoT ( is an IoT service for those looking for an incredibly scalable and secure Internet-of-Things (IoT) service. Integration

Customer Experience Management Through the Evolution of ...documents.grenadine.co/Pipeline Publishing/ICTXS/AdvancedCEMSli… · Customer Experience Management Through the Evolution

Customer Experience Management Through the Evolution of ...documents.grenadine.co/Pipeline Publishing/ICTXS/AdvancedCEMSli… · Customer Experience Management Through the Evolution

V 1.4 April 2020€¦ · Internet Of Things IOT core Amazon FreeRTOS IOT I-CIiCk IOT Analytics IOT Device Detender IOT Device Management IOT Events IOT Greengrass IOT Sitewjse IOT

V 1.4 April 2020€¦ · Internet Of Things IOT core Amazon FreeRTOS IOT I-CIiCk IOT Analytics IOT Device Detender IOT Device Management IOT Events IOT Greengrass IOT Sitewjse IOT

PCS Consideraon for 50 GbE and NG 100 GbE - IEEE-SAgrouper.ieee.org/groups/802/3/50G/public/Mar16/ghiasi_50GE_NGOATH... · PCS Consideraon for 50 GbE and NG 100 GbE Ali Ghiasi Ghiasi

PCS Consideraon for 50 GbE and NG 100 GbE - IEEE-SAgrouper.ieee.org/groups/802/3/50G/public/Mar16/ghiasi_50GE_NGOATH... · PCS Consideraon for 50 GbE and NG 100 GbE Ali Ghiasi Ghiasi

AWS IoT - Guida per gli sviluppatori · AWS IoT Guida per gli sviluppatori Che cos'è AWS IoT? AWS IoT.

AWS IoT - Guida per gli sviluppatori · AWS IoT Guida per gli sviluppatori Che cos'è AWS IoT? AWS IoT.

Implementation of Industrial IoT to Deliver Value Industrial IoT...Implementing Industrial IoT Systems IoT Reference Model* Industrial IoT Technologies *Rob Soderbury, Cisco, 2014

Implementation of Industrial IoT to Deliver Value Industrial IoT...Implementing Industrial IoT Systems IoT Reference Model* Industrial IoT Technologies *Rob Soderbury, Cisco, 2014

Open Source IoT (OS-IoT) - ATIS

Open Source IoT (OS-IoT) - ATIS

Workshop AWS IoT @ IoT World Paris

Workshop AWS IoT @ IoT World Paris