Security in IT & Automatisierung

Similar documents

The Internet of Things:

The Internet of Things (IoT) and Industrial Networks. Guy Denis Rockwell Automation Alliance Manager Europe 2015

CONECTIVIDAD EN LA ERA DEL IOT THE INTERNET OF THINGS

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Securing The Connected Enterprise

Cisco ASA und FirePOWER Services

Manufacturing and the Internet of Everything

Cisco die richtige Architektur für Big Data und Internet of Things Josephine Bruggeman - CISCO April 20th, 2015

REFERENCE ARCHITECTURES FOR MANUFACTURING

Cisco Security: Moving to Security Everywhere. #TIGcyberSec. Stefano Volpi

Network Security Trends & Fundamentals of Securing EtherNet/IP Networks

Huawei One Net Campus Network Solution

PR03. High Availability

Scalable Secure Remote Access Solutions

T46 - Integrated Architecture Tools for Securing Your Control System

Recommended IP Telephony Architecture

Das sollte jeder ITSpezialist über. Automations- und Produktionsnetzwerke wissen

Physical Infrastructure for a Resilient Converged Plantwide Ethernet Architecture

HEC Security & Compliance

Cisco Fog Computing Solutions: Unleash the Power of the Internet of Things

Industrial Security in the Connected Enterprise

Threat-Centric Security for Service Providers

Building A Secure Microsoft Exchange Continuity Appliance

AUP28 - Implementing Security and IP Protection

SourceFireNext-Generation IPS

Aluminium Smelter Benefits from New Approach to Networking

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

IP Telephony Management

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Injazat s Managed Services Portfolio

Secure Remote Support

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Firewall Environments. Name

AUP28. Implementing Security In Integrated Architecture Practical security solutions for Industrial Control System (ICS)

Network Security. Outlines: Introduction to Network Security Dfii Defining Security Zones DMZ. July Network Security 08

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

Remote Management Services Portfolio Overview

- Introduction to PIX/ASA Firewalls -

Industrial Security Solutions

Cisco Small Business ISA500 Series Integrated Security Appliances

Computer System Security Updates

Cisco IOS Advanced Firewall

How To Protect Your Network From Attack From A Network Security Threat

Cisco Security Strategy Update Integrated Threat Defense. Oct 28, 2015

BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective

How the Internet of Things Will Transform the Manufacturing Industry

Overcoming Security Challenges to Virtualize Internet-facing Applications

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

1 Network Service Development Trends and Challenges

Connected Manufacturing

Requirements When Considering a Next- Generation Firewall

Scalable Secure Remote Access Solutions for OEMs

Choosing the correct Time Synchronization Protocol and incorporating the 1756-TIME module into your Application

Discounted Pricing MANAGED SECURITY SERVICES

Production Software Within Manufacturing Reference Architectures

Is Your Network Ready for the ipad?

NETE-4635 Computer Network Analysis and Design. Designing a Network Topology. NETE Computer Network Analysis and Design Slide 1

Achieving Secure, Remote Access to Plant-Floor Applications and Data

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

Unified Threat Management, Managed Security, and the Cloud Services Model

Cisco Advanced Services for Network Security

Internet Content Provider Safeguards Customer Networks and Services

Securing Virtual Applications and Servers

City of Coral Gables

Cloud Managed Security with Meraki MX

Fog Computing and the Internet of Things: Extend the Cloud to Where the Things Are

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

Virtual Privacy vs. Real Security

Top-Down Network Design

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

ACME Enterprises IT Infrastructure Assessment

ENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS. Version 2.0

Cisco ASA 5500 Series Firewall Edition for the Enterprise

Readiness Assessments: Vital to Secure Mobility

Data Center Network Evolution: Increase the Value of IT in Your Organization

WAN Traffic Management with PowerLink Pro100

The Cisco ASA 5500 as a Superior Firewall Solution

Chapter 1 The Principles of Auditing 1

Scalable, Secure Remote Monitoring Solutions Stay a step ahead by remotely monitoring your critical assets

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Introduction to Cloud Networking. Meraki Solution Overview

Session 14: Functional Security in a Process Environment

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

Cisco Network Switches Juniper Firewall Clusters

IT Networking and Security

Key Considerations for Operationalizing the Connected Industrial Enterprise

Cisco Cloud Web Security

Technology Trends in the Current Economic Scenario. A 3Com Presentation, Manoj Kanodia CEO

Cisco Actualtests Exam Questions & Answers

Transcription:

Security in IT & Automatisierung Welten wachsen zusammen und ermöglichen Industrie 4.0 Manfred Bauer manbauer@cisco.com April 2015

Informations Technologie Automatisierung Menschen Maschinen Sicherheit von Informationen Verfügbarkeit, Verlässlichkeit Schutz von Mensch und Material

Das Security Problem Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation

Prioritäten in IT und Automatisierung Policy IT Network OT Network Focus Protecting Intellectual Security in Property IoT networks and 24/7 is Operations, crucial as High people, Overall Company communities, Assets and financial Equipment systems could Effectiveness be negatively Priorities 1. Confidentiality impacted by cyber/physical 1. Availability security breaches 2. Integrity 2. Integrity 3. Availability 3. Confidentiality Types of Data Converged Network of Data, Voice Converged Network of Data, Control, Traffic and Video Top priorities are availability, Information, safety, and Safety ease-of-use and Motion Access Control Strict Network Authentication, Strict Physical Access, Simple Network Strict Access Policies Device Access Implications of a Continues to Operate Could Stop Operation Device Failure Threat Protection Shut Down Biggest Access pain to Detected point is the management Keep Operating of with who, a Detected what, Threat Threat where, when, and how (people, and Manage data, devices, and Upgrades ASAP During Uptime processes) Scheduled During Downtime IP Addressing Dynamic Static

Security bedeutet Access Control Data Confidentiality and Privacy Threat Detection and Mitigation Device and Platform Integrity Policy Management Operation Reliability & Safety

Wir müssen Security ganzheitlich betrachten Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Cloud Point in Time Continuous

Function Devices Was müssen wir ändern? Internet Informationstechnologie (IT) Intranet Automatisierung (OT) Remote Expert Secure Third Party Access Data Center IT Clients Global Location Routing separated from Intra Plants Plant wide selective Access to Machine Machines Selective Access to Function Devices DMZ Global IT Selective Authentication Authorization DMZ Plant IT End2End Security Architecture Selective Authentication Authorization Isolated or Indus. FW Authorization A process of days Rechenzentrum End to End IT Secure Controlled Zentrale Connectivity Security and Zweigstelle Computing Demands Isolated Anlage Seamless world Network of OT Vor Concepts Ort

Function Devices The Main Problem with separated OT/IT Networks Internet Intranet Remote Expert Secure Third Party Access Data Center IT Clients Global Location Routing separated from Intra Plants Plant wide selective Access to Machine Machines Selective Access to Function Devices DMZ Global IT DMZ Plant IT Isolated or Indus. FW Selective Authentication Authorization Selective Authentication Authorization Authorization A process of days IT Controlled Security Isolated/confuse world of OT

Demands Cross Domain Data Management People Data Locations Process Machines Things Network Devices Ports Function Devices Internet Data Center IT Clients Classical IT Responsibility Plants Machines Classical OT Responsibility End to End Secure Connectivity and Computing Demands Seamless Network Concepts The secure entity management reach a new magnitude of scale

Identity Services Advanced Threat Detection & Response Ein Beispiel die vernetzte Fabrik Enterprise Network Levels 4 5 Demilitarized Zone Level 3.5 Manufacturing Zone Level 3 Factory Application Servers Cell/Area Zone Levels 0 2 Firewall (Active) Gbps Link for Failover Detection Core Switches Aggregation Switch Firewall (Standby) Internet Web Apps DNS Access Switch FTP Network Services Patch Mgmt. Terminal Services Application Mirror AV Server ISE Cloud-based Threat Protection Network-wide Policy Enforcement Context based Access Control (application-level, who, when, where) VPN & Remote Access Services Next-Generation Firewall NG Intrusion Prevention (IPS) Advanced Malware Protection Stateful Firewall NG Intrusion Protection/Detection (IPS/IDS) Physical Access Control Systems Drive Controller HMI Distributed I/O Cell/Area #1 (Redundant Star Topology) Layer 2 Access Switch Controller Cell/Area #2 (Ring Topology) HMI Drive HMI Distributed I/O Cell/Area #3 (Linear Topology) Controller Drive Ruggedized NG Firewall Ruggedized NG Intrusion Protection (IPS) Remote Monitoring / Surveillance SW, Config & Asset Mgmt

Cisco Cross Domains Firewall Solutions ASA 5585X ASA 5512-5555X ISA 4000 ASA 5506 ASA 5506H ISA3000 FireSIGHT Network Firewall Intrusion Prevention Apr. 2015 Apr. 2015 Oct. 2015 HQ / DC Plant Internet Intranet Data Center IT Env. Internet VPN IT Env. Intranet IT Env. VPN Branch / Thing Mod. Env. VPN Thing Indus. Env. URL Filtering Ad. Malware Protection Management & Analytic IT Environmental: - Air Condition (5-40C) - Clean LAN Shop Floor Indus. Env. Moderately Environmental: - Room Air (0-50C) - Commodity Conditions Machine Thing Indus. Env. Industrial Environmental: - Ext. Temp. (-20-65C) - Shop Floor Conditions - Vibration / Pollutant All devices support all functions with highlighted features are normally covered from central functions

Cisco Connected Factory Lösung Einheitliche Architektue für die Automatisierung (ruggedized Industrial Ethernet, OT) und IT (Enterprise IT Network network) End-2-End Architektur, speziell designed, getestet und validiert für IT und die Automatisierung Verbinden von Business Applikationen mit Industriellen Systemen Auf Standards basierte Industrie Ethernet Switching und Security Services Einbinden von Unified Communication, Wireless und Rechenzentrumstechnologie

Beispiel Fernwartung Service and Support Maschinenbauer/Anlagenbauer Inter/Intra Net Second and Third Level Support Abteilung Kommunikation Produktion Visualisierung Cisco Unified Communication und WEBEX

Beispiel Identity Management Cisco ISE Data Center IT Clients Identity Services Engine Plants

Beispiel Remote Site Management Go-to-Market Clear Business Outcomes Whole Offer Cisco + azeti Networks + Channel Partners ROI + CVD + Customer POC + + Accelerate Starter kits Starter Kits EMEA IoT Sales Support Coverage Solution SKUs Simple to order and buy Integration Platform Asset Optimization Safety and Security Downtime reduction Risk Management Remote Assets Management First 3 rd party IoT applications to run on Cisco Cloud Services First planned application for DSX in openberlin

Cisco Internet of Things Portfolio Manufacturing Mining Energy-Utility Oil and Gas Transportation City Defense SP/M2M Connected Factory Connected Train City Safety and Security Energy Distribution Automation Connected Well Industrial Switching Industrial Routing Industrial Wireless Field Network Embedded Networks Connected Safety & Security Digital Media IE 2000 IE 3000 CGS2000 IP67 IE 5000 IE 4000 CGR 2000 ASR 903 Field AP - 1552 Industrial AP (Rockwell) Field AP - IW 3700 802.11ac Positive Train Control CGR 1000 819H IR910 IR 509 829H 809H 5900 ESR, ESS 2020 Switches 5921 ESR Software Router Video Surveillance Manager and IP Cameras Physical Access Manager DMM Digital Media Manager Digital Media Processors IoT Security Application Enablement [Fog Computing/IOx] Management

Für Ihren Erfolg Use Cases Security Innovation http://www.cisco.com/web/offers/lp/2015-annual-security-report/index.html

Manfred Bauer manbauer@cisco.com IOT Sales Lead Germany