When Walls Come Down: Working Together to Protect IoT Devices
When you begin remodeling an older home you realize that some walls are there for good reasons. Others block our modern, open-floor-plan lifestyles and can come down. Years ago, factories and utilities separated their Information Technology (IT) and Operations Technology (OT) teams. The thinking was that such walls helped ensure reliability and uptime so that critical systems stay running. The Internet of Things (IoT) is challenging this old model and causing a shift in how OT and IT work.
Gartner estimates that there will be 20 billion connected things by 2020 in all economic sectors including healthcare, manufacturing, and utilities. And the promise of the IoT is a wealth of benefits. Our research shows that these industries stand to gain trillions of dollars in digital value, be it from increasing uptime, productivity, and global competitive advantage, to the efficient and confident delivery of power everywhere it is needed. Connectedness makes this possible. Yet it also brings a whole new generation of risks.
Industroyer uses industrial communication protocols that were designed years ago when industrial systems were walled off from other systems. The malware communicates using a language the systems understand and can control electricity substation switches and circuit breakers directly, disrupting power, creating other failures, and even destroying infrastructure.
In addition to serving as stepping stones into corporate networks, IoT devices are being hijacked for use in IoT botnets. Over the last year IoT botnets have infected hundreds of thousands of devices, turning them into armies capable of launching powerful, coordinated attacks against major corporations and Internet infrastructure that other enterprises rely on. One of the most destructive is BrickerBot, which not only compromises devices but can damage them so severely that the hardware must be reinstalled or replaced. You can read the Cisco 2017 Midyear Cybersecurity Report for more details on these types of attacks and how they work.
Our researchers have been monitoring for years how mobility, cloud computing, and other technology advancements are redefining the security perimeter that you’re charged with defending. As IoT devices proliferate, adversaries will have ample opportunity to exploit vulnerabilities and security gaps for maximum impact. So what can you do to more quickly detect and stop malicious activity at the endpoint, including IoT devices, and even detect ‘infrastructure harvesting’ – where adversaries use infrastructures as a launching pad for attacks?
As walls come down that expose organizations to threats, other walls must come down to strengthen defenses. I’m talking about the traditional wall between IT and OT. But that’s only possible with a proven solution that extends security from the corporate network to the industrial control network and the IoT devices they connect to, while respecting and upholding performance requirements for both.
Cisco’s new IoT Threat Defense solution is a portfolio of products and services to detect and defeat IoT threats. It starts with awareness of every endpoint on your network, including IT and OT devices, through Cisco Identity Services Engine (ISE). Cisco ISE also facilitates authoring and provisioning software-defined segmentation (such as Cisco TrustSec) policy for both IT and OT networks. With this visibility, when an authorized endpoint connects to the Internet directly, Cisco Umbrella and Umbrella Roaming deliver a first line of defense against infections by blocking connections to bad IP addresses, URLs and domains. Cisco Umbrella protects any and all devices using any ports and can be easily activated in AnyConnect to provide seamless protection from malware, phishing, and command-and-control callbacks.
Complementing Cisco Umbrella, Cisco AMP for Endpoints provides protection on the endpoint itself. If a user clicks on a site that has been recently infected with malware or attempts to download a malicious file, Cisco AMP for Endpoints stops these types of known and unknown attacks. Even if user devices don’t have an AMP for Endpoint agent, AMP can tell you if the system is compromised. You can see how AMP for Endpoints works by downloading this cool, new, instant demo. Instead of just watching a video demo, you can interact with the console. An audio tour guides you as AMP for Endpoints uses various methods to prevent breaches and continuously monitors all file behavior to uncover and contain stealthy threats that evade defenses and get inside.
Cisco Cognitive Threat Analytics extends threat detection and protection to devices where AMP for Endpoints can’t be installed, like IoT-type devices and personal devices. It blocks attempts to establish a presence in your environment and pinpoints unusual traffic before data can be exfiltrated.
Our IoT Threat Defense solution builds on our Cisco Firepower next-generation firewall which includes endpoint security capabilities to prevent an attack in the first place. But if a threat gets through, it uses segmentation, network visibility and continuous analysis, and expert guidance to respond to incidents.
No organization wants to leave value on the table. As walls come down, the potential for upside is huge in the digital age. Cisco is here to help with the most comprehensive cybersecurity solution set for the IoT – one that balances the right walls with the right level of interconnectedness and helps deliver on the true promise of the IoT.