The S in IoT is for Security Owning all the Things

Transcription

1 Raja Mukerji Co-Founder, ExtraHop The S in IoT is for Security Owning all the Things

2 Why Now?

3 Topics of Discussion Why should you care about the Internet of Things? What challenges does IoT pose for Enterprise IT? What you can do to prepare for IoT?

4 20 Billion Connected Devices by 2020 No logging, no agents, no instrumentation who s ready? billion connected things in use worldwide People outnumber connected devices by roughly 5: billion connected things in use worldwide, up 30 percent from million new things will get connected every day billion connected things in use worldwide Internet-connected devices will outnumber people by at least 2:1 Source: Gartner, November 2015,

5 Enterprise IoT Challenges Here is what is in store in the years ahead IT asset discovery Think VM sprawl was bad? CMDBs will not work with the Internet of Things. Instrumentation IoT devices do not offer system logs or support monitoring agents. Security IoT devices represent dangerous open vectors for attack.

6 You cannot secure what you cannot see.

7

8 What Is the Internet of Things Saying? Analyze data-in-flight to gain understanding and insight for IoT Auto-Discovery See which devices are really talking to each other. Performance Identify causes of latency that can affect operations. Malware Detection Detect anomalous behavior such as connections to external servers. Identity and Trust Track use of credentials used to access files and applications. Business Intelligence Monitor operations and sales in real time.

9 Wire Data: Visibility for the Internet of Things Ubiquitous Definitive Real-Time No logs or agents Every thing touches the network Forensic data Meets chain-of-custody requirements No polling intervals Sees ephemeral services

10 Stream Processing for Network Traffic Full-stream reassembly to create wire data in real time at scale Unstructured packets Stream processor Structured wire data Application & User Behavior Protocol Activity Encryption Profile Compliance Network Forensics CVE Detection Privileged user logins Unencrypted FTP Certificate expiration SSH tunneling Automatic discovery Shellshock Unauthorized outbound Telnet Key length Non-standard ICMP Precisions PCAP HTTP.sys connections Gopher Outdated SSL sessions Non-standard DNS User activity Turla malware Lateral network traversal TACACS MD5/SHA-1 cert signing Non-standard HTTP Network scanning Heartbleed Brute force attacks SNMP v1, v2, v2c SSL traffic by port Disallowed file types Triggers FREAK SSL/TLS Storage/DB access Finger encryption Invalid file extension writes Flow analysis POODLE Fraudulent transactions IRC Wild card certificates Blacklisted traffic Historical auditing Logjam Large data transfers

11 Mine the Network in Real Time ExtraHop s unique stream analytics platform rapidly transforms all data-in-motion into IT and business insights. Our intuitive plug-and-play platform leverages Big Data technology for real-time and historical analytics. Unstructured Packets Structured Wire Data A single ExtraHop appliance can extract, analyze, and visualize up to 432 TB of data exchanged per day in real time. 11 TB of Gbps/day 108 TB of Gbps/day 216 TB of Gbps/day 432 TB of Gbps/day IT Operations Security Operations Business Operations

12 Expanding Data on the Network Cisco Traffic Forecasts for 2019 Traditional Datacenter Traffic 1.47 ZB of traffic growing at 5% Private & Public Cloud Datacenter Traffic 2.96 ZB of traffic growing at 33% Source: Cisco Global Cloud Index

13 Expanding Data on the Network Cisco Traffic Forecasts for 2019 Traditional Datacenter Traffic 1.47 ZB of traffic growing at 5% Internet of Things Private & Public Cloud Datacenter Traffic 2.96 ZB of traffic growing at 33% IoT data to reach ZB growing at 200% Source: Cisco Global Cloud Index

14 Visibility Into East-West Traffic IoT increases lateral communications behind the firewall N O R T H - S O U T H Enterprise Network EAST - WEST SAN Bare Metal Servers Blade Chassis Exchange Server Blade Chassis w/ Integrated Switches Database Servers

15 Personal Devices Are an Open Vector Apple iwatch Example: watchos Update

16 IoT-Vectored Ransomware It is a matter of time you heard it here first Attacker File Share Client Client Client

17 Medical Devices hit by Malware Bayer MedRad device for MRI scanning hit by WannaCry ransomware

18 Ransomware Detection by Reveal(x) The Rx for a compromised immune system

19 BYOD Auto-Discovery Automatic discovery and classification based on heuristic analysis of communications

20 Healthcare IoT (Medical devices) Source: thehackernews, June 2017

21 Use Wire Data to Gain IoT Insights The visibility you need for the Internet of Things is on the wire Ubiquitous Definitive Real-Time See all application, data, network, user, and system behavior Automatically discover all connected devices Identify suspicious behavior Quickly gather the details needed to resolve issues Make decisions based on empirical evidence Track ephemeral services and connections Scale to support high volumes of IoTdriven traffic

22 Raja Mukerji Co-Founder, ExtraHop Thank You!