12
1 | Monday, February 01, 2016 | Webroot Inc. | Proprietary and Confidential Information Self-defending IoT devices & gateways East Midlands Cyber Security Forum Matt Aldridge, Solutions Architect [email protected]

Webroot - self-defending IoT devices & gateways

Embed Size (px)

Citation preview

Page 1: Webroot - self-defending IoT devices & gateways

1 | Monday, February 01, 2016 | Webroot Inc. | Proprietary and Confidential Information

Self-defending IoT devices & gateways

East Midlands Cyber Security Forum

Matt Aldridge, Solutions Architect

[email protected]

Page 2: Webroot - self-defending IoT devices & gateways

2 | Monday, February 01, 2016 | Webroot Inc. | Proprietary and Confidential Information

» BrightCloud Threat Intelligence:

– IP Reputation

– Web Reputation

– Web Classification

– File Reputation

– Collective -> Predictive

» SecureAnywhere™ Web Security Service

» SecureAnywhere™ Agent

» Gateway Solutions

» Device/Thing Solutions

Applying Collective Threat Intelligence to the IoT and IIoT

Page 3: Webroot - self-defending IoT devices & gateways

3 | Monday, February 01, 2016 | Webroot Inc. | Proprietary and Confidential Information

IoT Gateway with Secure Proxy

NetworkPerimeter

BCTI

WSS

IoT Gateway

Internet

Features:- SSL Decryption

- URL Policy Management

- BotNet & CC Blocking

- Malicious File Scanning

- White / Black List

- Rapid Deployment

Limitations:- No Inbound IP Blocking- Low Volume Use Case

Page 4: Webroot - self-defending IoT devices & gateways

4 | Monday, February 01, 2016 | Webroot Inc. | Proprietary and Confidential Information

IoT Gateway with BCTI SDK – URL & IP

NetworkPerimeter

BCTI

IoT Gateway

Internet

Features:- Most Secure Solution

- Massive Volume

- Lower Cost

- Full Inbound IP Blocking

Limitations:- More Complex Implementation- “On Appliance” Management

Page 5: Webroot - self-defending IoT devices & gateways

5 | Monday, February 01, 2016 | Webroot Inc. | Proprietary and Confidential Information

IoT Gateway with IP Blocking and Secure Gateway

NetworkPerimeter

BCTI

IoT Gateway

Internet

Limitations:- Low Volume Use Case Outbound

WSS

IP Rep

Features:- More Secure Solution

- Full Inbound IP Blocking

- Outbound

- SSL Decryption

- URL Policy Management

- BotNet & CC Blocking

- Malicious File Scanning

- White / Black List

Page 6: Webroot - self-defending IoT devices & gateways

6 | Monday, February 01, 2016 | Webroot Inc. | Proprietary and Confidential Information

» Devices very long-lived

» Interoperability testing costs millions: change averse

» Evolution limited by hardware capacity & legacy software

Existing IIoT Devices: The Problem

Page 7: Webroot - self-defending IoT devices & gateways

7 | Monday, February 01, 2016 | Webroot Inc. | Proprietary and Confidential Information

Hardware Separation – On Device IP/URL Verification

Hardware

OS

Separation Kernel

IP/URL

Check

Internet

BCTIIP

RepURL Cat

Bad IP

Bad URL

Page 8: Webroot - self-defending IoT devices & gateways

8 | Monday, February 01, 2016 | Webroot Inc. | Proprietary and Confidential Information

Hardware Separation – Firmware Update Verification

OS

Separation Kernel

Secure

Memory –

File

Hashing

Internet

Webroot Global File Database

Physical Hardware

Device

1

2

34

Page 9: Webroot - self-defending IoT devices & gateways

9 | Monday, February 01, 2016 | Webroot Inc. | Proprietary and Confidential Information

Webroot SecureAnywhere™ Agent

Implemented- Windows XP, Vista, 7, 8, 10- OS X- Windows Embedded 7 & 8 (Full Run-time)- Android

In Progress- Windows 10 IoT Core- Windows POSReady 7- Windows Embedded 7 & 8 (Headless)

Roadmap- Linux Variants

Page 10: Webroot - self-defending IoT devices & gateways

10 | Monday, February 01, 2016 | Webroot Inc. | Proprietary and Confidential Information

Webroot SecureAnywhere™ Web Security Service

Implemented- Windows XP, Vista, 7, 8, 10- OS X

In Progress- Intel Edison (Yocto)- Intel Edison (Windows 10 IoT Core)- Raspberry PI (Raspbian)- Linux (Generic) - Router/Gateway (Generic)

Page 11: Webroot - self-defending IoT devices & gateways

11 | Monday, February 01, 2016 | Webroot Inc. | Proprietary and Confidential Information

» Dynamic executable classifier

– On-device machine learning deployment

– Analyses files in network data streams

– Supplied in SDK form

– First version will cover Windows PE files

– No reliance on signatures

Other Forthcoming Solutions

Page 12: Webroot - self-defending IoT devices & gateways

12 | Monday, February 01, 2016 | Webroot Inc. | Proprietary and Confidential Information

Thank you! Any questions?

Matt Aldridge, Solutions [email protected]