SDSN for IoT Stopping threats to the new IoT network Ben Baker - - PowerPoint PPT Presentation

sdsn for iot
SMART_READER_LITE
LIVE PREVIEW

SDSN for IoT Stopping threats to the new IoT network Ben Baker - - PowerPoint PPT Presentation

Oct 23, 2022 35 likes •312 views

SDSN for IoT Stopping threats to the new IoT network Ben Baker benbaker@juniper.net Legal Statement Regarding Current Products and Intentions This statement of product direction sets forth Juniper Networks current intention and is

slide-1
SLIDE 1

SDSN for IoT

Stopping threats to the new IoT network

Ben Baker – benbaker@juniper.net

slide-2
SLIDE 2

This presentation is subject to NDA stipulations

This statement of product direction sets forth Juniper Networks’ current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or functionality depicted on this statement.

Legal Statement Regarding Current Products and Intentions

slide-3
SLIDE 3

IoT Ransomware

slide-4
SLIDE 4

IoT – The Art of Optimization

Optimal outcomes

Billions o

  • f

de devices

slide-5
SLIDE 5

IoT – Security Threats

Destruction & Chaos

Billions o

  • f

de devices

slide-6
SLIDE 6

IoT ransomware – a flow chart…

Threatens destruction Malware infiltration

slide-7
SLIDE 7

DNS spoofing Default passwords Phishing attacks

Getting ransomware and malware into IoT networks

Both IoT devices and IoT application servers / supporting servers

IoT apps AEP CDP

slide-8
SLIDE 8

Real world examples of IoT malware / ransomware

Example 1: Thermostat ransonware

http://motherboard.vice.com/re ad/internet-of-things- ransomware-smart-thermostat

Example 2: Amazon cameras malware

http://www.securityweek.com/m alware-found-iot-cameras-sold- amazon

Example 3: Jeep remote control

https://www.wired.com/2015 /07/hackers-remotely-kill- jeep-highway/

slide-9
SLIDE 9

Targets for IoT Ransomware and Malware

IoT devices

Server side IoT

  • IoT application servers
  • Application Enablement Platforms
  • Connected Device Platforms

CDP servers App servers AEP servers

slide-10
SLIDE 10

Potential IoT ransomware

IoT Ransomware Impact Connected home mayhem Injury, destruction, death Misdirect connected cars Injury destruction, death Stop traffic lights Gridlock, mayhem, injury Medical device remote control Injury, death Deactivate water quality sensors Sickness, death Remote control of industrial IoT Injury, destruction, death

slide-11
SLIDE 11

Software Defined Secure Networks (SDSN)

slide-12
SLIDE 12

Perimeter Oriented Security

Complex Security Policies Lateral Threat Propagation Limited Visibility Hyper-connected Network Security at Perimeter

Perimeter

Outside (Untrusted)

Internal (Trusted)

slide-13
SLIDE 13

Software Defined Secure Network

Perimeter

Outside (Untrusted)

Inside (Also Untrusted)

Simplified Security Policy Block Lateral Threat Propagation Comprehensive Visibility Secure Network

Delivers Zero Trust Security Model

slide-14
SLIDE 14

Software-Defined Secure Network

Policy, Detection & Enforcement

Leverage entire network and ecosystem for threat intelligence and detection Utilize any point of the network as a point of enforcement Dynamically execute policy across all network elements including third party devices

Bottoms Up and Top Down Approach –

Network

Threat Intelligence

Enforcement Detection Enforcement Detection

Cloud-based Threat Defense Dynamic and Adaptive Policy Engine

Policy Campus & Branch DC

Public Cloud

Private Cloud

slide-15
SLIDE 15

Detection: Sky ATP

slide-16
SLIDE 16

Sky Advanced Threat Prevention to the Rescue

Simple Threats Opportunistic Attacks

Antivirus Solutions

Current solutions fail to protect

  • rganizations from sophisticated,

evasive attacks.

Security Gap

Targeted Attacks

Packing

Sophisticated Threats

Plain Virus Poly- morphic C&C Fluxing Persistent Threats Evasive Threats APT Solutions

Sky ATP

slide-17
SLIDE 17

Sky ATP Building Blocks

Cutting Edge Detection Techniques Threat Platform paradigm Rich Forensics and Reporting Shared Threat Intelligence

  • Machine

Learning

  • Sandboxing
  • Deception

techniques

  • Threat curation
  • Integration with

SIEM tools

  • Contextual

reporting and analytics

  • SRX firewall as

sensor and enforcement point

  • Layered

defense with ATP, IDP, Web filtering, AV

  • Open platform
  • RESTful APIs

to share and consume threat information in real time

slide-18
SLIDE 18

The ATP Verdict Chain

Staged Analysis: combining rapid response and deep analysis

Suspect file

1 2 3 4

Suspect files enter the analysis chain in the cloud

Cache lookup: (~1 second)

Files we’ve seen before are identified and a verdict immediately goes back to SRX

Anti-virus scanning: (~5 second)

Multiple AV engines to return a verdict, which is then cached for future reference

Static analysis 1st stage: (~5 second)

The static analysis engine does a deeper inspection, with the verdict again cached for future reference

Dynamic analysis: (~7 minutes)

Dynamic analysis in a custom sandbox leverages deception and provocation techniques to identify evasive malware. The 2nd stage Static Analysis run in parallel

slide-19
SLIDE 19

IoT specific Advanced Threat Detection

IoT devices

Many are Linux based Sky ATP: static & dynamic analysis for IoT malware Will be tailored for specific devices & applications

IoT servers

Based on Windows or Linux Juniper Policy Enforcer can stop East-West propagation

CDP servers App servers AEP servers

SkyATP supports 3rd party detection integration

slide-20
SLIDE 20

SDSN Solutions to IoT Threats

slide-21
SLIDE 21

Enterprise IoT infection – SDSN solution

SOLUTION BEHAVIORS

  • SkyATP detection of infected IoT UEs
  • C&C feeds
  • Policy per IoT device type
  • Enforce @ JNPR routers, switches,

firewalls using infected host feed

  • 3rd party remediation of infection

CAMPUS Policy Enforcer

End Point Security Partner Solutions Remediation of infection Detect Infected Hosts SRX Series Cluster

Access Core / Distribution

🚬

Internet

SKY ATP 3rd Party Feeds SRX Policy & Feeds Switch ACLs

SD ND

THREATS

  • Lateral threat propagation
  • IoT botnet army recruitment
slide-22
SLIDE 22

Smart city connected buildings – SDSN solutions

DATA CENTER

INTERNET

HVAC web Lighting web

vSRX vSRX vSRX vSRX

Lighting app HVAC app HVAC db Lighting db Perimeter SRX Cluster Internal SRX Cluster

DB_VLAN DMZ VLAN DMZ VLAN

Connected bldg

HVAC IoT Smart lighting IoT

vSRX NFX

THREATS

  • Malware / ransomware targeted at IoT devices
  • IoT device traffic “wandering”
  • IoT devices attacking IoT servers

SOLUTION BEHAVIORS

  • SDN w/NFX & Contrail to service chain vSRX
  • vSRX / NFX limits lateral threat propagation &

quarantines infected servers & IoT devices

  • SkyATP detection of infections
  • @ Connected building: infected IoT
  • @ DC: infected app/web/db servers
  • vSRX protocol conformance / enforcement
  • Traffic policies enforced w/ v/SRX & switches
slide-23
SLIDE 23

Smart city lighting – SDSN solution

DATA CENTER

INTERNET

WiFi tracker web Lighting web

vSRX vSRX vSRX vSRX

Lighting app Wifi tracker app Wifi tracker db Lighting db Perimeter SRX Cluster Internal SRX Cluster

DB_VLAN DMZ VLAN DMZ VLAN

vSRX NFX IoT SW

Lighting controllers

THREATS

  • Malware / ransomware targeted at IoT devices
  • IoT device traffic “wandering”
  • IoT devices attacking IoT servers

SOLUTION BEHAVIORS

  • SDN w/NSX & Contrail to service chain vSRX
  • vSRX / NSX limits lateral threat propagation &

quarantines infected servers & IoT devices

  • SkyATP detection of infections
  • Lighting controllers & Additional sensors
  • @ DC: infected app/web/db servers
  • vSRX protocol conformance / enforcement
  • Traffic policies enforced w/ v/SRX & switches

Additional sensors

slide-24
SLIDE 24

Connected vehicles – SDSN solution

SOLUTION BEHAVIORS

  • Enforce network traffic flow policies
  • vSRX enforcing protocol conformance
  • Sky ATP detects connected vehicle and server side app

malware / ransomware

  • Quarantine infected vehicles /server side apps
  • 3rd party
  • MEC for high performance / low latency

Mobile packet core

Con-car db Perimeter SRX Cluster Internal SRX Cluster Con-car web

vSRX vSRX

Con-car app

VM1

vSecGW

VM2

MEC server

VM3

vSRX SKY ATP vSecGW CC IoT controller

VM4 VM5 SDN MEC hub site

THREATS

  • Disable connected vehicles
  • Weaponize connected vehicles
  • Vehicle hijacking
  • Theft of connected vehicle metadata

Connected Vehicle Partner Solutions

Policy Enforcer

slide-25
SLIDE 25

IoT Infected Host Workflow – MEC and mobile

THREATS

  • IoT botnet army recruitment

SOLUTION BEHAVIORS

  • SkyATP detection of infected IoT UEs
  • C&C feeds
  • Policy per IoT device type
  • Enforce @ MEC with vSRX firewalls

using infected host feed

SDSN Policy Enforcer

SKY ATP 3rd Party Feeds

Policy update for Service Chain Dynamic service chains Contrail Service Orchestrator

MOBILE HUB SITE

SRX SecGW IPsec MEC server S1-U GTP S1-U IP IoT App vSRX IoT NFX250

TELCO CLOUD

Network Perf App Network Perf App IoT App SGi from EPC vSRX IoT

JSA

MX104

slide-26
SLIDE 26

Recap

BE SAFE: PRACTICE SDSN

SDSN Detect, policy,

enforce

SDSN FOR IOT Specific detection

for IoT devices

IOT RANSOMWARE & MALWARE

Creating destruction from optimization

RANSOMWARE & MALWARE

Coming to an IoT solution near you

slide-27
SLIDE 27

Thank you Thank you