11
IoT Security Patterns Mark Benson, CTO @markbenson

IoT security patterns

  • Upload
    exosite

  • View
    1.177

  • Download
    0

Tags:

Embed Size (px)

Citation preview

Page 1: IoT security patterns

IoT Security Patterns

Mark Benson, CTO

@markbenson

Page 2: IoT security patterns

The IoT opportunity

Recent Economist survey:

Expect their company to be using IoT within 3 years

“IoT is our single biggest threat AND biggest

opportunity over the next 10 years” – Brand-name fortune

500 board of directors*Source: ABI Research, Cisco, Craig Hallum Estimates

0

2

4

6

8

10

12

14

16

18

20

$0

$50

$100

$150

$200

$250

Dev

ice

sB

illio

ns

Mar

ket

Size

Bill

ion

s

Big Data Analytics (53%CAGR)

Connected Device Platforms(33% CAGR)

Platforms (33% CAGR)

Application EnablementPlatforms (32% CAGR)

Value Added Services (26%CAGR)

System Integration Services(24% CAGR)

Hardware (23% CAGR)

Connectivity (12% CAGR)

Internet-connected devices(Cisco Estimate)

95%

Page 3: IoT security patterns

The Internet of Things?

More like the Internet of Attack

Vectors• Attack surfaces are expanding rapidly

• Physical access to systems is becoming easier

• Consumer privacy concerns are rising

• Consequences of a breach are becoming more severe (critical infrastructure, brand deterioration, data privacy issues, etc.)

• Product companies are being forced outside of their comfort zones

• Three dimensions that make IoT security challenging…

Page 4: IoT security patterns

1. Resource constraints

Page 5: IoT security patterns

2. Deployment topologies

Page 6: IoT security patterns

3. Usage modes

Things to note about IoT usage modes that affect security:1. Some modes are normal and standard solutions exist2. Some modes are new and standards are still emerging3. Some modes are becoming more vulnerable due to resource constraints

Page 7: IoT security patterns

The IoT security problem areaA. High resource constraintsB. Complex deployment topologiesC. Novel usage modes

Mo’ IoT, mo’ problems

Page 8: IoT security patterns

The 4th dimension: time

Now we have a Tesseract

The difficulty with IoT security is that the landscape is constantly changing, even after products are deployed

Security should be designed for from the beginning and embraced as a journey throughout

It starts with a process…

Page 9: IoT security patterns

The web you should be weaving

Secure processes => secure products => secure brand integrity

Page 10: IoT security patterns

Conclusion

Takeaways:

1. Security processes. Have a security architecture from the beginning and

evolve throughout (layers, topologies, modes)

2. Technology selection. Start it from the beginning and evolve thoughout

3. Operations planning. How do you respond if/when a security incident occurs

in the field. Use checklists

– http://owasp.org/

– http://builditsecure.ly/

Embrace the journey

Page 11: IoT security patterns

Thank you

Mark Benson

@markbenson


The security challenge in IoT - ETSI · 2018-10-22 · The security challenge in IoT Scott Cadzow, for STF547 Challenging IoT Security ... There are lots of security standards IoT

The security challenge in IoT - ETSI · 2018-10-22 · The security challenge in IoT Scott Cadzow, for STF547 Challenging IoT Security ... There are lots of security standards IoT

Documents
IoT SECURITY CHAMPIONS - IoT News - IoT Business News€¦ · IoT SECURITY CHAMPIoNS: Building trust into the iot IOT SECURITY ChAMPIOnS: Building Trust into the IoT p.3 \ Source

IoT SECURITY CHAMPIONS - IoT News - IoT Business News€¦ · IoT SECURITY CHAMPIoNS: Building trust into the iot IOT SECURITY ChAMPIOnS: Building Trust into the IoT p.3 \ Source

Documents
IoT Security: F5 IoT Solution · IoT Security: F5 IoT Solution Author: Matt Mooseles Created Date: 10/1/2018 8:18:05 PM

IoT Security: F5 IoT Solution · IoT Security: F5 IoT Solution Author: Matt Mooseles Created Date: 10/1/2018 8:18:05 PM

Documents
IoT Security Faux Pas

IoT Security Faux Pas

Technology
Floodgate IoT Security Toolkit - Nohaunohau.eu/wp-content/uploads/IconLabs.pdf · The Floodgate IoT Security Toolkit provides engineers developing IoT devices a comprehensive security

Floodgate IoT Security Toolkit - Nohaunohau.eu/wp-content/uploads/IconLabs.pdf · The Floodgate IoT Security Toolkit provides engineers developing IoT devices a comprehensive security

Documents
IOT SECURITY: CHALLENGES, SOLUTIONS & FUTURE PROSPECTS · 2021. 2. 27. · This article considers IoT security challenges, security requirements for IoT architecture, current security

IOT SECURITY: CHALLENGES, SOLUTIONS & FUTURE PROSPECTS · 2021. 2. 27. · This article considers IoT security challenges, security requirements for IoT architecture, current security

Documents
Debunking IoT Security Myths

Debunking IoT Security Myths

Technology
Getting started with IoT security · IoT devices. The IoT Security Foundation has prepared an IoT Security Compliance Framework to provide pragmatic guidance to businesses developing

Getting started with IoT security · IoT devices. The IoT Security Foundation has prepared an IoT Security Compliance Framework to provide pragmatic guidance to businesses developing

Documents
Proportional security in IoT

Proportional security in IoT

Documents
IOT SECURITY MARKET REPORT 2017-2022 · IOT SECURITY MARKET REPORT 2017-2022 IOT SECURITY MARKET REPORT ... 1 IoT Security Overview 7 ... 5.5.1 Security by design best practices and

IOT SECURITY MARKET REPORT 2017-2022 · IOT SECURITY MARKET REPORT 2017-2022 IOT SECURITY MARKET REPORT ... 1 IoT Security Overview 7 ... 5.5.1 Security by design best practices and

Documents
Internet of threats - the home of IoT news, analysis and ... · IoT security risks Iot threat detection IoT network security IoT encryption ioT security analytics IoT API security

Internet of threats - the home of IoT news, analysis and ... · IoT security risks Iot threat detection IoT network security IoT encryption ioT security analytics IoT API security

Documents
Addressing IoT Challenges - Cisco › assets › sol › dc › day_two_close.pdf7 Thursday AM: Addressing IoT Challenges • Security, security, security: Appropriate levels of security

Addressing IoT Challenges - Cisco › assets › sol › dc › day_two_close.pdf7 Thursday AM: Addressing IoT Challenges • Security, security, security: Appropriate levels of security

Documents
IoT & SCADA Cyber Security Services...1.1.1. IoT Systems Service Description Deliverables IoT Cyber Security Assessment in: (High-level) Review overall security against key IOT vulnerability

IoT & SCADA Cyber Security Services...1.1.1. IoT Systems Service Description Deliverables IoT Cyber Security Assessment in: (High-level) Review overall security against key IOT vulnerability

Documents
IoT Architecture and Design Patterns - QUDIT · IoT Architecture and Design Patterns. Abstract. ... Application. Reporting, Analytics & Control. 7. Collaboration & Processes . Involving

IoT Architecture and Design Patterns - QUDIT · IoT Architecture and Design Patterns. Abstract. ... Application. Reporting, Analytics & Control. 7. Collaboration & Processes . Involving

Documents
Some IoT Security Learnings

Some IoT Security Learnings

Internet
IoT SAFE: Robust IoT security at scale

IoT SAFE: Robust IoT security at scale

Documents
IoT Security - COIT · IoT Security Protect Your IoT Devices and Keep your Business Running ©2018 Check Point Software Technologies Ltd. 2 IoT Security Represent a New Frontier The

IoT Security - COIT · IoT Security Protect Your IoT Devices and Keep your Business Running ©2018 Check Point Software Technologies Ltd. 2 IoT Security Represent a New Frontier The

Documents
IoT Design Patterns · 2018-11-15 · IoT Design Patterns: ... You have provided an IoT platform consisting of devices and composite IoT services and you would like to monetize it

IoT Design Patterns · 2018-11-15 · IoT Design Patterns: ... You have provided an IoT platform consisting of devices and composite IoT services and you would like to monetize it

Documents
IoT security: real problems and solutions Introductionfiles.informatandm.com/uploads/2017/5/IoT_Security...IoT security: real problems and solutions Introduction “IoT security”

IoT security: real problems and solutions Introductionfiles.informatandm.com/uploads/2017/5/IoT_Security...IoT security: real problems and solutions Introduction “IoT security”

Documents
SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

SCALING UP IOT SECURITY · 2019-04-16 · SCALING UP IOT SECURITY IoT Security Foundation Conference December 2018 Leo Dorrendorf. Security architect Diverse product range Multiple

Documents
PATTERNS FOR BUILDING REAL WORLD SYSTEMSiron.io/docs/Ironio-IoT-Whitepaper-Jun2015_4.pdf · providing complementary services. High availability, scalability, security, reliability,

PATTERNS FOR BUILDING REAL WORLD SYSTEMSiron.io/docs/Ironio-IoT-Whitepaper-Jun2015_4.pdf · providing complementary services. High availability, scalability, security, reliability,

Documents
Security in IoT

Security in IoT

Engineering
IoT Cybersecurity - IoT Alliance Australia: Security Workstream

IoT Cybersecurity - IoT Alliance Australia: Security Workstream

Technology
IoT - Big Data & Security

IoT - Big Data & Security

Technology
Patterns for Monetizing the IoT

Patterns for Monetizing the IoT

Software
IoT Security - UC Berkeley Sutardja Centerscet.berkeley.edu/wp-content/uploads/IoT-Security-Overview-Final.pdf · Importance of Security to IoT Security is both a barrier to widespread

IoT Security - UC Berkeley Sutardja Centerscet.berkeley.edu/wp-content/uploads/IoT-Security-Overview-Final.pdf · Importance of Security to IoT Security is both a barrier to widespread

Documents
IoT Security Elements

IoT Security Elements

Business
SECURE ELEMENTS FOR IOT SECURITY NICHOLAS VONDRAK ...€¦ · IoT Security of Things Event / 19th October ... SECURE ELEMENTS FOR IOT SECURITY NICHOLAS VONDRAK, MARKETING MANAGER

SECURE ELEMENTS FOR IOT SECURITY NICHOLAS VONDRAK ...€¦ · IoT Security of Things Event / 19th October ... SECURE ELEMENTS FOR IOT SECURITY NICHOLAS VONDRAK, MARKETING MANAGER

Documents
Future-Proof Security & Privacy in IoT - ETSI...layers in IoT ecosystems are prerequisites to make security in IoT Future-Proof. Challenges & Opportunities in Security in IoT A. NXP:

Future-Proof Security & Privacy in IoT - ETSI...layers in IoT ecosystems are prerequisites to make security in IoT Future-Proof. Challenges & Opportunities in Security in IoT A. NXP:

Documents
Exploring IoT Security

Exploring IoT Security

Documents