surviving the digital storm - cyber summit...
TRANSCRIPT
-
1©2019 Check Point Software Technologies Ltd.
Joel Hollenbeck, Director of EngineeringOffice of the CTO
Surviving the Digital StormIoT Security DELUGE
-
2©2019 Check Point Software Technologies Ltd.
Shadow/ Unmanaged Devices
ENTERPRISE IoT/OT ENVIRONMENT HAS GROWN INCREASINGLY COMPLEX
Smart Building/Office Devices
Operational Technology (OT)
Medical Devices
General IoTMany types of devices & vendors
Different protocols and behaviours
YOUR ORGANIZATION
?
?
?
?
?
?
-
3©2019 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees
-
4©2019 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees
-
5©2019 Check Point Software Technologies Ltd.
-
6©2019 Check Point Software Technologies Ltd.
ATTACK LANDSCAPE
•Triton –Tampering with SIS systems (ME)
Dec/2017
•Industroyer –High voltage station shut down using backdoors and IEC protocol flaws (Ukraine)
2016
•Black Energy –Cut off electricity via HMI remote control (Ukraine)
2015
•Energetic bear – 3 SCADA software suppliers infected (US/Europe)
2014
•Stuxnet –Uranium production centrifuges sabotaged by compromising SCADA system (Iran)
2009
•Slammer –Attacks SIS in nuclear plant (US)
2003
Nation states heavily involved
-
7©2019 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees
-
8©2019 Check Point Software Technologies Ltd.
IoT/OT DEVICES ARE VULNERABLE AND EASY TO HACK
June 19: Attacker can remotely manipulate infusion pumps, either to withhold meds or dispense too much.
BD Alaris Gateway Workstation
Infusion Pump
Rockwell Energy Smart MeterFeb. 19: Power monitors used by energy companies worldwide can be remotely manipulated by hackers.
Industrial Smart Meter
Chinese-Made CamerasAug. 19: Millions Of Chinese-Made Cameras Can Be Hacked To Spy On Users.IP Camera
-
9©2019 Check Point Software Technologies Ltd.
IoT/OT DEVICES ARE VULNERABLE AND EASY TO HACK
Weak Password
No Built-in Security
Difficult to Patch
Risk to IoT Devices Damage, manipulation, or Downtime
Risk to NetworksLateral movement infecting other systems
-
10©2019 Check Point Software Technologies Ltd.
TRADITIONAL SECURITY SOLUTIONS DON’T CUT IT…
YOU CAN’T PROTECT WHAT YOU CAN’T SEE,
OR UNDERSTAND…
Limited Visibilityinto IoT devices and their vulnerabilities
of IoT device behavior and security Needs Insufficient Knowledge
IoT specific threat intelligence is missingNo Threat Prevention
-
11©2019 Check Point Software Technologies Ltd.
IoT DEFENSESmart Security for Smart Devices
See All your Devices, their Attributes and Risk Level
IOT DISCOVERY & VISIBILITY
Minimize Attack Surfaces Without Disrupting Critical Processes
ZERO TRUST IOT
Block IoT Related Attacks
IOT THREAT PREVENTION
-
12©2019 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees
DISCOVER DEVICES CONNECTED TO YOUR NETWORK
Smart Office
Printers TV VOIP Phone
Smart Building
IP Camera Smart elevatorSmart Thermostat
Operational Technology (OT)
HMI PLC Barometer
Healthcare
MRI Infusion Pump Patient Monitor
-
13©2019 Check Point Software Technologies Ltd.
Dynamically Calculated Risk Score
[Internal Use] for Check Point employees
CLASSIFY DEVICESUSING UNIQUE IDENTIFIERS
Granular Device Attributes
Communication Patterns
-
14©2019 Check Point Software Technologies Ltd.
-
15©2019 Check Point Software Technologies Ltd.
Weak Password 1111
Functionality & SeverityCritical
Legacy Operating SystemWindows 95
CVECVE-2018-10601
Patient Monitor
No. Name Source Destination Service & Application Action
1 High Risk RISK=HIGH Any Any High Risk
2 Patient Monitor Patient Monitor External Zone Any Drop
IDENTIFY HIGH RISK DEVICES AND PROTECT THEM WITH RISK BASED ACCESS POLICY
Prevent From High Risk Patient Monitor To Communicate With The Internet
-
16©2019 Check Point Software Technologies Ltd.
ONVIF Protocol VMS
IP Camera
Smart Office IoT
IDENTIFY AND CONTROLIOT/OT PROTOCOLS AND COMMANDS
ModbusProtocol
Limited to only 4 specific
CommandsSCADA Server/HMI
PLC
OT
DICOMProtocol
MRI
PACS
Medical Devices
Source Destination Service & Application
IP CAM VMS ONVIF protocol
Source Destination Service & Application
MRI PACS DICOM protocol
Source Destination Service & Application
HMI PLC Modbus protocol - read input register
Modbus protocol - read holding registers
Modbus protocol - write multiple coils
Modbus protocol - write multiple registers
-
17©2019 Check Point Software Technologies Ltd.
A POLICY FOR EVERY IOT DEVICE ENTERPRISE IoT EXAMPLE
Application Authorized Traffic
IP Camera Video Management System
No. Name Source Destination Service & Application Action
1 IP CAM to VMS IP CAM VMS ONVIF Protocol Accepted
-
18©2019 Check Point Software Technologies Ltd.
Virtual Patching 300+ IPS Signatures
against IoT related Threats
Powered by
PROTECT VULNERABLE DEVICES WITHOUT THE NEED FOR PHYSICAL PATCHING
Infusion Pump IP Camera PLC
-
19©2019 Check Point Software Technologies Ltd.
Smart Office & Smart Building Protect your business from
corporate spying
IoT DEFENSENeeds to be Tailored to various IoT/OT Environments
Industrial Ensure Reliable and
safe operations
HospitalsEnsure patient safety and
data confidentiality
-
20©2019 Check Point Software Technologies Ltd.
-
21©2019 Check Point Software Technologies Ltd.
-
22©2019 Check Point Software Technologies Ltd.
SECURITY GW
IP Camera
IDENTIFY AND BLOCK UNAUTHORIZED ACCESSTO AND FROM IoT DEVICES
BlockxServer Update
V Allow
Video Management Server
V Allow
Internet
-
23©2019 Check Point Software Technologies Ltd.
POLICY ENFORCEMENT
zone 2zone 3
zone 1
§ Check Point security gateways are being deployed inside the network in order to enforce the IoT policy
§ Threat prevention engines including IPS, APPI and Anti-Bot are activated inside the security gateways in order to identify and block malicious traffic and malicious intents
North-south policy can be enforced through perimeter security gateway
East-west policy can enforced through internal segmentation security gateways