Mr Philippe Roggeband
CISCO
Securing the Internet of Everything
Notes by Paul Fischer
Security not as a noun, but as an adjective. It must be attached to everything we do.
Opportunity to share with an audience the work in the cybersecurity space and also to listen, to learn, within the specific constraints of national security.
The people we are facing are highly paid professionals, they make higher salaries than we do. They get caught and after a few years in prison work for us as consultants.
I was recently in Dubai, and the cyber field was described as a graph with the skill level of the hackers and the focus of the hackers being the variables. Spearfishing, with one but not the other is not dangerous, but we need to concentrate on those who have both. Automation is possible for low skilled stuff, but the resources are needed for higher skilled efforts
Why does it happen? It is lucrative. It is lucrative because there is money, a Facebook account is worth about a dollar for each 15 friends. More and more devices connect, and bring formidable growth in efforts of conspiracy
application specific hacking and technology should be used with new objects, cross app of the tech will solve this problem.
Industrial control systems are a totally different beast. Isolated networks nonstandard, developed years ago…
Critical infrastructure were once isolated but no longer, and defense is paramount. A German attack on a steel factory >> physical damage to the control systems.
Specific constraints, there can be no latency because there is a loop form to the code, any blocking of traffic can result in disaster (i.e., a control valve cannot be delayed when temp is changing), so IT solutions must be adapted for application in an industrial sense.
Next generation TVs with cameras will also create challenges, these techs offer promise, but also must be protected vigilantly.
Creation of the connected battlefield. Not possible without the paramount protections being offered to the field. There is no guarantee they can be 100% secure, but it may be possible to reduce problems. We have many partners, many of whom are committed towards creating such a battlefield, that are also helping to develop tech. For network segmentation, intro of latency, other points to develop this concept.
Analysis of app level data or metadata can allow understanding of patterns in normal actions and warrant intercept actions on abnormal behaviors
The concept of being watched too much is somewhat of a generation thing
In the former generation, there is an assumption that everything made is private unless made public, in this generation that assumption has changed
3 phases
Before you are attacked (two types of firms, those who know they have been compromised and those who do not know they have been compromised)
Deploy tools to decrease attack surface and vulnarability level. This will not stop the attack ,but make the hacckers job more difficultP
Phase two: detect the attack.
Low-skilled attacks warrant no effort, they will be detected.
Finally, the after phase, what has to be done after the attack has been detected and contained. Forensics and investigations Back to the before phase…
Don’t just change the locks, but check under the bed for an accomplice of the villain.
CISCO uses TALOS to scout for attacks and to inform consumers of the attacks. Security architecture against the threat of the month, do not present a manageable premise…
Consistency is key to achieving success in security.
The first thing is to establish a context when there is access authenticated to a network
Where how time, etc, if no authentication it must be profiled, and if authenticated, a granular image of the user is uploaded.
Sometimes data can be in a grey zone of action, a device or a file.
Then we initiate device lateral tracking or file lateral tracking. This tells us every device or file that the file uploaded to or device connected to. This allows us after TALOS determines that an attack occurred somewhere to clean up and destroy all traces of the attack.
Growth rate of new attacks on android is hitting 800% per year, which presents a new crisis for us and we have been put in a permanent catch up situation. Hackers have identified the system as lucrative in nature.
Bring visibility on what is happening by leveraging the network, extracting everything from the fabric,
consistent control, a single source of truth on the topic
Advanced threat protection and intelligence, because no one can match the firepower of TALOS
Finally, reduce the complexity of the system through an architected approach.