SlideShare a Scribd company logo

Sect f43

S
SelectedPresentations

The document discusses risks related to the Internet of Things (IoT) and strategies to manage those risks. It notes that IoT involves connecting many devices which generates large amounts of data. Key risks include lack of security in IoT standards, physical attacks on devices, and ensuring identity and privacy as billions of objects come online. The document recommends approaches like access control, encryption, network segmentation, threat intelligence, and data analytics to help secure the complex IoT environment as it continues to grow dramatically in coming years.

1 of 25
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Session ID: Session Classification: Kim Singletary McAfee Advanced RIOT CONTROL The Art of Managing Risk for Internet of Things
► What is IoT and why is it different? ► What are the risks? ► What are the emerging areas that will help provide security ► What can be done today Intro
The outcome of the application of human creative skills and imagination. The Art http://news.nationalgeographic.com/news/2012/12/pictures/121205-earth-night-science-space/
► 40% projected growth in global data generated year over year vs. 5% growth in global IT spending 1 ► By 2020 ► 40% of data will be generated by IoT 2 ► Connected Devices (IoT) will represent 24 Billion 3 1. McKinsey, Big Data:The next frontier for innovation, competition and productivity (June 2011) 2. IDC/EMC, Digital Universe (2011) 3. GSMA conducted by Machina Research IoT is BIG
Change in Types of Data Small files Big files Constant data Cyclic or bursty data Internet data Video IP Voice Smart Health Smart Transport Asset tracking Metering Retail POS Signage Industrial Controls CCTV Smaller Files Bigger Files
Connected Devices In The Past
Ability to put Sensors in Everything ► Improved Power Management ► Ipv6 Ambient Networking (Everywhere) ► Open Standards ► Increased bandwidth and coverage Analyze Everything ► Processor Speed ► Big Data Why IoT?
Current Connected Devices
Future of IoT
Tracking Behavior/Usage Enhanced Situational Awareness Sensor Driven Decision Analytics Process Optimization Optimized Resource Consumption Complex Autonomous Systems IoT Applications Information and Analysis Automation And Control
February 15, 201311 Source: Forbes, 7/23/2012 Will you be ready for the M2M world? Ray Wang
► Energy & Water Mgmt. ► Smart City/Smart Planet ► Robotics/Industrial Control ► Bldg. Mgmt./Automation ► Transportation ► Healthcare ► Military ► Retail ► Consumer Tech. Industries Pockets of Innovation, Efficiency, Automation
Compliance Confidentiality – Integrity - Availability Intent of Use = Risk Control Boundaries Physical Interactions Kinetic Outcomes
Engine or Service? Power by the Hour
The Thing Lifestyle √ ? ! X
The Security Architecture Access, Authentication, Authorization Data & Privacy Application Network
► End-to-end security is not yet addressed in all the IoT related standards ► Attacks at physical layer ► Machine level integrity checks ► Identity linking ► Anonymity ► Secure deployment of credentials for lots of objects ► User interface to control/manage security Security Issues for Pervasive IoT
Network Network Types • Shortwave • Satellite • LTE/5G • WiMax/Microwave • WiFi • Femtocell • Bluetooth • Zigbee • Dash7 • PLC Fail-Over Parameters • Speed • Error-rate • Packet Loss • Price • Assurance/Reputation Context Setting • Policy for Connection • Duration • Quality of Service • Policy for Roaming • Policy for Fail-Over • Policy for Compliance
► IPv6 ► Management Tools Available? ► Support in organization for dual networks? ► Ready to leave comfort of NAT? ► Is someone squatting in your dark space? ► Open Flow to Software Defined Networks - Take control out of hands of infrastructure - ACL’s and routing protocols will not provide enough agility for security Emerging Network for IoT
► TRILL ► Possible Spanning Tree Alternative ► Get more efficiency of available bandwidth and meshed network ► Opportunity to Load Balance ► DNS Sec/DANE - Prevent DNS cache poisoning - Obtain Authentication of Named Entities with SSL info on certs Emerging Network for IoT
► Boot or Power On Authentication ► Stop unauthorized devices from entering the network ► Proactive Intelligence in the Flow ► IETF REPUTON and IETF 6MAN/Packet Staining WG ► Include suspicious behavior indicator in flow ► Adaptive Information Infrastructure ► Holonic Systems; Dual in Nature ► Wholes in themselves ► Simultaneously integral or larger wholes ► Competitive Learning ► Nodes compete for right to respond ► Increasing specialization of each node of the cluster IoT Endpoint Control
► Hardware Identification and Access Control ► Specify computing platforms - Intel TXT ► Cloud Security Standards and Metrics ► Zones/Compliance/Service Level for IoT ► Big Data/Analytics/Management ► Access Authority ► Retention Policy ► De-Identification of Context Specific Data Cloud – Data Center - App
► Integrity Control (Endpoints and Embedded Systems) ► Hardware Assisted Rootkit Defense ► Global Threat Intelligence integrated at endpoint and network ► Network IPS and Softswitch IPS ► Asset Detection and Real-time Mgmt. ► Big Security Data Management Today’s Security Options
► IoT will be everywhere ► IoT will need orchestrators who can design and balance risk and reward models ► IoT is challenging and will be complex and intriguing Summary
@ksingletary

More Related Content

PDF
Solving Industrial Data Integration with Machine Intelligence
Bit Stew Systems
 
PDF
IoT Security and Privacy Considerations
Kenny Huang Ph.D.
 
PPTX
Privacy and security in IoT
Vasco Veloso
 
PDF
IoT Edge Intelligence - The need for new software development approaches
Bart Jonkers
 
PPTX
Driving IT Transformation with Agile Analytics
Bit Stew Systems
 
PPTX
Edge intelligence slide share
Bit Stew Systems
 
PDF
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Stanford School of Engineering
 
PDF
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
Kyle Lai
 
Solving Industrial Data Integration with Machine Intelligence
Bit Stew Systems
 
IoT Security and Privacy Considerations
Kenny Huang Ph.D.
 
Privacy and security in IoT
Vasco Veloso
 
IoT Edge Intelligence - The need for new software development approaches
Bart Jonkers
 
Driving IT Transformation with Agile Analytics
Bit Stew Systems
 
Edge intelligence slide share
Bit Stew Systems
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Stanford School of Engineering
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
Kyle Lai
 

What's hot (20)

PDF
Research Topics in IOT
Techsparks
 
PPTX
Internet of things security "Hardware Security"
Ahmed Mohamed Mahmoud
 
PPTX
Internet of Things Forensics
Aakashjit Bhattacharya
 
PPT
M I Dentity 3 G 040111
Jan Vekemans
 
PPTX
DocomUSA Cyber Security
docomusa
 
PPTX
Internet of things security challenges
Hadi Fadlallah
 
PPTX
Law seminars intl cybersecurity in the power industry
Kevin Murphy
 
PDF
Cybridge Secure Content Filter for SCADA Networks
George Wainblat
 
PPTX
Introduction to IoT Security
CAS
 
PPTX
Blockchain for Manufacturing Sector
SuradhaIyer
 
PPTX
S_IOT_Intro.pptx
rutika12345
 
PPTX
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
David Glover
 
PDF
IoT Internet of things
Rafi Khan
 
PPTX
Cross domain autonomous cooperation cross-domain autonomous cooperation
Peter Waher
 
PPT
IoT Security by Sanjay Kumar
OWASP Delhi
 
PPTX
Conference Security by Design - Gemalto - Security in IoT
Witekio
 
PPTX
Iot Security
MAITREYA MISRA
 
PPTX
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
Dataconomy Media
 
PPTX
Internet of Things Security
Tutun Juhana
 
PPTX
Securing Internet of Things
Rishabh Sharma
 
Research Topics in IOT
Techsparks
 
Internet of things security "Hardware Security"
Ahmed Mohamed Mahmoud
 
Internet of Things Forensics
Aakashjit Bhattacharya
 
M I Dentity 3 G 040111
Jan Vekemans
 
DocomUSA Cyber Security
docomusa
 
Internet of things security challenges
Hadi Fadlallah
 
Law seminars intl cybersecurity in the power industry
Kevin Murphy
 
Cybridge Secure Content Filter for SCADA Networks
George Wainblat
 
Introduction to IoT Security
CAS
 
Blockchain for Manufacturing Sector
SuradhaIyer
 
S_IOT_Intro.pptx
rutika12345
 
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
David Glover
 
IoT Internet of things
Rafi Khan
 
Cross domain autonomous cooperation cross-domain autonomous cooperation
Peter Waher
 
IoT Security by Sanjay Kumar
OWASP Delhi
 
Conference Security by Design - Gemalto - Security in IoT
Witekio
 
Iot Security
MAITREYA MISRA
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
Dataconomy Media
 
Internet of Things Security
Tutun Juhana
 
Securing Internet of Things
Rishabh Sharma
 
Ad

Similar to Sect f43 (20)

PDF
Drobics trustworthy io-t-for-industrial-applications
Mario Drobics
 
DOCX
Addressing security and privacy in io t ecosystem v0.4
Somasundaram Jambunathan
 
PPTX
IoT and the industrial Internet of Things - june 20 2019
John D. Johnson
 
PPTX
Introduction to IOT security
Priyab Satoshi
 
PDF
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
Jackson Shaw
 
PDF
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
sandhibhide
 
PDF
Security in IoT
SKS
 
PPTX
Key challenges facing the future of IoT
Ahmed Banafa
 
PPTX
Future of IoT: Key Challenges to Face
Altoros
 
PDF
Secure and Smart IoT using Blockchain and AI
Ahmed Banafa
 
PPTX
Iot Solution Development Platform
Unmesh Ballal
 
PPT
Lecture About Internet of Things, this ppt about basic knowladge about internet
ALAMGIRHOSSAIN256982
 
DOCX
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 
PDF
Emerging Technology Risk Series - Internet of Things (IoT)
Eryk Budi Pratama
 
PDF
INTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoT
Muhammad Ahad
 
PDF
IoT and IIoT - Security Challenges and Innovative Approaches
Shashi Kiran
 
PDF
2.pdf
Nikhil Patankar
 
PPTX
Top Security Solutions for Hyperconnectivity and IoT: A Comprehensive Guide
knowledgenile
 
PPTX
The internet of things (io t)
shashankvaidyar2
 
PPTX
The internet of things (io t) : IoT academy
AnkitThakkar46
 
Drobics trustworthy io-t-for-industrial-applications
Mario Drobics
 
Addressing security and privacy in io t ecosystem v0.4
Somasundaram Jambunathan
 
IoT and the industrial Internet of Things - june 20 2019
John D. Johnson
 
Introduction to IOT security
Priyab Satoshi
 
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
Jackson Shaw
 
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
sandhibhide
 
Security in IoT
SKS
 
Key challenges facing the future of IoT
Ahmed Banafa
 
Future of IoT: Key Challenges to Face
Altoros
 
Secure and Smart IoT using Blockchain and AI
Ahmed Banafa
 
Iot Solution Development Platform
Unmesh Ballal
 
Lecture About Internet of Things, this ppt about basic knowladge about internet
ALAMGIRHOSSAIN256982
 
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 
Emerging Technology Risk Series - Internet of Things (IoT)
Eryk Budi Pratama
 
INTEROPERABILITY, FLEXIBILITY AND INDUSTRIAL DESIGN REQUIREMENTS IN THE IoT
Muhammad Ahad
 
IoT and IIoT - Security Challenges and Innovative Approaches
Shashi Kiran
 
2.pdf
Nikhil Patankar
 
Top Security Solutions for Hyperconnectivity and IoT: A Comprehensive Guide
knowledgenile
 
The internet of things (io t)
shashankvaidyar2
 
The internet of things (io t) : IoT academy
AnkitThakkar46
 
Ad

More from SelectedPresentations (20)

PDF
Длительное архивное хранение ЭД: правовые аспекты и технологические решения
SelectedPresentations
 
PDF
Трансграничное пространство доверия. Доверенная третья сторона.
SelectedPresentations
 
PDF
Варианты реализации атак через мобильные устройства
SelectedPresentations
 
PDF
Новые технологические возможности и безопасность мобильных решений
SelectedPresentations
 
PDF
Управление безопасностью мобильных устройств
SelectedPresentations
 
PDF
Современные технологии контроля и защиты мобильных устройств, тенденции рынка...
SelectedPresentations
 
PDF
Кадровое агентство отрасли информационной безопасности
SelectedPresentations
 
PDF
Основное содержание профессионального стандарта «Специалист по безопасности и...
SelectedPresentations
 
PDF
Основное содержание профессионального стандарта «Специалист по безопасности а...
SelectedPresentations
 
PDF
Основное содержание профессионального стандарта «Специалист по технической за...
SelectedPresentations
 
PDF
Основное содержание профессионального стандарта «Специалист по безопасности т...
SelectedPresentations
 
PDF
О профессиональных стандартах по группе занятий (профессий) «Специалисты в об...
SelectedPresentations
 
PDF
Запись активности пользователей с интеллектуальным анализом данных
SelectedPresentations
 
PDF
Импортозамещение в системах ИБ банков. Практические аспекты перехода на росси...
SelectedPresentations
 
PDF
Обеспечение защиты информации на стадиях жизненного цикла ИС
SelectedPresentations
 
PDF
Документ, как средство защиты: ОРД как основа обеспечения ИБ
SelectedPresentations
 
PDF
Чего не хватает в современных ids для защиты банковских приложений
SelectedPresentations
 
PDF
Об участии МОО «АЗИ» в разработке профессиональных стандартов в области инфор...
SelectedPresentations
 
PDF
Оценка состояния, меры формирования индустрии информационной безопасности Рос...
SelectedPresentations
 
PDF
Об угрозах информационной безопасности, актуальных для разработчика СЗИ
SelectedPresentations
 
Длительное архивное хранение ЭД: правовые аспекты и технологические решения
SelectedPresentations
 
Трансграничное пространство доверия. Доверенная третья сторона.
SelectedPresentations
 
Варианты реализации атак через мобильные устройства
SelectedPresentations
 
Новые технологические возможности и безопасность мобильных решений
SelectedPresentations
 
Управление безопасностью мобильных устройств
SelectedPresentations
 
Современные технологии контроля и защиты мобильных устройств, тенденции рынка...
SelectedPresentations
 
Кадровое агентство отрасли информационной безопасности
SelectedPresentations
 
Основное содержание профессионального стандарта «Специалист по безопасности и...
SelectedPresentations
 
Основное содержание профессионального стандарта «Специалист по безопасности а...
SelectedPresentations
 
Основное содержание профессионального стандарта «Специалист по технической за...
SelectedPresentations
 
Основное содержание профессионального стандарта «Специалист по безопасности т...
SelectedPresentations
 
О профессиональных стандартах по группе занятий (профессий) «Специалисты в об...
SelectedPresentations
 
Запись активности пользователей с интеллектуальным анализом данных
SelectedPresentations
 
Импортозамещение в системах ИБ банков. Практические аспекты перехода на росси...
SelectedPresentations
 
Обеспечение защиты информации на стадиях жизненного цикла ИС
SelectedPresentations
 
Документ, как средство защиты: ОРД как основа обеспечения ИБ
SelectedPresentations
 
Чего не хватает в современных ids для защиты банковских приложений
SelectedPresentations
 
Об участии МОО «АЗИ» в разработке профессиональных стандартов в области инфор...
SelectedPresentations
 
Оценка состояния, меры формирования индустрии информационной безопасности Рос...
SelectedPresentations
 
Об угрозах информационной безопасности, актуальных для разработчика СЗИ
SelectedPresentations
 

Sect f43

  • 1. Session ID: Session Classification: Kim Singletary McAfee Advanced RIOT CONTROL The Art of Managing Risk for Internet of Things
  • 2. ► What is IoT and why is it different? ► What are the risks? ► What are the emerging areas that will help provide security ► What can be done today Intro
  • 3. The outcome of the application of human creative skills and imagination. The Art http://news.nationalgeographic.com/news/2012/12/pictures/121205-earth-night-science-space/
  • 4. ► 40% projected growth in global data generated year over year vs. 5% growth in global IT spending 1 ► By 2020 ► 40% of data will be generated by IoT 2 ► Connected Devices (IoT) will represent 24 Billion 3 1. McKinsey, Big Data:The next frontier for innovation, competition and productivity (June 2011) 2. IDC/EMC, Digital Universe (2011) 3. GSMA conducted by Machina Research IoT is BIG
  • 5. Change in Types of Data Small files Big files Constant data Cyclic or bursty data Internet data Video IP Voice Smart Health Smart Transport Asset tracking Metering Retail POS Signage Industrial Controls CCTV Smaller Files Bigger Files
  • 7. Ability to put Sensors in Everything ► Improved Power Management ► Ipv6 Ambient Networking (Everywhere) ► Open Standards ► Increased bandwidth and coverage Analyze Everything ► Processor Speed ► Big Data Why IoT?
  • 10. Tracking Behavior/Usage Enhanced Situational Awareness Sensor Driven Decision Analytics Process Optimization Optimized Resource Consumption Complex Autonomous Systems IoT Applications Information and Analysis Automation And Control
  • 11. February 15, 201311 Source: Forbes, 7/23/2012 Will you be ready for the M2M world? Ray Wang
  • 12. ► Energy & Water Mgmt. ► Smart City/Smart Planet ► Robotics/Industrial Control ► Bldg. Mgmt./Automation ► Transportation ► Healthcare ► Military ► Retail ► Consumer Tech. Industries Pockets of Innovation, Efficiency, Automation
  • 13. Compliance Confidentiality – Integrity - Availability Intent of Use = Risk Control Boundaries Physical Interactions Kinetic Outcomes
  • 17. ► End-to-end security is not yet addressed in all the IoT related standards ► Attacks at physical layer ► Machine level integrity checks ► Identity linking ► Anonymity ► Secure deployment of credentials for lots of objects ► User interface to control/manage security Security Issues for Pervasive IoT
  • 18. Network Network Types • Shortwave • Satellite • LTE/5G • WiMax/Microwave • WiFi • Femtocell • Bluetooth • Zigbee • Dash7 • PLC Fail-Over Parameters • Speed • Error-rate • Packet Loss • Price • Assurance/Reputation Context Setting • Policy for Connection • Duration • Quality of Service • Policy for Roaming • Policy for Fail-Over • Policy for Compliance
  • 19. ► IPv6 ► Management Tools Available? ► Support in organization for dual networks? ► Ready to leave comfort of NAT? ► Is someone squatting in your dark space? ► Open Flow to Software Defined Networks - Take control out of hands of infrastructure - ACL’s and routing protocols will not provide enough agility for security Emerging Network for IoT
  • 20. ► TRILL ► Possible Spanning Tree Alternative ► Get more efficiency of available bandwidth and meshed network ► Opportunity to Load Balance ► DNS Sec/DANE - Prevent DNS cache poisoning - Obtain Authentication of Named Entities with SSL info on certs Emerging Network for IoT
  • 21. ► Boot or Power On Authentication ► Stop unauthorized devices from entering the network ► Proactive Intelligence in the Flow ► IETF REPUTON and IETF 6MAN/Packet Staining WG ► Include suspicious behavior indicator in flow ► Adaptive Information Infrastructure ► Holonic Systems; Dual in Nature ► Wholes in themselves ► Simultaneously integral or larger wholes ► Competitive Learning ► Nodes compete for right to respond ► Increasing specialization of each node of the cluster IoT Endpoint Control
  • 22. ► Hardware Identification and Access Control ► Specify computing platforms - Intel TXT ► Cloud Security Standards and Metrics ► Zones/Compliance/Service Level for IoT ► Big Data/Analytics/Management ► Access Authority ► Retention Policy ► De-Identification of Context Specific Data Cloud – Data Center - App
  • 23. ► Integrity Control (Endpoints and Embedded Systems) ► Hardware Assisted Rootkit Defense ► Global Threat Intelligence integrated at endpoint and network ► Network IPS and Softswitch IPS ► Asset Detection and Real-time Mgmt. ► Big Security Data Management Today’s Security Options
  • 24. ► IoT will be everywhere ► IoT will need orchestrators who can design and balance risk and reward models ► IoT is challenging and will be complex and intriguing Summary