A New Security Model for the IoE World Timothy Snow, CCIE Consulting Systems Engineer, Asia Pacific Cisco A New Security Model for the IoE World • What is IoE and IoT? • How Will the IoT affect your business? • The ramifications of not securely connecting these devices • Cisco’s strategy and solution offerings for a connected world Internet of Everything ”The Internet of Everything brings together people, process, data and things to make networked connections more relevant and valuable than ever before - turning information into actions that create new capabilities, richer experiences and unprecedented economic opportunity for businesses, individuals and countries.” IoT Is Here Now – and Growing! 50 Billion 40 30 20 BILLIONS OF DEVICES 50 “Smart Objects” Rapid Adoption Rate of Digital Infrastructure: 5X Faster Than Electricity and Telephony 25 Inflection Point 12.5 10 7.2 6.8 0 7.6 TIMELINE 2010  Cisco IBSG projections, UN Economic & Social Affairs http://www.un.org/esa/population/publications/longrange2/WorldPop2300final.pdf 2015 2020 World Population During this 1 hour session we will create more data than Hundreds of Years of civilization Hourly we are.... Creating 4320 hours (180 days) of YouTube content Downloading 2.8 Million apps from the iTunes store Creating 34,000 new websites Connecting 300,000 new devices to the IoE Which is okay because we have…… 340,282,366,920,938,463,463,374,607,431,768,211,456 (340 undecillion) unique ipv6 addresses or (4.25 ^28 per person or 2 ^13 per cell in your body) We are seeing more Innovation and Change than at Any Other Point in Our Lifetime Technology Transitions BYOD CLOUD NEW BREED OF APPS SENSORS & DEVICES BIG DATA ANALYTICS Network as the Platform GROWTH & INNOVATION NEW BUSINESS MODELS EXPERIENCE EXPECTATIONS GLOBALIZATION Business Transitions SECURITY & PRIVACY Why Internet of Things? Efficiency New Economic Value Quality of Life The Connected Car WIRELESS ROUTER   Online entertainment Mapping, dynamic re-routing, safety and security CONNECTED SENSORS    Transform “data” to “actionable intelligence” Enable proactive maintenance Fuel efficiency URBAN CONNECTIVITY    Reduced congestion Increased efficiency Safety (hazard avoidance) Actionable intelligence, enhanced comfort, unprecedented convenience 9 The Smart City CONNECTED TRAFFIC SIGNALS    Reduced congestion Improved emergency services response times Lower fuel usage PARKING AND LIGHTING    Increased efficiency Power and cost savings New revenue opportunities CITY SERVICES    Efficient service delivery Increased revenues Enhanced environmental monitoring capabilities Safety, financial, and environmental benefits 10 Cisco Customer IoT Deployments  Traffic service center  Integrated with Traffic Situation Display, Lane Control System, and Road Weather Information System  K-Power: Electrical Grid National dam monitoring system  Integrated with water-level sensor  POSCO: Manufacturing IMC Center, Production monitoring, Quality Control Tower  Device/Machinery tracking  Education Sector Campus Video Monitoring Physical Access Controls (Doors, Windows) Linkage to Emergency Response (Medical / Police) Campus Address/Loudspeaker system Technology shifts creating The Perfect Storm SaaS MOBILITY + BYOD SOCIAL + CONSUMERIZATION CLOUD + VIRTUALIZATION Threat Dynamics are changing Increased Attack Surface Threat Diversity Impact and Risk Remediation Management Complexity Compliance and Regulation All were smart. All had security. All were seriously compromised. 13 And the Trend Will Continue Data breaches and theft will continue to be a problem  Cybercrime is lucrative  Malware sophistication and ease of use has grown exponentially  The barrier to entry is low IoT devices are not designed for cybersecurity  Some lack basic authentication functionality  Designed under a model of implicit trust  Use of unencrypted protocols More devices mean more to protect  Do you know the core systems and interconnections to keep your business running?  How do you prioritize events?  What’s the best use of your resources? Smart City REMOTE ACCESS   Increased traffic congestion Creation of unsafe conditions SYSTEM CONTROL    Device manipulation Remote monitoring Emergency Response shutdown SERVICE MANIPULATION    Environmental degradation System shutdown Lost revenue Potential impact to services and public safety 15 NEW MODEL INTEGRATED INTELLIGENT SECURITY CAPABILITIES NEW MODEL INTEGRATED INTELLIGENT SECURITY CAPABILITIES The New Security Model Attack Continuum BEFORE DURING AFTER Discover Enforce Harden Detect Block Defend Scope Contain Remediate Network Endpoint Mobile Point in Time Virtual Continuous Cloud The New Security Model Attack Continuum BEFORE DURING AFTER Discover Enforce Harden Detect Block Defend Scope Contain Remediate Firewall Patch Mgmt IPS IDS AMP App Control Vuln Mgmt Antivirus FPC Log Mgmt VPN IAM/NAC Email/Web Forensics SIEM Visibility and Context Point in Time Continuous Global Protection Visibility Reduces Exposure  Network visibility allows reaction before compromise  Insight increases security posture Impact to the Business ( $ )  Typical crisis begins without warning vulnerability closed attack identified credit card data compromised INSIGHT REGION * attack onset * * attack identified * * CRISIS REGION attack thwarted early warning MTTK * * * vulnerability closed Time 20 NEW MODEL INTEGRATED INTELLIGENT SECURITY CAPABILITIES The Problem with Traditional Next-Generation Firewalls Focus on the apps But miss the threat… 1 0100 111001 1001 11 111 0 1 0100 1110101001 1101 111 0011 0 111100 011 1010011101 1000111010011101 10001110 10011 101 010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 00111 0100 11101 1000111010011101 1000111010011101 1100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101 0111100 011 1010011101 1 Existing NGFWs can reduce attack surface area but advanced malware often evades security controls. Announced globally September 16 Industry’s First Threat-Focused NGFW Proven Cisco ASA firewalling + Industry leading Sourcefire NGIPS and AMP Cisco ASA with FirePOWER Services • Integrating defense layers helps organizations get the best visibility • Enable dynamic controls to automatically adapt to threat conditions • Protect against advanced threats across the entire attack continuum #1 Cisco Security announcement of the year! © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 The only Threat-Focused NGFW Cisco Only BEFORE DURING Sandboxing NG Sandbox for Evasive Malware URL and IP Reputation Collective Security Intelligence (CSI) Malware File Trajectory Adaptive Security Host Trajectory NGIPS Open APP-ID Correlated SIEM Eventing Incident Control System Vulnerability Management Threat Hunting User Identity AV and Basic Protections Web—URL Controls Application Visibility Gen1 IPS Classic Stateful Firewall NGFW Forensics and Log Management Auto-Remediation / Dynamic Policies Dynamic Outbreak Controls Retrospective Detection Retrospective Analysis SNORT Open IPS Behavioral Indications of Compromise Network AntiMalware Controls (AMP) *Client AntiMalware (AMP) Contextual Device, Network and End-Point Visibility *Agent AFTER Automated, Integrated Threat Defense Superior Protection for Entire Attack Continuum Context and Threat Correlation Multivector Correlation Priority 1 Admin Request Host A 5 IoCs Admin Request Priority 2 Mail Mail PDF Priority 3 Host B 3 IoCs PDF Impact Assessment Dynamic Security Control http:// WEB http:// WWW Early Warning for Advanced Threats Retrospective Security WWW WWW WWW Adapt Policy to Risks ReduceTime Between Detection and Cure Host C NEW MODEL INTEGRATED INTELLIGENT SECURITY CAPABILITIES Cisco’s largest Global Security Intelligence data source 100TB 150,000 5,500 5B Security Intelligence Microapplications IPS Signatures Daily Email Connections 1.6M 93B 150M 1,000 Deployed Devices Daily Email Messages Deployed Endpoints Application s 13B 35% Web Requests Enterprise Email 120K 75,000 6,000 Sandbox Reports FireAMP Updates New Clam AV Sigs 3-5 min Updates 4.5B Daily Email Blocks 14M Deployed Access Gateways Cisco Security Intelligence 13B Broadest Visibility Global Footprint Defense in Depth Daily Malware Deployed Security Devices Daily Web Requests Daily Security Intelligence Sandbox Reports Actionable Intelligence Across Entire Security Portfolio Blocklists & Reputation Spam Traps, Honeypots, Crawlers Location & Registration Cisco Security Intelligence Signatures Content Inspection with Sandboxing Machine Learning Algorithms WWW Email Web Firewall Intrusion Prevention Endpoint Global Threat Research Bringing in local intelligence SIEM Integration Cyber Threat Detection Identity Services Complete suite of all Cisco Security products. Real-time forensics Network based visibility and Security Intelligence User and Device policy compliance and Network wide identity services Network Endpoint Mobile Virtual Cloud Cisco Platform Exchange Grid – pxGrid Enabling the Potential of Network-Wide Context Sharing I have reputation info! I need threat data… SIO I have application info! I need location & auth-group… INFRASTRUCTURE FOR A ROBUST ECOSYSTEM I have sec events! I have NBAR info! I need reputation… • Single framework – Direct, Secured Interfaces develop once I need identity… I have NetFlow! Proprietary I have location! pxGrid • Customize and secure what context gets shared and with which platforms WeAPIs need to I need entitlement… aren’t I need identity… Context theSharing solution share data • Bi-directional – share and consume context I have threat data! I need reputation… • Enables any pxGrid partner to I have firewall logs! Single Framework share with I have MDM info! I need location… any other pxGrid partner I have app inventory info! • Integrates with Cisco ONE for broad network control functions I need identity… I need posture… 30 Strengthening Cisco Security through Partnerships Sharing Context with an Even Broader Ecosystem Faster Detection/Remediation of CyberThreats with SIEM / TD Extension of Access Policy & Compliance with MDM Context-driven OT Policy and Segmentation for IoT Endpoint Vulnerability Quarantine/Remediation Simplified Network Troubleshooting and Forensics Single Sign On (SSO) to Sensitive Data on Mobile Devices Why Cisco Security for IoT? Deep Security Controls  Unmatched visibility and consistent controls across Wired/Wireless/VPN  All devices in the network have security controls embedded  Highly scalable and proven designs for Wired/Wireless  Built in, not bolted on  Reduced complexity  A trusted vendor with 30 years experience Security and Privacy Delivers Security Across the Extended Network – Before, During, and After An Attack Key Takeaways BEFORE DURING AFTER Discover Enforce Harden Detect Block Defend Scope Contain Remediate New Security Model – We must adapt to the new ways of protecting our changing network environments (BYOD, IoT) Integrated – Security technologies embedded in the infrastructure to identify and thwart attacks quickly and efficiently. Intelligent – Real time threat awareness that can be leverage with local context and user awareness. test