Page 1

State University of New York at Morrisville ​we'll cover IL t which is if you look at the number of devices it's going to be the biggest thing that you'll ever see right currently we don't have that many devices may be within the audience you maybe have a SmartWatch you maybe have a fitness tracker everybody definitely has a smartphone but this thing is going to change in the coming years we're probably going to see maybe four to five devices per person and these are devices that we're going to be carrying continuously with us now the predictions are looking at adding 20 20 to 25 billion devices onto the network within the next few years and this is a massive number one of the biggest issues that we see is that a lot of these devices are going to be something called headless devices headless effectively means that it's not even meant to be operated it's not mean it meant to be updated so imagine if you have a potential security issue with one of the systems the manufacturer of the device hasn't even considered about a possibility of a field upgrade these are devices that are key nobody wants to produce expensive devices because the competition we take over them which is the price so devices that don't even have the capability to be fixed or patch when a vulnerability is found the only solution really is to throw them away and by anyone and this is a continuous cycle that will increase the volume of devices that you see in this network now what is in ilc this is a collection of retail spawn from the internet this paola isn't what the regular person things I LTS yes we're working in IP were working in security but if you talk to somebody who has no experience in IT or security this is probably not the first thing that they come to their mind there's something completely different something like this trash bin posts to facebook when it's full or an xray that tells you that we're missing X from the fridge you need to order some more these are the kind of a thinks that the regular version today sees LT now the problem today is that when you started using these kind of systems on to corporate and enterprise networks it may not be because the enterprise is bringing that but it may be because the unitary is that women it may be not there on purpose it's forgotten accidentally in the office or on the risk and it enters the awkward one the problem is that today these are kind of a cool things the ilc is a funny cool naivety is at a very maximum level today what's going to happen over the time is we will start to realize what the potential of the IOT s as well as what the risks are that's going to take time the problem is time is not necessarily what we have because if you remember the first flight the volume of these devices keeps increasing increasing today you may carry this one smartphone but tomorrow you may have a smartphone or smart watch something else too deeply connected to the corporate world or even to your home so time is against us this is probably the best diagram that I was ready to find what I LCS and what it consists of now the consumer stuff that I just talked about it's just a small little fraction here the amount of devices and different sectors where these devices i mean is massive right now for an attacker to get into an corporate network the IOT device might just be a stepping stone it may not be the final target but if the accuracy is a compromise one system that system then carries itself onto a corporate network where it is then continually attacked this is where there is class today and it's not a new thing if we go back the apple of year season I think one of the most famous is the year starts now I mean it is industrial and one its operational technologies it's closed networks there's no internet connectivity and yet they were malware that was actually able to integrate the entire environment and it was even able to update itself several times over the years we've had cases where cars have been able to be compromised and these are vehicles that are on the road today so we're no longer talking about a lot of information or probably lots of data we're talking about possibility of harm to people imagine an attacker who follows the target connects remotely over to be the vehicle that he is driving the target and engages the brakes while doing 100 120 kilometres an hour on the highway you can see what the consequences here are and it's not just a single car manufacturer there's been already to power manufacturers that have been that on the with vehicles that can be compromised the only little bit here look too much echo the other thing that we've seen if you read the news last year there was an article about a person that claimed that he had he needed to access flight control systems while he was on board an airplane and he was able to access those systems to the small little entertainment system that every scene has the same first multiple entities in a vehicle access the ISS space station remotely again there's no validated the confirmation of this but these are the risks wherever you have devices that get connected to each other eventually you

will find somebody who is able to fight with those devices which shouldn't be connected at all now I mentioned already about the devices themselves earlier that one of the problems is that it's not necessarily a device that is designed to be secure one of the things when we're looking at i ltd by this is how quickly you can get it on the market second one is how cheap it is because the cost is going to be one of the dictated actors which product will take over the market now out of these three things security is in most of the cases the thing that's left over it's not considered at all because what it's going to do it's going to slow down the progress of getting the product to the market plus more importantly it's going to make it a lot more expensive it's very easy to create a product that doesn't need to be updated because it's a product that you use for maybe a year customer comes back but it's not pretty version there is no consideration even of building up a system that allows upgrades attached to these devices I mean a school in it we've seen cases where device manufacturers when we'd informed the more positive our abilities and powers or abilities within this product the response has been silenced there's no need to do anything about the product it's an old product maybe customers no bite anymore these are divided with the people still confusing people don't necessarily throw everything away after I feel they're here now what can the attacker can do with these vulnerable devices well one of the things is device the device attacks I'm sure if you've been into a meeting room a lot of the meeting rooms will have a TV pretty much everything with TV that is being sold today is a smart TV it'll probably have an internet connection maybe there's skype calls that are being done through the google TV there will be a camera there will be a microphone imagine if the attacker is able to infect us television compromise the television show that it reports the data video and audio of the events that take place in the meeting room and if this is an internal meeting room you will probably have an internal confidential information shared there and these kind of a infections could be easily done by a devices that are brought on to the environment without the knowledge of the actual company where they they exist the other thing is home networks anybody here who already has smart lights at all you can control yes so we have already people in the audience that that control their life in from home from home office smart lighting that we export they actually enter the feminism what they leave these are all connected devices again and there has been already home from our ability Sparkle dating either in these systems now come a business point of view when users go home if they have the laptop that laptop is going to be connected to the same network where those possibly compromised systems are already sitting so from a network perspective in fact in the whole network could be a possible stepping stone into the corporate network of the target now in terms of in terms of the IOPS though a single device that is compromised again allows a possibility to expand lateral movement within the network to expand to compromise further devices what are these are IOT devices or whether these are corporate servers for 10 points this is the biggest risk the IOT devices are not normally the final part of the attacker but rather they are purely a entry point to the network now one of the things that we've seen is Joseph as leaders in action you can imagine when the volume or the number of the sorties increases the volume of the actual attack also increases were already talking about the 600-meter bits per second attacks we're talking about the hundred thousand even in some cases there were references of up to 1 million devices that were being utilized to send an attack against specific targets and when we're talking about four or five devices per person on average that is going to be a lot of devices that can generate the track and as long as they're connected they will generate the track now another week guard for the problems how do we actually fix this where we have the answers for the secure securing these type of advisors well one of the things worse this obviously the devices themselves but again if we go back to slides is not the issue that manufacturers don't necessarily care that much about security it's the last thing on their mind so where does that leave the security then well it's the network in this case so that brings us to the problem number three which is the enterprise network the problem with the enterprise network is that it's already on yes it's continuously under threat and it will look at the the left side of the screen you can see that coyote it's actually there it's on the radar of IC and security managers but there are far more pressing matters that are a bigger concern today in the network cloud security is one of these insider threats I LT was listed only as the number five threats of the survey that coordinate the question to be conducted and when we're talking about three billion plus devices per year coming online and getting connected this is going to be a major challenge for everybody now if you look at how long it takes approximately for enterprises to realize that they've been breached there is a compromise that has happened with the reason studies we're talking about at least eighty five percent of the cases taking more than one hour to discover that we've been actually compromised that one hour is a lot of time for an attacker to spend around collecting information compromising for the machines and then expose reading data so the problems we have with the with the network today the mainly related to complexity they're related to the performance and the fact that networks today are pretty much more the less so let's look at these points individually so complexity one of the things today the issue really is that when you have your security within your environment you're going to have multiple different products from multiple different vendors myself I'm working for

vendor and if I were to come to you and say throw away all your security devices and put all coordinate devices in your network I know what your address going to be you're going to laugh you're going to say no way I'm not going to throw everything out I'm very happy with the products that I have some of the products may be falling at some of the products up multiplies they're not coordinate you won't be replacing everything from a single vendor so these single vendor solutions now sitting in your network today there's no real integration between them maybe there's a seam on the background collecting information from multiple sources and then presenting that information to you but we're still missing the actual interaction between different products the other problem is that the network's don't really have orders anymore previously even very simple to build up your defenses on the perimeter you had apparently the firewall maybe there was a DMZ which contains in popsies for email for web browsing and this is where all the vendors will build but today like I said earlier everybody will have a mobile phone in their pocket that mobile phone can be used to connect the internal systems to the Internet bypassing your your perimeter defenses maybe you're running some services in the cloud so your parameter now extends all the way to the cloud you have multiple different guest networks you don't even know who's necessarily connected to your network you don't know what devices are even that I fix your network these are all the problems that exist today in the network and where there is a way in there's also a way out the other problem is the performance and when you look at security it's always been seen as the opposite side of the infrastructure speed so the more security you add in everybody's mind normally that translates into smaller it will slow down the network for more security i add these are the clear problems will be able to network today and when you throw in the iot on top of this 3 billion devices per year what is it going to do to your network is the network going to be able to handle it or is gonna fall over so the obvious question is how do we fix this how do we address all of these issues and better yet how do we address them simultaneously now the first thing is the complexity I thought that previously all the vendors are usually you could see them as security vendors that are independent islands within the network those islands are not connected to each other in any way when one of the security solutions within an island detector attack that knowledge states within the island it doesn't spread anywhere else what you need is a solution that has bridges built between these islands so any detection happening on one of these products it will be able to relay that information across your internet work to any other products and i'm not talking about having everything from a single vendor but rather building up a solution that consists of multiple security products but these products must talk to each other they need to be able to update each other imagine you have your email security solution being able to detect a new malware that painting truly email you want to make sure that within the next few minutes your web application firewall and your parameter firewall and your endpoint security are all aware of this new threat and there's a new signature generated for this and this is something that the most likely you will have an environment with multiple different vendors noticing will run the solution this is the kind of local that you're looking for now water-wise what's easy to do is actually to consider everything in your network as a parameter so instead of having a clear parameter which is the internet link you should start considering an environment which is segmented you have different classes of users you have your data sir you have maybe three lines you have the cloud we have security for wireless each of these could be considered as a perimeter to at one and each of these parameters can be secured so integrating these solutions together basic eating now for the third part which is the performance so today's solutions that are available actually offer a high-performance already there's been a lot of development advancements in terms of functionalities and features and this goes hand in hand with the performance and what's very important always is to make sure that it works for you testing validating the performance of all the other products whether it's a lab environment whether it's a third-party test or whether it's actually your own production Network waves and test the new solution these are very simple ways to make sure that whatever you buy is the perfect fit into your network so a couple of questions that I leave you with two to think about before actually moving on and probably deploying your own ioc solutions within your network so is there already issues with the network am i already suffering with the the borderless network or is their performance issues can i add these new devices how much traffic are they going to generate who's going to secure the traffic is that something that my network can handle and as we've seen time over time today's IOT tomorrow it's going to be a completely different thing but it will be back your security with the issue of that thank you very much and if you have any questions about the habits watch it thank you Briarcliffe College - The Queens Center.