Cisco Nederland

Cisco IoT Threat Defense

17 June 2019

The Internet of Things (IoT) is impacting every business and fundamentally changing how we look at the devices that connect to a company. These things vastly expand the attack surface of a company. Manufacturing is one of the most targeted sectors; 32% of cyber-attacks occurred in manufacturing.

Most IoT devices and control systems are vulnerable- hence hackers target manufacturing IoT devices because they have little or no security capabilities. Few use encryption and many are unmanaged from a patching and vulnerability updates perspective. Security was simply not part of the design. They can participate in sophisticated attacks such as DDoS or network invasion. They can be converted to zombies and used as agents of persistence. They can be used for ransom by shutting down or halting business entirely. Worst of all, they can be used to cause physical harm.

Despite these issues, the Internet of Things helps manufacturers gain efficiencies, harness intelligence from a wide range of equipment, improve operations, and increase customer satisfaction. That is why connectivity of these highly vulnerable environments almost doubled within three years. The increasing demand for connecting more and more devices complicates security because attack surfaces are greatly increased. OT and IT professionals want to protect their manufacturer networks and devices to ensure safety and continuity of business.

Cisco’s IoT Threat Defense solution solves these manufacturer challenges through Visibility and Analytics, Secure Remote Access, Segmentation, and Services. At the Cisco booth at the IoT Expo we will show case this solution, as well as our Cisco Kinetic platform to collect data from IoT devices.

Visibility, Analysis and Enforcement

You cannot protect what you cannot see: visibility across the network and connected devices is achieved via several methods, which are explained below.

The Cisco Identity Services Engine (ISE) provides enhanced visibility into who (identities of users and systems) and what (types of devices, including IoT devices) are connecting to your network. It builds contextual elements such as user/device roles, time of day, device posture, and location according to a specific security policy. Each of these contribute to define and enforce role-based access controls used by Cisco TrustSec (also used by Cisco’s Software Defined LAN infrastructure: Cisco DNA).

Cisco Stealthwatch turns the network into a sensor, ingesting and analyzes traffic metadata collected as NetFlows from infrastructure and workstations, creating a baseline of the normal IoT communication of an organization and its users. From this baseline, it is then much easier to identify infections or sophisticated attackers infiltrating the network trying to take over. Book your free Stealthwatch trial here

Another challenge in industrial environments is that most OT endpoints do not have ability to communicate their identity to the Network Infrastructure or Security platforms in the same way as IT endpoints do using 802.1x supplicants or other means. Cisco Industrial Network Director (IND) is a purpose-built platform for managing industrial networks and ties the identity and context elements back in to Cisco ISE. It is designed to help operations teams gain full visibility of network and automation devices in the context of the automation process and provides improved system availability and performance, leading to increased overall equipment effectiveness (OEE).

Cisco Umbrella is a first line of defense that leverages DNS to block malicious outbound connections, before they are set up. When malicious actors compromise an IoT device the first thing they will try to do is connect to a Command and Control server. Almost always this will leverage DNS (for example with an Algorithm Generated Domain), and this is where Umbrella steps in and blocks the request. Book your free 14 days Umbrella trial here.

Finally, Cisco’s Next-Generation Firewall Platform (Firepower Threat Defense) offers perimeter inspection. The Firepower platform uses Snort engines to inspect traffic and has many built-in features to inspect industrial protocols like SCADA. The devices come in both rack mountable, as well as ruggedized form factors.


Secure Remote Access

Increased connectivity has arguably more benefits than drawbacks, so it’s no surprise that many equipment vendors, such as industrial and healthcare equipment vendors, require remote support in their support contracts. It saves the vendor’s operational costs when they do not need to send a technician on-site, and remote support can reduce downtime for customers as the technician gets to work while still on the phone with the customer.

IoT Threat Defense provides secure communications from the remote party to the network and employs segmentation, visibility, and analysis to make sure remote users do not introduce threats but access only the systems for which they are allowed access.

Would you like to learn more? Do you have questions regarding Cisco’s IoT Threat Defense? I am more than happy to answer them. Please visit us at booth no. 431. Looking forward to meet you!