Raja Mukerji Co-Founder, ExtraHop Networks @rajamukerji The S in IoT is for Security Owning all the Things
Why Now?
Topics of Discussion Why should you care about the Internet of Things? What challenges does IoT pose for Enterprise IT? What you can do to prepare for IoT?
20 Billion Connected Devices by 2020 No logging, no agents, no instrumentation who s ready? 2012 1.3 billion connected things in use worldwide People outnumber connected devices by roughly 5:1 2016 6.4 billion connected things in use worldwide, up 30 percent from 2015 5.5 million new things will get connected every day 2020 20.8 billion connected things in use worldwide Internet-connected devices will outnumber people by at least 2:1 Source: Gartner, November 2015, http://www.gartner.com/newsroom/id/3165317
Enterprise IoT Challenges Here is what is in store in the years ahead IT asset discovery Think VM sprawl was bad? CMDBs will not work with the Internet of Things. Instrumentation IoT devices do not offer system logs or support monitoring agents. Security IoT devices represent dangerous open vectors for attack.
You cannot secure what you cannot see.
What Is the Internet of Things Saying? Analyze data-in-flight to gain understanding and insight for IoT Auto-Discovery See which devices are really talking to each other. Performance Identify causes of latency that can affect operations. Malware Detection Detect anomalous behavior such as connections to external servers. Identity and Trust Track use of credentials used to access files and applications. Business Intelligence Monitor operations and sales in real time.
Wire Data: Visibility for the Internet of Things Ubiquitous Definitive Real-Time No logs or agents Every thing touches the network Forensic data Meets chain-of-custody requirements No polling intervals Sees ephemeral services
Stream Processing for Network Traffic Full-stream reassembly to create wire data in real time at scale Unstructured packets Stream processor Structured wire data Application & User Behavior Protocol Activity Encryption Profile Compliance Network Forensics CVE Detection Privileged user logins Unencrypted FTP Certificate expiration SSH tunneling Automatic discovery Shellshock Unauthorized outbound Telnet Key length Non-standard ICMP Precisions PCAP HTTP.sys connections Gopher Outdated SSL sessions Non-standard DNS User activity Turla malware Lateral network traversal TACACS MD5/SHA-1 cert signing Non-standard HTTP Network scanning Heartbleed Brute force attacks SNMP v1, v2, v2c SSL traffic by port Disallowed file types Triggers FREAK SSL/TLS Storage/DB access Finger Email encryption Invalid file extension writes Flow analysis POODLE Fraudulent transactions IRC Wild card certificates Blacklisted traffic Historical auditing Logjam Large data transfers
Mine the Network in Real Time ExtraHop s unique stream analytics platform rapidly transforms all data-in-motion into IT and business insights. Our intuitive plug-and-play platform leverages Big Data technology for real-time and historical analytics. Unstructured Packets Structured Wire Data A single ExtraHop appliance can extract, analyze, and visualize up to 432 TB of data exchanged per day in real time. 11 TB of analysis @1 Gbps/day 108 TB of analysis @10 Gbps/day 216 TB of analysis @20 Gbps/day 432 TB of analysis @40 Gbps/day IT Operations Security Operations Business Operations
Expanding Data on the Network Cisco Traffic Forecasts for 2019 Traditional Datacenter Traffic 1.47 ZB of traffic growing at 5% Private & Public Cloud Datacenter Traffic 2.96 ZB of traffic growing at 33% Source: Cisco Global Cloud Index
Expanding Data on the Network Cisco Traffic Forecasts for 2019 Traditional Datacenter Traffic 1.47 ZB of traffic growing at 5% Internet of Things Private & Public Cloud Datacenter Traffic 2.96 ZB of traffic growing at 33% IoT data to reach 507.5 ZB growing at 200% Source: Cisco Global Cloud Index
Visibility Into East-West Traffic IoT increases lateral communications behind the firewall N O R T H - S O U T H Enterprise Network EAST - WEST SAN Bare Metal Servers Blade Chassis Exchange Server Blade Chassis w/ Integrated Switches Database Servers
Personal Devices Are an Open Vector Apple iwatch Example: watchos 2.2.22 Update
IoT-Vectored Ransomware It is a matter of time you heard it here first Attacker File Share Client Client Client
Medical Devices hit by Malware Bayer MedRad device for MRI scanning hit by WannaCry ransomware
Ransomware Detection by Reveal(x) The Rx for a compromised immune system
BYOD Auto-Discovery Automatic discovery and classification based on heuristic analysis of communications
Healthcare IoT (Medical devices) Source: thehackernews, June 2017
Use Wire Data to Gain IoT Insights The visibility you need for the Internet of Things is on the wire Ubiquitous Definitive Real-Time See all application, data, network, user, and system behavior Automatically discover all connected devices Identify suspicious behavior Quickly gather the details needed to resolve issues Make decisions based on empirical evidence Track ephemeral services and connections Scale to support high volumes of IoTdriven traffic
Raja Mukerji Co-Founder, ExtraHop Networks @rajamukerji Thank You!