Professional Documents
Culture Documents
Exprivia Apulia IoT Security Cisco DR Stangalino
Exprivia Apulia IoT Security Cisco DR Stangalino
Industrial Internet
Marco Stangalino
mstangal@cisco.com
Two Worlds Converging
Industrial
Cybersecurity skills Network Industrial process skills
Network hygiene Operational events context
Security policies Traffic OT Asset criticality levels
Detection & Remediation IT Equipment configuration
to industrial cause
processes downtime
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IEC 62443 architectural framework
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Framework Nazionale
per la Cybersecurity e
la Data Protection
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The 4-step journey to secure your industrial network
SOC
Identify all your industrial Isolate networks to build Detect IT intrusions and Gain a holistic view on
assets to build the right zones and conduits to abnormal OT behaviors to security events to ease
security strategy avoid attacks to spread maintain process integrity investigation & remediation
Gain visibility on your OT to build and enforce the right security policies
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco’s product focus for IoT
Analytics
Applications
Sensors/Devices
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Foundational Components of Industrial Security
Cyber Vision ISA 3000 SecureX
Operational insights and Industrial Firewall
cyber threat detection
Threat Response
Threat investigation and remediation
Sensor
Sensor
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Cyber Vision
Security that scales with your network infrastructure
Cyber Vision Center
(Centralized Analytics)
Sensor Sensor
Sensor Sensor Sensor
IC3000 Industrial Compute IE 3400 Switch IE 3400 Heavy Duty IR 1101 Gateway Catalyst 9000 Series Switch
Hardware-Sensor Network-Sensors
(SPAN based to support brownfield ) (Deep Packet Inspection built into network-elements eliminating the need for SPAN)
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ISA3000 Industrial Security Appliance
Protect your industrial networks against increasingly complex threats
Benefit from industry- Leverage built-in, Streamline security policy Detect, investigate, and
leading, advanced comprehensive next- and device management remediate across IT-OT
threat intelligence generation IPS across your sites integrated security portfolio
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
SecureX Threat Response
• Cisco’s cloud platform
to accelerate threat
hunting and incident
response
Threat Incident
Intelligence Response
Cisco Talos Intelligence Group is one of Cisco Talos Incident Response provides a
the largest commercial threat full suite of proactive and reactive services
intelligence teams in the world, to help you prepare, respond and recover
comprised of world-class researchers, from a breach. With Talos IR, you have
analysts and engineers. direct access to the same threat
intelligence available to Cisco.
Foundation Security Architecture in Manufacturing
Purdue level 4 & 5
Enterprise Zone Security
Operations
FMC SecureX SIEM CGC Center
Discover
Industrial • Asset Visibility
De-Militarized NGFW • Application Flows
Zone (IDMZ)
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Foundational Security Architecture in Electric Utilities
Operations Center / Control Center
lo w
Transmission Grid o nF
Application Flow a ti
plic
Ap
Substation Substation
ISA3000 ISA3000
Firewall Firewall
Sensor
Distribution Grid
HMI IC3000 HMI Sensor
Detect Respond
• Vulnerabilities • Investigate
SP Cellular LTE
• Anomalies • Remediate
WAN Backhaul
• Intrusion
2 Plant/Refinery 3
ISA3000
Firewall Sensor Sensor Sensor
Switch Stack Switch Stack
Sensor Sensor
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Industry Validated Designs
Simplicity Security Scalability
Proven Integrations
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Meeting Stakeholder Needs
Ensuring success from
POC to IoT scale deployments!
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The Trifecta of Stakeholders
CSO IT OT
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Meeting the needs of IT
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Typical ICS detection solutions depend on SPAN
Hidden costs of port mirroring
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Cyber Vision
Visibility built into your network infrastructure
Cyber Vision Center
Sensor
Sensor Sensor
No additional hardware needed
ICS
network
No need for an out-of-band monitoring Application-Flow
Lightweight
network Sensor Sensor Sensor
Metadata
No impact on performance
Reduce TCO by eliminating the need to invest in an ever-growing SPAN collection network
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Visibility
Security deployed at scale built into your
network infrastructure
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Visibility
Security deployed at scale built into your
network infrastructure
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Visibility
Security deployed at scale built into your
network infrastructure
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Meeting the needs of OT
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cyber Vision understands ICS protocols you use
Cisco’s Deep Packet Inspection decodes standard and proprietary industrial protocols
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco industrial
Industrial networking enables
you to visually inspect
Application Sensor
Application
Flow
the activities in your
Sensor
industrial processes to
Visibility reduce downtime.
IE 3400 Switch IR 1101 Gateway
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cyber Vision Center
Gain Operational Insights
(Centralized analytics)
Application
Flow
Sensor
Sensor
Detect changes in the control system
Network-Sensors
(Built in Deep Packet Inspection)
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cyber Vision Center
A Flight Recorder for Troubleshooting
(Centralized analytics)
Sensor
PLC_3 S7-400 station_1
PLC_1
Sensor Stop CPU command detected from
Dell workstation to S7-400 PLC
Network-Sensors
(Built in Deep Packet Inspection)
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Meeting the needs of SecOps
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cyber Vision Threat Detection
Threat Intelligence
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Easily track all threats to your industrial networks
• Security events
(authentication, vulnerabilities, port
scan, protocol exception…)
• Signature-based detection
(IDS)
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Baselines highlight abnormal behaviors
• Cyber Vision behavior modeling
automatically triggers alerts on
deviations to the baselines
• New and modified assets
• New activities between assets
• Variable changes
• Program modifications
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Easily spot important IT security information
• Top / Rare DNS requests
• Top / Rare HTTP requests
• Top / Rare SMB usage
• Unclassified “strange” flows
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cyber Vision intrusion detection
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ISA 3000 Industrial Threat Protection
Industrial Application Visibility & Control Industrial IPS Preprocessors
Regularly updated Signatures
from Cisco’s industry-leading
threat intelligence team
Open
Write your own custom
Application Detectors using open
source application layer plugin
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Reduce the noise of Intrusion events
Impact of IPS events can be deduced Firepower recommendation can tune IPS
Good to know,
0 Unknown Network Unmonitored network
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Block Malware Using AMP for Networks
• Multiple methods of malware
detection:
• AV detection engines
Retrospective Behavioral File Threat • One-to-one signature matching
Detection IoCs Trajectory Hunting
• Machine Learning
• Fuzzy finger printing
• Sandboxing on device or cloud
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Access
Firewalls CMDB SOC
Control
Cyber Vision
integrates with your
existing security
platforms
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
FMC: Cyber Vision integration
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Stealthwatch: Cyber Vision integration
Enrich host-groups in
Stealthwatch with rich context
from Cyber Vision
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
CTR: Firepower integration
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Investigate across IT-OT
integrated security technologies
pivot from Cyber Vision to CTR
to investigate observables
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IBM QRadar integration
Unified IT/OT security events management in SIEM
Syslog
ICS visibility
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Splunk integration
Unified IT/OT security events management in SIEM
Syslog
ICS visibility
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Meeting Stakeholder Needs
OT IT CSO
Reduce downtime with Reduce TCO by eliminating Protect your business against
Operational insights that the need to invest in an threats with the strongest suite
help track activities in your ever-growing SPAN of industrial application aware
industrial process collection network integrated security solutions
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Kick-start your Industrial IoT security project
Cisco assessment service gives you a comprehensive picture of
your industrial security posture so you can build your project plan
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential