Defense-in-Depth Security for Enterprise IoT

Transcription

1 Defense-in-Depth Security for Enterprise IoT Addressing the fundamental vulnerabilities of IP communications Host Identity Protocol is recognized by the Internet Engineering Task Force (IETF) community as the next possible big change in IP architecture Andrei Gurtov: Senior member of IEEE and ACM, and co-chair of the HIP Research Group at the Internet Research Task Force (IRTF)

2 Executive Summary The intensity of cyber attacks and proliferation of devices and non-traditional endpoints has radically changed the security environment from what it was just three years ago. As the global backbone of commerce and communications, IP networks are critical to virtually every enterprise s business operations, and yet the growing regularity and scope of breaches show that traditional security approaches are failing to protect these IP networks. In this new era of highly sophisticated hacking and profit-driven cyber crime, enterprises face new, even more daunting security challenges. The rapid increase in the number of IP-enabled devices is increasing the complexity of networks and infrastructure and expanding enterprise organizations attack surface. The IT expertise required to manage security configurations and policies is extremely costly and the demand continues to outpace the number of qualified IT professionals. CISOs must look to more efficient and automated cyber security approaches that require less manual configuration and maintenance, thereby significantly reducing the risk for human errors. A scalable and flexible network architecture Tempered Networks provides a solution that addresses the fundamental vulnerabilities of IP-based communications with a completely different approach to cyber security. By cloaking business critical systems and high value endpoints and assets, our solution effectively renders them invisible to all except trusted devices and systems. Vulnerability to APT (advanced persistent threats) and zero day attacks is significantly reduced, because the device footprint is cloaked; undetectable from the underlying network. Automated orchestration of security policies and trust relationships reduces human error and delivers enterprise scale requirements. The result: organizations can easily achieve network micro-segmentation that is less complex, more cost-efficient, and incredibly secure. Our solution is a Defense-in-Depth model that includes the highest level of encryption (AES-256), built-in trust management, and advanced micro-segmentation to secure your high value business-critical infrastructure, endpoints and assets. It is an additional layer of security complementary to your existing infrastructure and security solutions, while requiring no rip and replace so that you preserve your current investments. Understanding the Challenges Competitive enterprises today are seeking to balance the undeniable benefits of increased connectivity to streamline operations, improve services delivery, and leverage Big Data analytics, with the need for stronger security. The landscape of IP-enabled devices is exploding and bringing the promise of operational efficiency and innovation to organizations across all industries. At the same time, enterprises are faced with the ever-increasing cost and complexity of deploying and managing security solutions that struggle to keep up with the growing sophistication and volume of cyber-security threats. Nearly 9 out of 10 large organizations surveyed now suffer some sort of security breach suggesting that incidents are now a near-certainty. PwC, 2015 Information Security Breaches Survey It is becoming evident that continuing to apply more of the same traditional approaches to cyber security is having diminishing returns. Many enterprises are recognizing the need for new solutions temperednetworks.com Tempered Networks - Seattle, WA 1

3 that provide both fundamentally stronger protection against new threats and better operational efficiency to reduce complexity and the margin for human error. Vulnerable endpoints are increasing the attack surface More and more devices are being connected onto networks within organizations, from medical devices and building automation to ATMs and RFID-enabled inventory. Tempered Networks refers to this as the Commercial Internet of Things, where the use of devices that connect across IP networks is producing real business opportunities. These devices, including non-traditional endpoints, vary widely but share some common traits, including: Geographic distribution: Devices are everywhere, from remote sensors on farming equipment to law enforcement IP security cameras to home healthcare monitors. These connect to the corporate network and can be the entry point for an attack. IP-enabled: TCP/IP has no built-in security, so every device requires proper protection. Legacy software: Some of these devices run on old, unpatchable operating systems and/or cannot run endpoint security software All of these endpoints give hackers a larger surface to attack and more opportunities to penetrate the broader network. And every time new equipment is integrated or consolidated, additional configurations are required, making the network more brittle and vulnerable to attacks. 75 % of IT security professionals believe that mobile endpoints have been the target of malware at their organization over the past 12 months Ponemon Institute, 2015 State of the Endpoint Report Cost and complexity work against security Solving cyber-security problems has historically meant purchasing more firewalls, which then requires additional, skilled technical staff to maintain. However, with the expansion in the volume and sophistication of attacks, the huge growth in the number of devices being protected, and the growing skills gap in IT cyber security, this approach is simply unrealistic. Even if an enterprise has the budget to hire more security experts, it is not uncommon for those positions to remain unfilled due to a lack of qualified candidates. of business executives and law enforcement services surveyed say that 26 % they have the cyber-security expertise they require in-house CSO, 2015 US State of Cybercrime Survey As a simplified example of the complexity involved, for each and every device, administrators have to set up the appropriate firewall and security policies, ensure that connectivity to each device is enabled, and make sure the security configurations are set correctly. Multiply this effort by tens of thousands of endpoints, and it becomes a massive, costly undertaking with a greater potential for error. The more complex a system becomes, the greater the opportunity is for breach or malware penetration into the larger or distributed network. 95 % of all security incidents involve human error. IBM Study, 2014 Cyber Security Intelligence Index temperednetworks.com Tempered Networks - Seattle, WA 2

4 Defining a New Approach to Security Enterprises will need to identify and implement new strategies to solve the problems that previous security solutions have been unable to handle. Creating a successful model starts with defining the principles that are needed to overcome the challenges faced. Operational efficiency, flexibility and scalability are critical Minimizing operational complexity is essential to implementing an appropriate cyber-security solution because it allows organizations to be more agile. Today s firewalls and many other security systems involve tremendous complexity, and in most cases require staff with specialized, ongoing skills that may be difficult to acquire and retain. In addition, the sheer number of devices being protected is skyrocketing with the Commercial Internet of Things. Successful security solutions must allow for massive scalability at a reasonable cost and be easy to manage by less specialized staff. Security must stay ahead of the attacker s process Using a kill chain model (figure 1) to map the course of advanced persistent threats (APTs), today s sophisticated hacker begins with a reconnaissance phase, scouting out the target system to find vulnerabilities. Figure 1: Kill chain model 1. Recon: Probing and harvesting information 2. Weaponize: Coupling a specific exploit with a backdoor into a deliverable payload 3. Deliver: Deliver the weaponized bundle via channel (e.g. , web, USB) 4. Exploit: Exploit a vulnerability to execute code on victim s systems 5. Install: Install malware on identified asset(s) 6. Command/Control: Command channel for remote manipulation 7. Action: Ex-filtrate content/objective There are several places along the kill chain where an attack can be stopped or mitigated, however, the most efficient and effective place is at the reconnaissance stage. A New Trust Model The root cause of most TCP/IP architecture challenges stems from the fact that IP addresses are used in two places: identifying the traffic and identifying the host. When originally developed, the priority was on connectivity rather than security, as end users and endpoints are assumed to be mutually trusting. TCP/IP was never designed to be secure; consequently, we re left with a protocol that is incredibly reliable, yet completely insecure from the start. Tempered Networks has developed a solution that reverses this trust model. Our platform uses the Host Identity Protocol (HIP), developed by the Internet Engineering Task Force (IETF) to address the vulnerabilities created by the dual use of IP addresses. HIP is an IETF workgroup-specified alternative to temperednetworks.com Tempered Networks - Seattle, WA 3

5 traditional encryption methodologies, and has been in development since the mid-90s in coordination with a collection of larger companies, including Ericsson, Verizon, Yokogawa, Boeing, Shell, and others. The next significant change in IP communications Recognized by the IETF community as the next possible big change in IP infrastructure, HIP separates the identity of a host from its location by replacing IP addresses with cryptographic identity addresses. HIP effectively decouples the transport layer from the network layer, and allows the upper layers of the stack to use a Host Identity (HI) in their socket APIs instead of an IP address. HIP establishes secure end-to-end communications between cryptographic identities and binds local and remote application interfaces to these identities (Figure 3). Figure 3: HIP-based security appliances create a mutually-authenticated, certificate-based Encapsulating Security Payload (ESP)-protected bridge between each other. Device packets are encrypted (AES-256) and encapsulated, therefore resistant to denial-of-service (DoS) and man-in-the-middle (MitM) attacks. A Well-Tempered Network Purpose-built: Reduce Attack Surface & Simplify Networks The Tempered Networks solution offers a fundamentally new approach to cyber security that can immediately help organizations improve their security posture and simplify their networks. We provide the operational efficiencies that are needed to protect enterprise infrastructure in today s environment, while enabling a highly flexible network architecture. Secure by default Our technology originated in the defense and aerospace industry, where state-sponsored attacks occur on a regular basis and the cost of downtime exceeds $1 million per hour. In production for over 10 years and just recently commercialized for the broader market, the solution provides a cloaking technology for mission-critical enterprise infrastructure, including non-traditional devices that cannot protect themselves (e.g. cannot run endpoint security). Leveraging HIP makes the Tempered Networks solution is secure by default: trust is baked in, rather than relying on bolted-on components to become secure. Using cloaking to stop attacks before they start Tempered Networks has developed a purpose-built security platform that cloaks critical systems and endpoints by establishing secure communications between cryptographic identities. Tempered Networks HIPswitch security appliances (physical or virtual) are deployed in front of any IP-connected devices and systems to create private, encrypted overlay networks. Starting with zero trust, the solution allows users to whitelist devices for explicitly trusted and encrypted communications between HIPswitch appliances. Devices that sit behind HIPswitch appliances are cloked: undetectable from the underlying network. Cloaking assets is a highly effective and secure temperednetworks.com Tempered Networks - Seattle, WA 4

6 means of preventing attacks because it renders the attacker unable to see or identify the protected assets, thereby significantly reducing the opportunity for DDoS and Man-in-the-Middle (MitM) attacks. Malware or network breaches cannot detect infrastructure or endpoints that resides behind the HIPswitches, making APT much more difficult to accomplish. Our solution provides a way to shut down attacks at the beginning of the kill chain before recon can even occur (figure 2). Figure 2: Kill chain model Raising the bar with automated orchestration Fundamental to Tempered Networks unique approach is the simplicity and scalability of the platform. The solution s user interface (UI), running on the HIPswitch Conductor orchestration engine, facilitates centralized governance of the solution and was specifically developed to drastically reduce the risk for human error. Coordination and configuration of distributed HIPswitches is done through the UI s drag-and-drop functionality, which allows IT administrators to easily manage the entire solution. Role-Based Access Control IT departments can maintain centralized governance, while controlling levels of control and access to specifically designated departmental or line-of-business teams. By segmenting and isolating critical infrastructure, IT staff can give operations personnel compartmentalized governance to high value assets, without running the risk of compromising the shared network. What this means for you Stronger security and a more agile network with micro-segmentation In alignment with standards such as PCI-DSS, HIPAA, IEC 62443, and DHS ICS-CERT, network segmentation involves partitioning the network into smaller networks, or what Tempered Networks refers to as micro-segmentation through private overlay networks. By partitioning the larger network into multiple smaller networks, Tempered Networks solution goes above and beyond segregating and inspecting communications, adding availability, integrity, and confidentiality (encryption) protection as critical data and information traverse the network. Micro-segmentation of the network also enhances security by providing the ability to constrain administrators access to only the specific segment(s) of the network they are responsible for. Security at scale The Tempered Networks solution enables organizations of any size to implement hardened security to protect enterprise infrastructure without the tedious complexity that is typically associated with configuring and managing firewalls, VPNs, VLANs, etc. For example, a hospital that has a broad range of systems, such as electronic medical records and healthcare equipment from many different manufacturers, can protect the full array of critical assets with one solution. By segmenting and isolating systems and devices, IT staff can establish compartmentalized access temperednetworks.com Tempered Networks - Seattle, WA 5

7 and control of thousands of assets while maintaining centralized governance and without running the risk of compromising the shared network. Simplified management and operational efficiency By facilitating and automating the deployment, management, and maintenance of any number of connected devices on the trusted overlay network, the Tempered Networks solution minimizes the cost and complexity of ensuring secure connectivity. With so many devices and systems needing protection, the simplicity and automation that the Tempered Networks orchestration engine provides helps enterprises overcome the challenges that complexity and human error can bring to the business. The simple user interface makes it possible to empower non-technical staff to manage specific overlay networks, alleviating the demand for advanced IT security resources. Preserve legacy investments Because the solution works independent of any topology or underlying network, it is able to provide both hardened security and tremendous flexibility two goals that are often at odds when attempting to implement secure connectivity. Legacy systems such as HVAC, medical equipment, and ATMs that are running on unpatchable OSs or cannot run endpoint security software can be protected without complex configurations and on a completely vendor-agnostic basis. The solution also works over any network including cellular, WiFi, wired Ethernet, and/or satellite communications networks, so existing networks can be fully leveraged. To that end, enterprises can potentially reduce communications expenses by replacing costly MPLS or T1 lines with HIPswitches and a broadband Internet line. The Next Step Forward IT leaders accountable for minimizing their organization s risk profile are facing heavy decisions and potentially dire consequences should a breach expose sensitive data and assets and/or disrupt revenue. Doing more of the same using bolted on security solutions requiring more skilled, expensive IT staff-- is a losing strategy. Defense-in-depth cyber-security practices must incorporate new methods that have security baked in from the start and that are sustainable for long-term protection, management, and business agility. The Tempered Networks solution enables enterprises to protect their business-critical systems and comply with industry mandates and guidelines for cyber security regardless of size or degree of cyber-security risk or sophistication. Reducing IT complexity through automation of security policies and simplifying ongoing network configuration is the effective way to stay ahead of attackers. With Tempered Networks, enterprises can leverage existing infrastructure and immediately create cloaked overlay networks that protect specific infrastructure and endpoints within the network. If malware or a network breach occurs on the underlying network, threat actors are thwarted in performing reconnaissance on cloaked infrastructure, as devices behind HIPswitches are invisible except to explicitly trusted peers within a specific overlay network. Tempered Networks enables organizations to apply the principles and best practices of risk management to improve the security and resilience of enterprise infrastructure while making more efficient use of available resources. temperednetworks.com Tempered Networks - Seattle, WA 6