Download 13:40 A multi-layered approach for today`s

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
Document related concepts

Distributed firewall wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Information privacy law wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Data remanence wikipedia , lookup

Mobile security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
March 15, 2017
IoT Security
A multi-layered approach
for today’s threat landscape
Andreas Meyer
Global Portfolio Manager, AT&T
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated
companies. All other marks are the property of their respective owners. AT&T Proprietary (Internal Use Only). Not for use or disclosure outside the AT&T companies except under written agreement.
Has IoT increased our exposure to cyber threats?
50B
Connected devices estimated to secure by 20201
458%
Increase in IoT vulnerability scans on the internet2
#1
Barrier to customer adoption of IoT is security concerns3
90%
AT&T Cybersecurity Insights report
att.com/cybersecurity-insights
Security Resource Center
securityresourcecenter.att.com
Of businesses lack full confidence that their IoT devices are secure4
14%
Of companies have a formal audit process for connected devices5
1Cisco,
Inc., July 2015
Network Operations Center, 2015
3IDC, 2015
4AT&T State of IoT Security Survey, 2015
5AT&T State of IoT Security Survey, 2015
2AT&T
2
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
IoT security hacks in the news
Airbags
Entertainment
System
Steering
Integrated operational
& IT systems
Brakes
Researchers infiltrated the networks of late model
connected cars to gain control of their steering,
radio and automated driving features.
Open ports
No device
authentication
A power grid’s industrial control system experienced a
massive power outage when malware was downloaded
via a simple phishing email.
A hacking web application scans the internet for
unprotected connected IoT devices to extract personal
live webcam feeds and post them online.
Potential security vulnerability
3
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
WIRED, “How the Internet of Things got Hacked” 12.28.15.
http://www.wired.com/2015/12/2015-the-year-the-internet-of-things-got-hacked/
Convergence of IT and OT introduces new security challenges
Market demand and business economics drive these two silos together
IT
Manages business
environments
• Traditional IT security does not
translate to OT
• OT concerned with safety and
operational efficiency
Informational
Technology
IT manages data
for computers &
telecommunications
IT/OT Convergence
Introduces new security & operational challenges
OT
Manages critical
infrastructure
4
Monitors and controls
physical equipment
and processes
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered
trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property
of their respective owners.
Operational
Technology
IT and CIO
department
management
• OT utilizes separate systems
& protocols
• Managed by separate organizations
within the enterprise
OT and Process
department
management
Specialized systems, protocols,
processes (i.e. SCADA)
The IoT threat landscape requires a multi-layered approach to security
End-to-end security to help protect data in transit and data at rest from the IoT endpoint to the application
AT&T recommends a multi-layered approach to security
to help protect the IoT ecosystem end-to-end.
Top IoT security concerns:
•
Convergence of OT and IT
•
Strategy & Governance
Secure data in transit
Consulting
•
Secure data at rest
•
Integrity of the data
•
Reliability of the data
•
Sustaining operations
•
Physical safety
•
Operational efficiency
•
Access & authentication
(devices & users)
•
Software/Firmware updates
Endpoint
Connectivity
Data/Application
Mobile, IoT, Office/Fixed
Securing the network
Securing workloads/applications
Threat Management
Detection & response
5
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered
trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property
of their respective owners.
Connectivity
Layer
Highly secure IoT connectivity
Helping protect data in transit from IoT endpoint to enterprise backend
AT&T provides highly secure connectivity from the IoT endpoint to the enterprise,
helping keep customer data private and isolated throughout the IoT ecosystem.
Customer data does not have to traverse over the open internet
•
Securely segment data according to IoT need
•
Private and point-to-point connectivity options are supported and preferred
•
IoT devices & data in transit are not exposed to threats from the open internet
AT&T VPN
AT&T NetBond
Private APNs
Closed SMS/Voice User
Groups
AT&T Control Center
IoT endpoint
6
AT&T network
AT&T VPN
AT&T NetBond
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
Cloud/Premise
Data/ App
Layer
Defense in-depth approach for Industrial IoT
Recommended approach to help secure both OT and IT
Deploy specialized scalable ICS/SCADA security technologies to
help protect OT
Help secure
both OT and IT
Clear segmentation, protection and granular policy management
between OT and IT
environments
Utilize threat management to help detect and respond to events
7
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered
trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property
of their respective owners.
Threat Mgmt.
Layer
AT&T threat management services to help detect & respond to threats
Utilizing AT&T’s network visibility as a key asset for proactive threat management
• Monitoring customer assets
AT&T Threat Manager Enterprise Forensics
Advanced
Analytics
• Centralizing data into unified threat
platform
AT&T Threat Manager Log Analysis
• Advanced Big Data analytics
• Threat detection
• Proactive response
AT&T
Threat
Intellect
Threat
Data
Unified threat platform
Teams and
Tools
Utilizing AT&T network visibility
Proactive threat detection & response
Data and
Application
Endpoint
AT&T
Network
data
8
Security
Functions
data
3rd Party
data
AT&T managed security
Govt.
data
Connectivity
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
8 global
SOCs
1000s Security
Professionals
Response
within
minutes
End-to-end
protection
Why IoT Security from AT&T?
3.7B
Records pass through our Analysis Engines every hour
Scale
Visibility
Expertise
Threat intelligence
Global leader in
IoT & Security
100+
Petabytes of traffic across the network per day1
3800+
MPLS nodes in one of the largest IP networks in the world
8
Global Security Operations Centers
24/7/365
Operations support
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
© 2016
AT&T companies.
Intellectual All
Property.
All rights
AT&T,
Globerespective
logo, Mobilizing
9and/or AT&T
affiliated
other marks
are reserved.
the property
of their
owners.Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
1
As of February 2016
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
Current AT&T solutions to help secure each layer
• Device & Network-based
Authentication
(bi-directional)
• AT&T Control Center
• Endpoint Management
• Endpoint Security
Connectivity types:
• Wireless
• Wired
• Wi-Fi
• Satellite
• End-to-end private networking
and/or encryption
• Private User Groups
• IP level security
• IP blacklists/whitelists
Data/ App
Layer
Security Functions:
• Firewalls, DDoS Defense, Data
Loss Prevention, Cloud Web
Security, Intrusion Detection/
Prevention
IoT Services:
• M2X, Data Service
• M2X Data Storage
• Flow Designer for app
developers
Threat Mgmt.
Layer
Threat Management:
• Comprehensive threat data (network data, 3rd party data,
security function data)
• Big Data analytics for threat detection
• Proactive response
Endpoint Layer
Connectivity
Layer
11
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
IoT Security
Consulting
Services
Endpoint
Layer
Protecting the IoT endpoint
IoT endpoints can vary in type, processing power, capability and security need
No operating system
Little processing power
Limited functionality & bandwidth
Designed for specific purpose
Device & Network
Bi-directional
Authentication
12
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
Operating system
High processing power
Robust functionality & bandwidth
Highly capable
Enterprise Mobile
Management
Endpoint Security (antiMalware, web-filtering,
firewalls)
FOTA/SOTA
(firmware/software
over-the-air updates)
Encryption at Rest
Security
Consulting
IoT Security Consulting Practice
Programmatic approach to address IoT security risks
Security Consulting services from AT&T help customers
develop a sustainable model for IoT security practices.
We see to it that the entire IoT ecosystem is designed,
implemented, managed, and monitored efficiently and is
consistent with internal security policy, best practices, and
industry regulations.
•
•
•
•
•
•
•
•
•
13
Secure Network Architecture for IoT
Vulnerability assessments
Penetration testing
Risk and threat analysis
Privacy maintenance
Data integrity
Security of IoT software applications
Operational process development and review
Standards compliance
IoT Security Lifecycle Services:
Endpoint
Layer
Endpoint configuration
Server configuration
Gateway/Router configuration
Penetration Testing
IAM / Authentication & Access Control
Data/Application Layer
Web Application
Mobile Application
Code Analysis
Data Privacy
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
Connectivity
Layer
Segmentation / Isolation
Architecture Analysis
Defense in Depth
Secure communication
Data Residency & Protection
WAN/Cloud Integration
Threat Management
Layer
Threat / Anomaly Detection
Incident Response
Event Monitoring / Tamper Detection
Behavior Analysis
Data and application security managed and deployed where needed
Data/ App
Layer
AT&T managed security services to help protect IoT data and applications
Comprehensive and robust
AT&T portfolio of end-to-end
managed security services
Web Filtering
AT&T Firewall
(Network, Premise)
AT&T network
cloud
Cloud Web
Security Service
Intrusion Detection
Public cloud
DDoS Defense
Firewalls
Intrusion
Detection/Prevention
Private cloud
Data Loss
Prevention
Vulnerability Scanning
Data Loss Prevention
14
Customer premise
equipment/Data center
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
Security services deployed and
managed where the data/app
sits: cloud, on premise, in the
network
Industrial
IoT Security
Related documents
What IoT can bring to citizens, cities, and society
What IoT can bring to citizens, cities, and society
Startups Descriptions (English) 1.FF Robotics FFRobotics presents
Startups Descriptions (English) 1.FF Robotics FFRobotics presents
Quiz 4 with solutions, 17 Sep 2014
Quiz 4 with solutions, 17 Sep 2014
GE Sr. Marketing Manager_Job Posting
GE Sr. Marketing Manager_Job Posting
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI –600 034 B.Com, DEGREE EXAMINATION - COMMERCE
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI –600 034 B.Com, DEGREE EXAMINATION - COMMERCE
Assignment 1 Econ 506 Total Marks - 100 Due Date
Assignment 1 Econ 506 Total Marks - 100 Due Date
File
File
Science 10 Assignment U3L6 (20 marks)
Science 10 Assignment U3L6 (20 marks)
The Microsoft Architecturefor the Internet of Things (IoT)
The Microsoft Architecturefor the Internet of Things (IoT)
ARTIFICIAL INTELLIGENCE, MACHINE LEARNING AND DEEP
ARTIFICIAL INTELLIGENCE, MACHINE LEARNING AND DEEP
hilgrove-segment-lengths-and-chord-properties
hilgrove-segment-lengths-and-chord-properties
Notation exercise 2
Notation exercise 2