6. 1. IDC
2. MC/EDC: The Digital Universe of
Opportunities
3. Goldman Sachs
4. IMS Research
The Internet of Things is …
Home
Mobile
Network
Industrial
Gateway
DC/Cloud
3
COST OF
SENSORS 2X
PAST10
YEARS
COST OF
BANDWIDTH40X
PAST10YEARS
COST OF
PROCESSING60X
PAST10YEARS
50BDEVICES1
21
212BSensors
9. Основные кибер-угрозы
• Отказ в обслуживании - DDoS
• Зловредное ПО
• Утечки данных
• Непреднамеренные утечки
• Ослабление периметра
безопасности
10. Internet of Things
Количество атак на интернет вещи будет расти в связи с взрывным ростом количества
подключенных устройств и все более критичной информацией хранящейся на устройствах.
Source: McAfee, based on research by BI Intelligence, IDC, and Intel Source : HP
Сегодня:
70% содержит уязвимости.
80% не требует паролей или испрльзует
пароль небезопасной длины и сложности.
90% хранят персональные данные.
70% не имеют защиты от брутфорс атак.
12. IoT Ключевые аспекты
безопасности
• Целостность устройства
• Идентификация устройства
• Защита каналов передачи данных в
ЦОД/Облако
• Защита каналов передачи данных
на устройство
• Безопасность ЦОДа/Облака
• Безопасность вспомогательных
узлов
14. Intel® IoT Platform: Logical Definition
MCU
• WiFi + LP WiFi
• Bluetooth®
Technology + BTLE
• 3G/4G/LTE (GPRS)
• ZigBee*, Zwave*
• 6LoWPAN*
• WiHART*
• Ethernet
• RFID
Gateway
I/O
I/O
Data Ingestion &
Processing
Data Transport
Broker
Query
Storage
Compute
Gateway
Device Attestation
Persistence &
Concurrency
Device Attestation
Analytics
MCU
I/O
Sensor
Actuator
Sensor
Actuator
Sensor
Sensor
P
M
A
P
M
A
Asset Info,
Policies &
Metadata
Security, Configuration &
Management
Data Center Management & Security (Monitoring, Auto-scaling, Logging, Eventing)
Business Logic
& Rules
Services
Orchestration
VerticalIoTApps
APIs, API
Libraries, SDK
Business Portal
IT/BusinessSystems
Network
Infrastructure
3rd Party
Systems
Data Flow: MQTT, HTTPS, WebSockets, XMPP, CoAP, REST, AMQP, DDS, et al.
Security & Mgmt Flow: MQTT, EPID, OMA-DM, TR-069, REST, et al.
P M A
Protocol Mapper & Adapter
(formerly UPAL)
Security on all Devices, Data, & Comms from Things to Cloud
(Identity Protection, Integrity, Confidentiality, Trusted Execution, Attestation)
*Other names and brands may be claimed as the property of others.
Sensor Gateways
Networks
On-Premise or Off-Premise Data Center or Cloud
Identity
Integrity
Data Protection
Intrusion Prevention
Intrusion Detection
Managed Networks
Database Security
Services Management
Security Information
and Event
Monitoring System
Threat Intelligence
Public Cloud Security
Private Cloud Security
Intel Management
Platform
15.
16. Intel® Security - IoT Portfolio
Provides
comprehensive
protection of Critical
infrastructure from
physical and
cyberattacks
Intel®SecurityCriticalInfrastructureProtection
PRIVATE /
PUBLIC CLOUD
SECURITY
EVENT
MANAGEMENT
AND THREAT
INTELLIGENCE
DEVICE LEVEL
SECURITY
NETWORK
SECURITY
McAfee Security Information
and Event Monitoring System
(SIEM)
Central security intelligence system for
IOT‘s heterogenes architecture
McAfee Threat
Intelligence Exchange (TIE)
& Data Exchange Layer (DXL)
Tailors comprehensive threat intelligence
from multiple intelligence data sources
McAfee ePolicy Orchestrator
(McAfee ePO)
Security agent that connects with the
McAfee security infrastructure for
monitoring and managing security of
the IoT
McAfee Network Security
Platform
Helps detect and block attacks by
enforcing security policies at the
application, port and protocol levels
Provides Intrustion Detection /
Prevention Capabilities
McAfee Network Security
Platform
McAfee Embedded/ Integrity
Control (Whitelisting
Technology)
Helps block unauthorized applications
and changes in IOT devices
Intel Silicon Hardened
Foundation
Security capabilities that include Secure
Boot, HW Root of Trust and EPID
17.
18. Intel Security Whitelisting Technology
Целостность устройств и проверенные обновления
• Самостоятельное или централизовано-
управляемое с McAfee ePolicy Orchestrator
решение.
• Часть Intel IoT Gateway
• Интеграция McAfee Threat Intelligence Exchange
(TIE) and Security Information and Event Monitoring
Solution (SIEM)
SYS
STOP
Unknown Binary
is Unauthorized
Whitelist
20. Intel® IoT Gateway
Linux* Operating System
Microsoft Windows® OS
Intel® IoT Gateway
Linux* Operating System
Microsoft Windows® OSIntel® IoT Gateway
Linux* Operating System
Microsoft Windows® OS
Sensor/Device Integrity & Security
Intel® Quark™/ Intel® Atom™/ Intel® Core™ SoCs
Intel® IoT Gateway
Linux* Operating System
Microsoft Windows® OS
Secure Boot (UEFI)
McAfee Embedded
Control
Management Agents
Signed Updates
IoT Security and Device Management
McAfee ePolicy Orchestrator* (ePO) and/or
Wind River* Helix Device Cloud
Good
1. UEFI Secure Boot
2. OS built-in
capabilities
Better
1. UEFI Secure Boot
measured through
TPM (Measure Boot)
2. McAfee Embedded
Control
3. Remotly
manageable via Intel
AMT
Best
1. UEFI Secure Boot
and Device
Attestation through
TPM (Measure Boot,
Attested)
2. McAfee Embedded
Control
3. Management
Agents to manage
device and its
security posture
4. Centralized
managed and
monitored
21. Intel® IoT Gateway
Linux* Operating System
Microsoft Windows® OS
Intel® IoT Gateway
Linux* Operating System
Microsoft Windows® OSIntel® IoT Gateway
Linux* Operating System
Microsoft Windows® OS
Data Protection & Security
Intel® Quark™/ Intel® Atom™/ Intel® Core™ SoCs
Intel® Advanced Encryption Standard - New Instructions (Intel® AES-NI)
Intel® IoT Gateway
Linux* Operating System
Microsoft Windows® OS
Secure Boot (UEFI)
McAfee Drive
Encryption
Management Agents
McAfee MNE
IoT Security and Device Management
McAfee ePolicy Orchestrator* (ePO) and/or
Wind River* Helix Device Cloud
Good
1. OS built-in
capabilities like
dmcrypt or Bitlocker
2. SSL Connections
to Services and other
devices
Better
1. McAfee Drive
Encryption or McAfee
Native Management
Agents
2. Utilization of Intel
AES-NI for
Encryption
3. Use of certified
and/or hardened SSL
libraries to establish
secure connections
Best
1. McAfee Drive
Encryption or McAfee
Native Management
Agents
2. Utilization of Intel
AES-NI for
Encryption
3. Use of certified
and/or hardened SSL
libraries to establish
secure connections
4. Centralized
Management of Data
Protection Software
and Key
Management
SecureConnections
22. Итог
• IoT Это не только устройства
• Безопасность IoT начинается на этапе разработки
• Безопасность IoT должна быть реализована на всех уровнях от
микроконтроллера до датацентра.
• В мире IoT необходима защита инфраструктуры и сервисов.