Presentation is loading. Please wait.

Presentation is loading. Please wait.

IoT Security Part 1, The Data

Published byShawn Carter Modified over 6 years ago

Similar presentations

Presentation on theme: "IoT Security Part 1, The Data"— Presentation transcript:

1 IoT Security Part 1, The Data
May 2016 Angelo Brancato, CISSP, CISM. CCSK Chief Technologist – HPE Security Mobile: 

2 This Presentation is recorded:

3 What is the Internet of Things?
It’s about connected devices, systems, and “things” … Gartner estimates 26 billion connected devices by 2020. It’s about data from the “things … IDC predicts IoT data will account for 10% of the world’s data by 2020. It’s about new insights… Business, engineering, scientific insights

4 What is the Internet of Things?
Collaboration & Analytics Interconnect Operations Technology (OT) and Information Technology (IT) to enable Machine to Machine communication (M2M) and collaboration. Out-of-band Analytics and Long-Term Learning IT OT In-band Analytics Collect all data and transform the business model with Analytics to gain new business insights. One single breach though, can destroy the whole business model!

5 What are the main IoT Building Blocks that need to be secured?
Data, Applications, Communication, Users Visualization Applications that present and visualize the findings and key performance indicators (KPI). Open ecosystem for partners and suppliers. IoT Cloud / Platform Operations and control of the IoT infrastructure. Central data storage. Contextual enrichment, Big-Data analytics and (deep) machine learning. Turning Data into insights. Turning insights into Business Transformation. IoT Platform Connectivity Ubiquitous, reliable and secure communication technology for all endpoints and edge devices. Edge Computing Processing unit sitting on the same physical entity (e.g. car, turbine, airplane, building) as the IoT endpoints. Translates the OT protocol (e.g. SCADA) to an IT protocols (e.g. TCP/IP). Ingests and pre-processes the data (also called Edge Analytics or Real-Time Analytics or In-band Analytics). IoT Endpoints Distributed Sensors and Actuators - either mobile or stationary but always connected to the IoT cloud via the internet or a private network. IoT endpoints can connect directly or via an edge computing device. IoT endpoints can also communicate to each others (machine to machine – M2M)

6 What are the main Attack Scenarios and Risks?
Rogue Endpoints / Edge Devices A rogue device (endpoint or edge computing device that has been installed on the IoT network without explicit authorization, added by a malicious person) whose data is accepted by the rest of the IoT infrastructure can cause immense damage by rendering the data useless and/or causing unwanted behavior in the whole system. Compromised Endpoints / Edge Devices Vulnerable Software on the devices may result in compromised systems. Especially lightweight and price sensitive endpoint devices are extremely hard to patch in a timely manner after a vulnerability has been detected. Data Leakage Data from the endpoint- and edge computing devices can hold sensitive information such as personally identifiable information (PII). Leakage of unprotected data can lead to financial and reputational damage. Visualization IoT Cloud / Platform IoT Platform Connectivity Edge Computing IoT Endpoints

7 What are the main Attack Scenarios and Risks?
Man-In-The-Middle Attacks (MitM) Attackers that sneak into the communication between two parties (e.g. IoT Edge and IoT Cloud) who believe they are directly communicating with each other, can cause immense damage to the whole IoT system. Denial-of-Service Attack (DoS) IoT cloud services like Web(APIs) portals, VPN can be disrupted and made unavailable temporarily or indefinitely. Unauthorized Access By simulating the identity of authorized endpoints, rogue endpoints can sneak their way into the system. Visualization IoT Cloud / Platform IoT Platform Connectivity Edge Computing IoT Endpoints

8 What are the main Attack Scenarios and Risks?
Vulnerable Web Applications and APIs Vulnerabilities in the IoT clouds web applications and API interfaces can lead to a denial of service, data loss or a complete take over of the application. The most common web application security flaws are listed in the OWASP Top10 and must be protected by all means. Targeted Attacks IoT infrastructures are like all other environments for attackers if and when there is sensitive data that can be monetized. Targeted attacks (Advanced Persistent Threats – APT) must be detected as soon as possible to take away what the attackers need most – time to find and exfiltrate/damage the valuable data. Visualization IoT Cloud / Platform IoT Platform Connectivity Edge Computing IoT Endpoints

9 HPE Security Solutions Overview
Data, Applications, Communication, Users HPE Security ArcSight (Security Intelligence) Visualization HPE Security Fortify (Application Security) HPE Security – Data Security (Voltage/Atalla) IoT Cloud / Platform IoT Platform HPE Aruba (Communication Security) Connectivity Edge Computing IoT Endpoints

10 HPE Security Solutions Overview
Data, Applications, Communication, Users HPE Security ArcSight (Security Intelligence) Visualization HPE Solution Application Data Communication ArcSight Event Correlation and Real-Time (Security) Incident Notification (SIEM – Security Information and Event Management) and Security Analytics (DNS Malware Analytics, User Behavior Analytics) Fortify Static Application Security Testing (Source Code Scanning), Dynamic Application Security Scanning (Black-Box Scanning of Web-Applications) and Real-time Application Self Protection (RASP) Voltage End-to-End Protection of sensitive data thru Data De-Identification (Data Masking: Secure Stateless Tokenization and Format Preserving Encryption) Atalla Enterprise Secure Key Management (ESKM – Public Key Infrastructure) Aruba Authentication Authorization, Accounting (AAA) – (Clearpass Policy Manager: CPPM), (Application-)Firewalling, VPN HPE Security Fortify (Application Security) HPE Security – Data Security (Voltage/Atalla) IoT Cloud / Platform IoT Platform HPE Aruba (Communication Security) Connectivity Edge Computing IoT Endpoints

11 HPE Security Solutions Overview
IoT Platform IoT Endpoints Connectivity Edge Computing Visualization IoT Cloud / Platform Data, Applications, Communication, Users HPE Security ArcSight (Security Intelligence) HPE Security Fortify (Application Security) HPE Security – Data Security (Voltage/Atalla) HPE Aruba (Communication Security)

12 HPE Secure IoT Application Lifecycle
Data, Applications, Communication, Users IoT Platform IoT Endpoints Connectivity Edge Computing Visualization IoT Cloud / Platform HPE ADM (Application Delivery Management) HPE ITOM (IT Operations Management) HPE Security ArcSight (Security Intelligence) HPE Security Fortify (Application Security) HPE Security – Data Security (Voltage/Atalla) HPE Aruba (Communication Security) HPE ADM, ITOM and Security solutions provide a secure IoT Application Lifecycle

13 IoT Data Protection with HPE Security – Data Security

14 End-to-End Protection
Data Centric Security for end-to-end protection with HPE Security – Data Security (Voltage SecureData) End-to-End Protection xgbl i.hull xii FPE Call W.Wolf now Protects Data On-Premise, Cloud and Big Data environments Protects Data on Creation, in Transition, at Rest and on Access FPE: Format Preserving Encryption

15 End-to-End Event Data Protection for connected Trucks
Authorized and On-Demand Data Identification IoT Platform Transport / Storage / Processing of De-Identified (protected) Data Data Data De-Identification on Edge-Computing Device on the Trucks Data Data GPS Sensor ECU

16 Live Demo

17 Thank You! Angelo Brancato, CISSP, CISM. CCSK
Chief Technologist – HPE Security Mobile:  hpe.com/security

Download ppt "IoT Security Part 1, The Data"

Similar presentations

Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Cloud Usability Framework

Cloud Usability Framework
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
The ERA of API in the World of IoT Jing Zhang-Lee November, 2015.

The ERA of API in the World of IoT Jing Zhang-Lee November, 2015.
Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.

Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.

ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.
ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.

ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.
Managing End Point Security Starts at the Perimeter DIR ISF April 14&15, 2016 Randy Guin, CISSP, CGEIT.

Managing End Point Security Starts at the Perimeter DIR ISF April 14&15, 2016 Randy Guin, CISSP, CGEIT.
Mobile Security Solution Solution Overview Check Point Mobile Threat Prevention is an innovative approach to mobile security that detects and stops advanced.

Mobile Security Solution Solution Overview Check Point Mobile Threat Prevention is an innovative approach to mobile security that detects and stops advanced.
Blue Coat Cloud Continuum

Blue Coat Cloud Continuum
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.

PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
Verizon Intelligent Track and Trace: Serialization and Cold Chain

Verizon Intelligent Track and Trace: Serialization and Cold Chain
Protect your Digital Enterprise

Protect your Digital Enterprise
Learn how the cloud is accelerating network transformation

Learn how the cloud is accelerating network transformation
Network security Vlasov Illia

Network security Vlasov Illia
Tago Tago IoT DAY GRAIN BIN LEVEL? The epicenter of middleware

Tago Tago IoT DAY GRAIN BIN LEVEL? The epicenter of middleware
Advanced Endpoint Security Data Connectors-Charlotte January 2016

Advanced Endpoint Security Data Connectors-Charlotte January 2016

Similar presentations

Ads by Google