A New Security Model for the IoE World Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization
Internet of Everything The Internet of Everything brings together people, process, data and things to make networked connections more relevant and valuable than ever before - turning information into actions that create new capabilities, richer experiences and unprecedented economic opportunity for businesses, individuals and countries.
IoE Is Here Now and Growing! 50 40 30 20 10 0 BILLIONS OF DEVICES Inflection Point 12.5 25 7.2 6.8 7.6 TIMELINE 50 Billion Smart Objects Rapid Adoption Rate of Digital Infrastructure: 5X Faster Than Electricity and Telephony World Population 2010 2015 2020 Cisco IBSG projections, UN Economic & Social Affairs http://www.un.org/esa/population/publications/longrange2/worldpop2300final.pdf
During this 1 hour session we will create more data than Hundreds of Years of civilization
Hourly we are... Creating 4320 hours (180 days) of YouTube content Downloading 2.8 Million apps from the itunes store Creating 34,000 new websites Connecting 300,000 new devices to the IoE Which is okay because we have 340,282,366,920,938,463,463,374,607,431,768,211,456 (340 undecillion) unique ipv6 addresses or (4.25 ^28 per person or 2 ^13 per cell in your body)
We are seeing more Innovation and Change than at Any Other Point in Our Lifetime Technology Transitions BYOD CLOUD NEW BREED OF APPS SENSORS & DEVICES BIG DATA ANALYTICS Network as the Platform GROWTH & INNOVATION NEW BUSINESS MODELS EXPERIENCE EXPECTATIONS GLOBALIZATION Business Transitions SECURITY & PRIVACY
Why Internet of Things? Efficiency New Economic Value Quality of Life
The Connected Car WIRELESS ROUTER Online entertainment Mapping, dynamic re-routing, safety and security CONNECTED SENSORS Transform data to actionable intelligence Enable proactive maintenance Fuel efficiency URBAN CONNECTIVITY Reduced congestion Increased efficiency Safety (hazard avoidance) Actionable intelligence, enhanced comfort, unprecedented convenience 8
The Smart City CONNECTED TRAFFIC SIGNALS Reduced congestion Improved emergency services response times Lower fuel usage PARKING AND LIGHTING Increased efficiency Power and cost savings New revenue opportunities CITY SERVICES Efficient service delivery Increased revenues Enhanced environmental monitoring capabilities Safety, financial, and environmental benefits 9
The Security Problem 10
Today Reality All were smart. All had security. All were seriously compromised. 11
And the Trend Will Continue Data breaches and theft will continue to be a problem IoT devices are not designed for cybersecurity More devices mean more to protect Cybercrime is lucrative Malware sophistication and ease of use has grown exponentially The barrier to entry is low Some lack basic authentication functionality Designed under a model of implicit trust Use of unencrypted protocols Do you know the core systems and interconnections to keep your business running? How do you prioritize events? What s the best use of your resources?
Connected Rail Operations REMOTE CONTROL Passenger, train and station monitoring PTZ camera control to avoid detection SYSTEM CONTROL Schedule manipulation System shutdown MECHANICAL CONTROL Sensor manipulation Creation of unsafe conditions Individual components or the system as a whole can be targeted 13
Smart City REMOTE ACCESS Increased traffic congestion Creation of unsafe conditions SYSTEM CONTROL Device manipulation Remote monitoring Creation of unsafe conditions SERVICE MANIPULATION Environmental degradation System shutdown Lost revenue Potential impact to services and public safety 14
NEW MODEL INTELLIGENT INTEGRATED SECURITY CAPABILITIES
NEW MODEL INTELLIGENT INTEGRATED SECURITY CAPABILITIES
The Threat-Centric Security Model Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Cloud Point in Time Continuous
Covering the Entire Attack Continuum Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Firewall VPN NGIPS Advanced Malware Protection NGFW UTM Web Security Network Behavior Analysis NAC + Identity Services Email Security Visibility and Context
NEW MODEL INTELLIGENT INTEGRATED SECURITY CAPABILITIES
Discover Your Environment You cannot protect what you don t know NetFlow Files Users Web Applications Application Protocols Services Malware Command and Control Servers Vulnerabilities Processes Network Servers Operating Systems Routers and Switches Mobile Devices Printers VoIP Phones Virtual Machines Client Applications Network Behavior
Cisco Platform Exchange Grid pxgrid Enabling the Potential of Network-Wide Context Sharing I have reputation info! INFRASTRUCTURE FOR A ROBUST ECOSYSTEM I need threat data I have sec events! I need reputation I have threat data! I need reputation I have NBAR info! I need identity Integrates I have with firewall Cisco logs! ONE for broad network control I have functions app inventory info! I need identity SIO Single framework develop once Direct, Secured Interfaces Single Framework I have identity & device-type! I need app inventory & vulnerability I have application info! I need location & auth-group Customize I have and NetFlow! secure what context Proprietary pxgrid gets shared and with which platforms We I have location! I need entitlement APIs need Context aren tto Bi-directional share and consume the solution I need identity share Sharing context data I have MDM info! Enables any pxgrid partner to share with any other pxgrid partner I need location I need posture
Cisco s largest Global Security Intelligence data source 100TB Security Intelligence 1.6M Deployed Devices 150,000 Microapplications 93B Daily Email Messages 5,500 IPS Signatures 150M Deployed Endpoints 5B Daily Email Connections 1,000 Application s Cisco Security Intelligence Broadest Visibility 13B Web Requests 120K Sandbox Reports 35% Enterprise Email 75,000 FireAMP Updates 3-5 min Updates 6,000 New Clam AV Sigs 4.5B Daily Email Blocks 14M Deployed Access Gateways Global Footprint Defense in Depth Daily Deployed Daily Security Daily Security Web Intelligence Malware Requests Devices Sandbox Reports
Actionable Intelligence Across Entire Security Portfolio Blocklists & Reputation Spam Traps, Honeypots, Crawlers Location & Registration Cisco Security Intelligence Signatures Content Inspection with Sandboxing Machine Learning Algorithms WWW Email Web Firewall Intrusion Prevention Endpoint Global Threat Research
NEW MODEL INTELLIGENT INTEGRATED SECURITY CAPABILITIES
The Problem with Traditional Next-Generation Firewalls Focus on the apps But miss the threat 0100 111001 1001 11 111 0 0100 1110101001 1101 111 0011 0 11100 011 1010011101 1000111010011101 10001110 10011 101 010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111 0100 11101 1000111010011101 1000111010011101 1100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101 0111100 011 1010011101 1 Existing NGFWs can reduce attack surface area but advanced malware often evades security controls.
Beyond the Event Horizon Analysis Stops Addresses limitations of point-in-time detection Point-in-time Detection Antivirus Sandboxing Continuous Initial Disposition = Clean Not 100% Retrospective Detection, Analysis Continues Sleep Techniques Unknown Protocols Encryption Polymorphism Actual Disposition = Bad = Too Late!! Blind to scope of compromise Turns back time Visibility and Control are Key Initial Disposition = Clean Actual Disposition = Bad = Blocked
Automated, Integrated Threat Defense Superior Protection for Entire Attack Continuum Context and Threat Correlation Multivector Correlation Priority 1 Admin Request 5 IoCs Host A Priority 2 Priority 3 Mail PDF Admin Request PDF Mail 3 IoCs Host B Impact Assessment Early Warning for Advanced Threats Host C Dynamic Security Control Retrospective Security http:// WWW WEB http:// WWW WWW Adapt Policy to Risks ReduceTime Between Detection and Cure
Indications of Compromise (IOC) When a host in the network map is seen to exhibit signs of compromise Security Intelligence Events C&C Detection via Protocol Analysis Contextual NGIPS Events (Impact 1) FireAMP Endpoint Malware Events
Announced globally September 16 Industry s First Threat-Focused NGFW Proven Cisco ASA firewalling + Industry leading Sourcefire NGIPS and AMP Cisco ASA with FirePOWER Services Integrating defense layers helps organizations get the best visibility Enable dynamic controls to automatically adapt Protect against advanced threats across the entire attack continuum #1 Cisco Security announcement of the year! 29
Why Cisco Security for IoT? Deep Security Controls Security and Privacy Unmatched visibility and consistent controls across Wired/Wireless/VPN All devices in the network have security controls embedded Highly scalable and proven designs for Wired/Wireless Built in, not bolted on Reduced complexity A trusted vendor with 30 years experience Delivers Security Across the Extended Network Before, During, and After An Attack
Key Takeaways BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate New Security Model We must adapt to the new ways of protecting our changing network environments (BYOD, IoT) Intelligent Real time threat awareness that can be leverage with local context and Global Intelligence. Integrated Security technologies embedded in the infrastructure to identify and thwart attacks quickly and efficiently.
test