View
32
Download
0
Category
Preview:
Citation preview
DEALING WITH THE TSUNAMI OF UNMANAGED DEVICES
©2018 Armis Inc. All Rights Reserved.
Jamil (Jamie) Mneimneh, CISSP-ISSAP
Director, Solutions Architecture
Enterprise of “Things”
©2018 Armis Inc. All Rights Reserved.
Businesses can’t see 40% of the devices around them.
©2018 Armis Inc. All Rights Reserved.
©2018 Armis Inc. All Rights Reserved.
Office Environment
Health Care
©2018 Armis Inc. All Rights Reserved.
Manufacturing
©2018 Armis Inc. All Rights Reserved.
7
Traditional
EnterpriseManaged
Unmanaged
BYOD
(PC & Mobile)
Smartphones
Switches
Printers
VOIP
Point of Sale
Medical Devices
Manufacturing
Web, PCs and Servers
Laptops
Tablets
2010 2014 20202012 2016 2018
20 Billion
15
10
5
20
+ B
illio
n C
on
necte
d D
evic
es
Source: Gartner, BI Intelligence 2016
Unmanaged
and IoT
Access Points
Bluetooth
Security Cameras
Smart TVs
Smart HVAC
Smart Lighting
Protected/UnprotectedProtected Unprotected
©2018 Armis Inc. All Rights Reserved.
Explosive Growth in Enterprise “Things”
Meet The New (Insecure) Endpoint
©2018 Armis Inc. All Rights Reserved.
DesignedTo Connect
Hard to Update
NoSecurity
Hard to Discover
Billionsof Devices
ManyManufacturers
The Growing IoT Exposure
Symantec ISTR, 2018Gartner, World Wide Security Report, 2017
Gartner, BI Intelligence, 2017
25% More than 25% of identified attacks in Enterprises will involve IoT in 2020.
10% of new devices connected to your network will be manageable by traditional methods by 2020.
600% increase in IoT attacks from 2016 to 2017
©2018 Armis Inc. All Rights Reserved.
©2018 Armis Inc. All Rights Reserved.
©2018 Armis Inc. All Rights Reserved.
©2017 Armis – Confidential & Proprietary 12
6 EXPLOITSReal Stories, Never Published
©2018 Armis Inc. All Rights Reserved.
Compromised Tablet
©2018 Armis Inc. All Rights Reserved.
WHATUNAUTHORIZED VIDEO STREAMING
• 200 conference rooms, each had an tablet to control the video system
• The tablet in one conference room was streaming video and audio to unknown destination
• This represented a leakage of sensitive conversations.
Compromised Smart TV
©2018 Armis Inc. All Rights Reserved.
WHATATTEMPTING TO INFECT OTHER DEVICES
• Boardroom was equipped with a Smart TV
• Malware on the Smart TV was trying to infect nearby devices via Wi-Fi and Bluetooth.
Compromised Security Camera
WHATBOTNET ATTACK
• Security cameras on the network were compromised with a botnet
• Botnet was connecting to routers on the network, trying to compromise the routers.
Infected Healthcare Device
WHATENTRY POINT FOR WANNACRY
• MRI machine had an external internet connection for vendor remote support
• Running Windows XP -- unpatched since it would void the warranty
• Infected with WannaCry and trying to infect other Windows systems via SMB
Unauthorized Network Bridge
©2018 Armis Inc. All Rights Reserved.
WHATPRINTER ALLOWED ANYONE TO CONNECT
• A printer connected to the wired network had an open hotspot, allowing unauthenticated access to anyone.
Rogue Network Stealing Credential
©2018 Armis Inc. All Rights Reserved.
WHATTHEFT OF NETWORK CREDENTIALS
• A corporate device was connecting to a pineapple that was collecting Active Directory credentials or hashes
Can Spread From Device To Device
20©2018 Armis Inc. All Rights Reserved.
What is Your Security Strategy?
21
Smartphones
Switches
Printers
VOIP
Point of Sale
Medical Devices
Manufacturing
PCs and Servers
Laptops
Tablets
2010 2014 20202012 2016 2018
Access Points
Bluetooth
Security Cameras
Smart TVs
Smart HVAC
Smart Lighting
©2018 Armis Inc. All Rights Reserved.
Security agents, patch management,
firewalls, NAC
Mobile device management,
guest networks, VDI
Types of Endpoints
????????
Security Strategy
Network
Security
NAC Endpoint
Agent
Traditional Approaches Are Insufficient
©2018 Armis Inc. All Rights Reserved.
THE ARMIS SOLUTIONAgentless Security Platform
23©2018 Armis Inc. All Rights Reserved.
24
Agentless Security Platform
Discover Analyze Protect• Managed & unmanaged devices
• Wired and wireless
• On and off the network
• Risk & threat quantification
• Behavioral analysis
• Anomaly detection
• Remove suspicious devices
• Manually or per policy
• Inform firewall, SIEM, etc.
NO AGENT / HARDWARE FRICTIONLESS
No agent is required on devices for tracking and control. No hardware required.
Deploys in minutes. Integrates with existing infrastructure, firewall, and SIEM.
©2018 Armis Inc. All Rights Reserved.
25
Managed DevicesBYOD Devices IoT Devices Off-Network Devices
How Armis WorksFIREWALL NAC SIEM
WLC Switch Virtual App
EN
DP
OI
NT
SI
NF
RA
ST
RU
CT
UR
ES
ER
VI
CE
S
2
3
1 Discover and classify all devices – on network, off network, corporate, BYOD, IoT, rogue, Bluetooth, etc.
Analyze device behavior and compare to baseline for similar device types. Assess risk.
Protect by triggering WLC, NAC, switch, or firewall to block risky or attacking devices
©2018 Armis Inc. All Rights Reserved.
Armis threat analysis engine
Armis device knowledge base
Sample – Fortune 1K Company (1K Employees)
©2018 Armis Inc. All Rights Reserved. 26
• 1,212 Windows Machines
• 578 Servers
• 1117 Employee Phones
• 370 Tablets
• 213 Guest Phones
• 60 Smart TVs
• 10 Telepresence Systems
• 100 Printers
• 500 VoIP Phones
• 80 Switches
• 110 APs
• 150 Security Cameras
• 10 Gaming Consoles
• 140 Smart Watches
• 5 Digital Assistants
• 25 Smart Thermostats
• 20 HVAC Controllers
• 2 WiFi Pineapples
205 Unmanaged
587 Unmanaged
295 Unmanaged
5 Previously Unknown
78 Open Hot Spots
2 Sending Data To Unauthorized IP
4 on Guest Network
10 Possible Botnet Infections
17 Trying to Connect to other Devices
21 Unpatched Vulnerabilities
Connecting to Multiple Corp Devices
Device Knowledgebase
27
Device Tracking
Device Type
Behavior
Connections
Reputation
Version
Data-at-Rest
History
©2018 Armis Inc. All Rights Reserved.
6M UniqueDeviceProfiles
©2018 Armis Inc. All Rights Reserved.
Recommended