The Internet of Things (IoT) is
impacting every business and fundamentally changing how we look at the devices
that connect to a company. These things vastly expand the attack surface of a
company. Manufacturing is one of the most targeted sectors; 32% of cyber-attacks
occurred in manufacturing.
Most IoT devices and control systems
are vulnerable- hence hackers target manufacturing IoT devices because they
have little or no security capabilities. Few use encryption and many are
unmanaged from a patching and vulnerability updates perspective. Security was
simply not part of the design. They can participate in sophisticated attacks
such as DDoS or network invasion. They can be converted to zombies and used as
agents of persistence. They can be used for ransom by shutting down or halting
business entirely. Worst of all, they can be used to cause physical harm.
Despite these issues, the Internet
of Things helps manufacturers gain efficiencies, harness intelligence from a
wide range of equipment, improve operations, and increase customer
satisfaction. That is why connectivity of these highly vulnerable environments
almost doubled within three years. The increasing demand for connecting more
and more devices complicates security because attack surfaces are greatly
increased. OT and IT professionals want to protect their manufacturer networks
and devices to ensure safety and continuity of business.
Cisco’s IoT Threat Defense solution
solves these manufacturer challenges through Visibility and Analytics, Secure Remote
Access, Segmentation, and Services. At the Cisco booth at the IoT Expo we
will show case this solution, as well as our Cisco Kinetic platform to collect
data from IoT devices.
Visibility, Analysis and Enforcement
You cannot protect what you cannot
see: visibility across the network and connected devices is achieved via
several methods, which are explained below.
Identity Services Engine (ISE) provides enhanced visibility into who
(identities of users and systems) and what (types of devices, including
IoT devices) are connecting to your network. It builds contextual elements such
as user/device roles, time of day, device posture, and location according to a
specific security policy. Each of these contribute to define and enforce
role-based access controls used by Cisco TrustSec (also used by Cisco’s
Software Defined LAN infrastructure: Cisco DNA).
Cisco Stealthwatch turns the network into a sensor, ingesting and analyzes
traffic metadata collected as NetFlows from infrastructure and workstations,
creating a baseline of the normal IoT communication of an organization and its
users. From this baseline, it is then much easier to identify infections or
sophisticated attackers infiltrating the network trying to take over. Book your
free Stealthwatch trial here
Another challenge in industrial
environments is that most OT endpoints do not have ability to communicate their
identity to the Network Infrastructure or Security platforms in the same way as
IT endpoints do using 802.1x supplicants or other means. Cisco
Industrial Network Director (IND) is a purpose-built platform for
managing industrial networks and ties the identity and context elements back in
to Cisco ISE. It is designed to help operations teams gain full visibility of
network and automation devices in the context of the automation process and
provides improved system availability and performance, leading to increased overall
equipment effectiveness (OEE).
Umbrella is a first line of defense that
leverages DNS to block malicious outbound connections, before they are set up.
When malicious actors compromise an IoT device the first thing they will try to
do is connect to a Command and Control server. Almost always this will leverage
DNS (for example with an Algorithm Generated Domain), and this is where
Umbrella steps in and blocks the request. Book your free 14 days Umbrella trial
Next-Generation Firewall Platform (Firepower Threat Defense) offers
perimeter inspection. The Firepower platform uses Snort engines to inspect
traffic and has many built-in features to inspect industrial protocols like
SCADA. The devices come in both rack mountable, as well as ruggedized form
Secure Remote Access
Increased connectivity has arguably
more benefits than drawbacks, so it’s no surprise that many equipment vendors,
such as industrial and healthcare equipment vendors, require remote support in
their support contracts. It saves the vendor’s operational costs when they do
not need to send a technician on-site, and remote support can reduce downtime
for customers as the technician gets to work while still on the phone with the
IoT Threat Defense provides secure
communications from the remote party to the network and employs segmentation,
visibility, and analysis to make sure remote users do not introduce threats but
access only the systems for which they are allowed access.
Would you like to learn more? Do you have questions regarding Cisco’s IoT Threat Defense? I am more than happy to answer them. Please visit us at the IoT Tech Expo Europe at booth no. 431. Looking forward to meet you!
Christopher van der Made, Consulting System Engineer Security at Cisco