Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Distributed firewall wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Information privacy law wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Data remanence wikipedia , lookup
Mobile security wikipedia , lookup
Security-focused operating system wikipedia , lookup
March 15, 2017 IoT Security A multi-layered approach for today’s threat landscape Andreas Meyer Global Portfolio Manager, AT&T © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. AT&T Proprietary (Internal Use Only). Not for use or disclosure outside the AT&T companies except under written agreement. Has IoT increased our exposure to cyber threats? 50B Connected devices estimated to secure by 20201 458% Increase in IoT vulnerability scans on the internet2 #1 Barrier to customer adoption of IoT is security concerns3 90% AT&T Cybersecurity Insights report att.com/cybersecurity-insights Security Resource Center securityresourcecenter.att.com Of businesses lack full confidence that their IoT devices are secure4 14% Of companies have a formal audit process for connected devices5 1Cisco, Inc., July 2015 Network Operations Center, 2015 3IDC, 2015 4AT&T State of IoT Security Survey, 2015 5AT&T State of IoT Security Survey, 2015 2AT&T 2 © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. IoT security hacks in the news Airbags Entertainment System Steering Integrated operational & IT systems Brakes Researchers infiltrated the networks of late model connected cars to gain control of their steering, radio and automated driving features. Open ports No device authentication A power grid’s industrial control system experienced a massive power outage when malware was downloaded via a simple phishing email. A hacking web application scans the internet for unprotected connected IoT devices to extract personal live webcam feeds and post them online. Potential security vulnerability 3 © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. WIRED, “How the Internet of Things got Hacked” 12.28.15. http://www.wired.com/2015/12/2015-the-year-the-internet-of-things-got-hacked/ Convergence of IT and OT introduces new security challenges Market demand and business economics drive these two silos together IT Manages business environments • Traditional IT security does not translate to OT • OT concerned with safety and operational efficiency Informational Technology IT manages data for computers & telecommunications IT/OT Convergence Introduces new security & operational challenges OT Manages critical infrastructure 4 Monitors and controls physical equipment and processes © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Operational Technology IT and CIO department management • OT utilizes separate systems & protocols • Managed by separate organizations within the enterprise OT and Process department management Specialized systems, protocols, processes (i.e. SCADA) The IoT threat landscape requires a multi-layered approach to security End-to-end security to help protect data in transit and data at rest from the IoT endpoint to the application AT&T recommends a multi-layered approach to security to help protect the IoT ecosystem end-to-end. Top IoT security concerns: • Convergence of OT and IT • Strategy & Governance Secure data in transit Consulting • Secure data at rest • Integrity of the data • Reliability of the data • Sustaining operations • Physical safety • Operational efficiency • Access & authentication (devices & users) • Software/Firmware updates Endpoint Connectivity Data/Application Mobile, IoT, Office/Fixed Securing the network Securing workloads/applications Threat Management Detection & response 5 © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Connectivity Layer Highly secure IoT connectivity Helping protect data in transit from IoT endpoint to enterprise backend AT&T provides highly secure connectivity from the IoT endpoint to the enterprise, helping keep customer data private and isolated throughout the IoT ecosystem. Customer data does not have to traverse over the open internet • Securely segment data according to IoT need • Private and point-to-point connectivity options are supported and preferred • IoT devices & data in transit are not exposed to threats from the open internet AT&T VPN AT&T NetBond Private APNs Closed SMS/Voice User Groups AT&T Control Center IoT endpoint 6 AT&T network AT&T VPN AT&T NetBond © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Cloud/Premise Data/ App Layer Defense in-depth approach for Industrial IoT Recommended approach to help secure both OT and IT Deploy specialized scalable ICS/SCADA security technologies to help protect OT Help secure both OT and IT Clear segmentation, protection and granular policy management between OT and IT environments Utilize threat management to help detect and respond to events 7 © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Threat Mgmt. Layer AT&T threat management services to help detect & respond to threats Utilizing AT&T’s network visibility as a key asset for proactive threat management • Monitoring customer assets AT&T Threat Manager Enterprise Forensics Advanced Analytics • Centralizing data into unified threat platform AT&T Threat Manager Log Analysis • Advanced Big Data analytics • Threat detection • Proactive response AT&T Threat Intellect Threat Data Unified threat platform Teams and Tools Utilizing AT&T network visibility Proactive threat detection & response Data and Application Endpoint AT&T Network data 8 Security Functions data 3rd Party data AT&T managed security Govt. data Connectivity © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. 8 global SOCs 1000s Security Professionals Response within minutes End-to-end protection Why IoT Security from AT&T? 3.7B Records pass through our Analysis Engines every hour Scale Visibility Expertise Threat intelligence Global leader in IoT & Security 100+ Petabytes of traffic across the network per day1 3800+ MPLS nodes in one of the largest IP networks in the world 8 Global Security Operations Centers 24/7/365 Operations support © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property © 2016 AT&T companies. Intellectual All Property. All rights AT&T, Globerespective logo, Mobilizing 9and/or AT&T affiliated other marks are reserved. the property of their owners.Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. 1 As of February 2016 © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Current AT&T solutions to help secure each layer • Device & Network-based Authentication (bi-directional) • AT&T Control Center • Endpoint Management • Endpoint Security Connectivity types: • Wireless • Wired • Wi-Fi • Satellite • End-to-end private networking and/or encryption • Private User Groups • IP level security • IP blacklists/whitelists Data/ App Layer Security Functions: • Firewalls, DDoS Defense, Data Loss Prevention, Cloud Web Security, Intrusion Detection/ Prevention IoT Services: • M2X, Data Service • M2X Data Storage • Flow Designer for app developers Threat Mgmt. Layer Threat Management: • Comprehensive threat data (network data, 3rd party data, security function data) • Big Data analytics for threat detection • Proactive response Endpoint Layer Connectivity Layer 11 © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. IoT Security Consulting Services Endpoint Layer Protecting the IoT endpoint IoT endpoints can vary in type, processing power, capability and security need No operating system Little processing power Limited functionality & bandwidth Designed for specific purpose Device & Network Bi-directional Authentication 12 © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Operating system High processing power Robust functionality & bandwidth Highly capable Enterprise Mobile Management Endpoint Security (antiMalware, web-filtering, firewalls) FOTA/SOTA (firmware/software over-the-air updates) Encryption at Rest Security Consulting IoT Security Consulting Practice Programmatic approach to address IoT security risks Security Consulting services from AT&T help customers develop a sustainable model for IoT security practices. We see to it that the entire IoT ecosystem is designed, implemented, managed, and monitored efficiently and is consistent with internal security policy, best practices, and industry regulations. • • • • • • • • • 13 Secure Network Architecture for IoT Vulnerability assessments Penetration testing Risk and threat analysis Privacy maintenance Data integrity Security of IoT software applications Operational process development and review Standards compliance IoT Security Lifecycle Services: Endpoint Layer Endpoint configuration Server configuration Gateway/Router configuration Penetration Testing IAM / Authentication & Access Control Data/Application Layer Web Application Mobile Application Code Analysis Data Privacy © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Connectivity Layer Segmentation / Isolation Architecture Analysis Defense in Depth Secure communication Data Residency & Protection WAN/Cloud Integration Threat Management Layer Threat / Anomaly Detection Incident Response Event Monitoring / Tamper Detection Behavior Analysis Data and application security managed and deployed where needed Data/ App Layer AT&T managed security services to help protect IoT data and applications Comprehensive and robust AT&T portfolio of end-to-end managed security services Web Filtering AT&T Firewall (Network, Premise) AT&T network cloud Cloud Web Security Service Intrusion Detection Public cloud DDoS Defense Firewalls Intrusion Detection/Prevention Private cloud Data Loss Prevention Vulnerability Scanning Data Loss Prevention 14 Customer premise equipment/Data center © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Security services deployed and managed where the data/app sits: cloud, on premise, in the network Industrial IoT Security