SDSN for IoT Stopping threats to the new IoT network Ben Baker – benbaker@juniper.net
Legal Statement Regarding Current Products and Intentions This statement of product direction sets forth Juniper Networks’ current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or functionality depicted on this statement. This presentation is subject to NDA stipulations
IoT Ransomware
IoT – The Art of Optimization Optimal outcomes Billions o of de devices
IoT – Security Threats Destruction & Chaos Billions o of de devices
IoT ransomware – a flow chart… Malware Threatens infiltration destruction
Getting ransomware and malware into IoT networks DNS spoofing Default passwords Phishing attacks AEP CDP IoT apps Both IoT devices and IoT application servers / supporting servers
Real world examples of IoT malware / ransomware Example 3: Example 1: Example 2: Jeep remote control Thermostat ransonware Amazon cameras malware https://www.wired.com/2015 http://motherboard.vice.com/re http://www.securityweek.com/m /07/hackers-remotely-kill- ad/internet-of-things- alware-found-iot-cameras-sold- jeep-highway/ ransomware-smart-thermostat amazon
Targets for IoT Ransomware and Malware IoT devices Server side IoT • IoT application servers • Application Enablement Platforms AEP CDP • Connected Device Platforms servers servers App servers
Potential IoT ransomware IoT Ransomware Impact Connected home mayhem Injury, destruction, death Misdirect connected cars Injury destruction, death Stop traffic lights Gridlock, mayhem, injury Medical device remote control Injury, death Deactivate water quality sensors Sickness, death Remote control of industrial IoT Injury, destruction, death
Software Defined Secure Networks (SDSN)
Perimeter Oriented Security Perimeter Hyper-connected Network Security at Perimeter Outside (Untrusted) Complex Security Policies Lateral Threat Propagation Internal (Trusted) Limited Visibility
Software Defined Secure Network Delivers Zero Trust Security Model Perimeter Secure Network Outside Simplified Security Policy (Untrusted) Block Lateral Threat Propagation Inside Comprehensive Visibility (Also Untrusted)
Software-Defined Secure Network Policy, Detection & Enforcement Bottoms Up and Top Down Approach – Dynamic and Adaptive Cloud-based Policy Engine Leverage entire network and Threat Defense ecosystem for threat intelligence Policy and detection Threat Detection Intelligence Enforcement Utilize any point of the network as a point of enforcement Network Dynamically execute policy across all network elements Campus DC & including third party devices Public Branch Private Cloud Cloud Detection Enforcement
Detection: Sky ATP
Sky Advanced Threat Prevention Sky ATP to the Rescue Security Gap Targeted Attacks Evasive Current solutions fail to protect Threats organizations from sophisticated, evasive attacks. APT Persistent Solutions Threats Poly- Fluxing morphic Opportunistic Attacks C&C Packing Plain Antivirus Virus Solutions Simple Threats Sophisticated Threats
Sky ATP Building Blocks Cutting •SRX firewall as Threat sensor and •Machine Edge enforcement Learning Platform point •Sandboxing Detection •Layered •Deception paradigm defense with techniques Techniques ATP, IDP, Web •Threat curation filtering, AV Rich Shared •Open platform •Integration with Forensics •RESTful APIs SIEM tools Threat to share and •Contextual and consume threat reporting and Intelligence information in analytics Reporting real time
The ATP Verdict Chain Staged Analysis: combining rapid response and deep analysis Suspect Suspect files enter the analysis chain in the cloud file Cache lookup: (~1 second) 1 Files we’ve seen before are identified and a verdict immediately goes back to SRX Anti-virus scanning: (~5 second) 2 Multiple AV engines to return a verdict, which is then cached for future reference Static analysis 1 st stage: (~5 second) 3 The static analysis engine does a deeper inspection, with the verdict again cached for future reference Dynamic analysis: (~7 minutes) 4 Dynamic analysis in a custom sandbox leverages deception and provocation techniques to identify evasive malware. The 2 nd stage Static Analysis run in parallel
IoT specific Advanced Threat Detection AEP CDP servers servers App servers IoT servers IoT devices Based on Windows or Linux Many are Linux based Juniper Policy Enforcer can stop Sky ATP: static & dynamic analysis for IoT malware East-West propagation Will be tailored for specific devices & applications SkyATP supports 3 rd party detection integration
SDSN Solutions to IoT Threats
Enterprise IoT infection – SDSN solution Internet CAMPUS 3 rd Party Feeds THREATS SRX Series Cluster Detect • Lateral threat propagation Infected Hosts SKY ATP • IoT botnet army recruitment SRX Policy & Feeds Core / SOLUTION BEHAVIORS SD Distribution Policy Enforcer • SkyATP detection of infected IoT UEs ND • C&C feeds Switch ACLs Access • Policy per IoT device type 🚬 • Enforce @ JNPR routers, switches, firewalls using infected host feed End Point Security Partner Solutions • 3 rd party remediation of infection Remediation of infection
Smart city connected buildings – SDSN solutions THREATS INTERNET • Malware / ransomware targeted at IoT devices • IoT device traffic “wandering” DATA CENTER Perimeter SRX Cluster • IoT devices attacking IoT servers vSRX vSRX SOLUTION BEHAVIORS DMZ VLAN • SDN w/NFX & Contrail to service chain vSRX vSRX NFX Internal SRX Cluster Lighting web • vSRX / NFX limits lateral threat propagation & HVAC web vSRX vSRX quarantines infected servers & IoT devices DMZ VLAN • SkyATP detection of infections • @ Connected building: infected IoT HVAC Lighting • @ DC: infected app/web/db servers app app Smart • vSRX protocol conformance / enforcement lighting DB_VLAN HVAC • Traffic policies enforced w/ v/SRX & switches IoT IoT Lighting db HVAC db Connected bldg
Smart city lighting – SDSN solution THREATS • Malware / ransomware targeted at IoT devices INTERNET • IoT device traffic “wandering” DATA CENTER Perimeter SRX • IoT devices attacking IoT servers Cluster vSRX vSRX DMZ VLAN SOLUTION BEHAVIORS vSRX NFX • SDN w/NSX & Contrail to service chain vSRX Internal SRX IoT SW Cluster Lighting web WiFi tracker • vSRX / NSX limits lateral threat propagation & web vSRX vSRX quarantines infected servers & IoT devices DMZ VLAN • SkyATP detection of infections • Lighting controllers & Additional sensors Wifi tracker Lighting app app Lighting • @ DC: infected app/web/db servers controllers • vSRX protocol conformance / enforcement DB_VLAN Wifi tracker Lighting db • Traffic policies enforced w/ v/SRX & switches db Additional sensors
Connected vehicles – SDSN solution THREATS • Disable connected vehicles SKY ATP Mobile • Weaponize connected vehicles packet core • Vehicle hijacking Perimeter SRX vSecGW VM5 Cluster • Theft of connected vehicle metadata vSRX VM4 vSRX CC IoT controller VM3 SOLUTION BEHAVIORS MEC server VM2 Internal SRX • Enforce network traffic flow policies Cluster Con-car vSecGW VM1 web vSRX • vSRX enforcing protocol conformance SDN MEC hub site • Sky ATP detects connected vehicle and server side app malware / ransomware Con-car app • Quarantine infected vehicles /server side apps Connected Vehicle Partner Solutions • 3 rd party • MEC for high performance / low latency Con-car db Policy Enforcer
IoT Infected Host Workflow – MEC and mobile 3 rd Party THREATS MOBILE HUB SITE SKY ATP Feeds • IoT botnet army recruitment TELCO JSA NFX250 SOLUTION BEHAVIORS CLOUD SDSN Policy vSRX IoT • SkyATP detection of infected IoT UEs Enforcer • C&C feeds Policy update for IoT App Service Chain • Policy per IoT device type Contrail Dynamic service • Enforce @ MEC with vSRX firewalls Network Perf App Service chains Orchestrator S1-U IP using infected host feed MEC server S1-U GTP vSRX IoT IoT App IPsec SRX SecGW Network Perf App SGi from EPC MX104
Recap SDSN SDSN FOR IOT IOT RANSOMWARE RANSOMWARE & MALWARE & MALWARE D etect, policy, S pecific detection Creating destruction Coming to an IoT enforce for IoT devices from optimization solution near you BE SAFE: PRACTICE SDSN
Thank you Thank you
Recommend
More recommend
