Submit Search
Upload
Bring Your Own Internet of Things: BYO‐IoT
•
0 likes
•
356 views
Priyanka Aash
Follow
Bring Your Own Internet of Things: BYO‐IoT (Source: RSA USA 2016-San Francisco)
Read less
Read more
Technology
Report
Share
Report
Share
1 of 83
Download now
Download to read offline
Recommended
Smart city landscape
Smart city landscape
Samir SEHIL
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
Lillie Coney
Internet of Things (Iot)
Internet of Things (Iot)
Nasir Mahmood
Internet of Things IoT Anytime Anywhere Anything Connectivity
Internet of Things IoT Anytime Anywhere Anything Connectivity
YogeshIJTSRD
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGES
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGES
IJNSA Journal
IoT and Blockchain Convergence
IoT and Blockchain Convergence
Ahmed Banafa
Internet of Things Challenges and Solutions
Internet of Things Challenges and Solutions
ijtsrd
Internet of things enabling tech - challenges - opportunities (2016)
Internet of things enabling tech - challenges - opportunities (2016)
Davor Dokonal
Recommended
Smart city landscape
Smart city landscape
Samir SEHIL
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
Lillie Coney
Internet of Things (Iot)
Internet of Things (Iot)
Nasir Mahmood
Internet of Things IoT Anytime Anywhere Anything Connectivity
Internet of Things IoT Anytime Anywhere Anything Connectivity
YogeshIJTSRD
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGES
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGES
IJNSA Journal
IoT and Blockchain Convergence
IoT and Blockchain Convergence
Ahmed Banafa
Internet of Things Challenges and Solutions
Internet of Things Challenges and Solutions
ijtsrd
Internet of things enabling tech - challenges - opportunities (2016)
Internet of things enabling tech - challenges - opportunities (2016)
Davor Dokonal
Iot report
Iot report
Ashvini Kumar
IoT, Security & the Path to a Solution
IoT, Security & the Path to a Solution
Dr Laurent Guiraud
IOT SECURITY: PENETRATION TESTING OF WHITE-LABEL CLOUD-BASED IOT CAMERA COMPR...
IOT SECURITY: PENETRATION TESTING OF WHITE-LABEL CLOUD-BASED IOT CAMERA COMPR...
ijcsit
Review on Vulnerabilities of IoT Security
Review on Vulnerabilities of IoT Security
ijtsrd
Does the Convergence of the Blockchain, the Internet of Things and Artificial...
Does the Convergence of the Blockchain, the Internet of Things and Artificial...
eraser Juan José Calderón
Four essential truths of the IoT
Four essential truths of the IoT
W. David Stephenson
Rasefiberry: Secure and efficient Raspberry-Pi based gateway for smarthome Io...
Rasefiberry: Secure and efficient Raspberry-Pi based gateway for smarthome Io...
journalBEEI
9 IoT predictions for 2019
9 IoT predictions for 2019
Ahmed Banafa
Control of Communication and Energy Networks Final Project - Service Function...
Control of Communication and Energy Networks Final Project - Service Function...
Biagio Botticelli
Internet of Things, the Next Internet Revolution
Internet of Things, the Next Internet Revolution
Bob Hardian
All The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected Devices
John D. Johnson
The Internet of Things (IoT): An Overview
The Internet of Things (IoT): An Overview
IJERA Editor
New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference )
Ahmed Banafa
Io t security_review_blockchain_solutions
Io t security_review_blockchain_solutions
Shyam Goyal
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
Karel Van Isacker
1. Introduction to IoT
1. Introduction to IoT
Abhishek Das
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Science
inventy
Iot Report
Iot Report
Rajnish Raj
IRJET- Fourth Coming Internet: The Internet of Things
IRJET- Fourth Coming Internet: The Internet of Things
IRJET Journal
IoT: Ongoing challenges and opportunities in Mobile Technology
IoT: Ongoing challenges and opportunities in Mobile Technology
AI Publications
The internet of things(IoT)
The internet of things(IoT)
Saurabh Yadav
Internet of Things
Internet of Things
Sayyed Rifaquat Hussain
More Related Content
What's hot
Iot report
Iot report
Ashvini Kumar
IoT, Security & the Path to a Solution
IoT, Security & the Path to a Solution
Dr Laurent Guiraud
IOT SECURITY: PENETRATION TESTING OF WHITE-LABEL CLOUD-BASED IOT CAMERA COMPR...
IOT SECURITY: PENETRATION TESTING OF WHITE-LABEL CLOUD-BASED IOT CAMERA COMPR...
ijcsit
Review on Vulnerabilities of IoT Security
Review on Vulnerabilities of IoT Security
ijtsrd
Does the Convergence of the Blockchain, the Internet of Things and Artificial...
Does the Convergence of the Blockchain, the Internet of Things and Artificial...
eraser Juan José Calderón
Four essential truths of the IoT
Four essential truths of the IoT
W. David Stephenson
Rasefiberry: Secure and efficient Raspberry-Pi based gateway for smarthome Io...
Rasefiberry: Secure and efficient Raspberry-Pi based gateway for smarthome Io...
journalBEEI
9 IoT predictions for 2019
9 IoT predictions for 2019
Ahmed Banafa
Control of Communication and Energy Networks Final Project - Service Function...
Control of Communication and Energy Networks Final Project - Service Function...
Biagio Botticelli
Internet of Things, the Next Internet Revolution
Internet of Things, the Next Internet Revolution
Bob Hardian
All The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected Devices
John D. Johnson
The Internet of Things (IoT): An Overview
The Internet of Things (IoT): An Overview
IJERA Editor
New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference )
Ahmed Banafa
Io t security_review_blockchain_solutions
Io t security_review_blockchain_solutions
Shyam Goyal
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
Karel Van Isacker
1. Introduction to IoT
1. Introduction to IoT
Abhishek Das
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Science
inventy
Iot Report
Iot Report
Rajnish Raj
IRJET- Fourth Coming Internet: The Internet of Things
IRJET- Fourth Coming Internet: The Internet of Things
IRJET Journal
IoT: Ongoing challenges and opportunities in Mobile Technology
IoT: Ongoing challenges and opportunities in Mobile Technology
AI Publications
What's hot
(20)
Iot report
Iot report
IoT, Security & the Path to a Solution
IoT, Security & the Path to a Solution
IOT SECURITY: PENETRATION TESTING OF WHITE-LABEL CLOUD-BASED IOT CAMERA COMPR...
IOT SECURITY: PENETRATION TESTING OF WHITE-LABEL CLOUD-BASED IOT CAMERA COMPR...
Review on Vulnerabilities of IoT Security
Review on Vulnerabilities of IoT Security
Does the Convergence of the Blockchain, the Internet of Things and Artificial...
Does the Convergence of the Blockchain, the Internet of Things and Artificial...
Four essential truths of the IoT
Four essential truths of the IoT
Rasefiberry: Secure and efficient Raspberry-Pi based gateway for smarthome Io...
Rasefiberry: Secure and efficient Raspberry-Pi based gateway for smarthome Io...
9 IoT predictions for 2019
9 IoT predictions for 2019
Control of Communication and Energy Networks Final Project - Service Function...
Control of Communication and Energy Networks Final Project - Service Function...
Internet of Things, the Next Internet Revolution
Internet of Things, the Next Internet Revolution
All The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected Devices
The Internet of Things (IoT): An Overview
The Internet of Things (IoT): An Overview
New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference )
Io t security_review_blockchain_solutions
Io t security_review_blockchain_solutions
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
1. Introduction to IoT
1. Introduction to IoT
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Science
Iot Report
Iot Report
IRJET- Fourth Coming Internet: The Internet of Things
IRJET- Fourth Coming Internet: The Internet of Things
IoT: Ongoing challenges and opportunities in Mobile Technology
IoT: Ongoing challenges and opportunities in Mobile Technology
Similar to Bring Your Own Internet of Things: BYO‐IoT
The internet of things(IoT)
The internet of things(IoT)
Saurabh Yadav
Internet of Things
Internet of Things
Sayyed Rifaquat Hussain
Internet of Things (IoT)
Internet of Things (IoT)
Marjuk Ahmed Siddiki
Introduction of Iot and Logical and Physical design of iot
Introduction of Iot and Logical and Physical design of iot
MayankKumar380505
IOT
IOT
AdhiVarun
Internet of things-Sky is not the limit, Its only the begining for IoT !!
Internet of things-Sky is not the limit, Its only the begining for IoT !!
Spurthi Setty
Internet of things
Internet of things
Spurthi Setty
iot.pptx
iot.pptx
ParasSundriyal2
IOT and Security.pptx
IOT and Security.pptx
infosec train
IOT and Security.pptx
IOT and Security.pptx
Infosectrain3
PECB Webinar: The Internet of Things
PECB Webinar: The Internet of Things
PECB
Internet of things (IoT)
Internet of things (IoT)
Tarika Verma
De Revolutie van het Industrial Internet of Things
De Revolutie van het Industrial Internet of Things
Michiel Verheij
internetofthingsiotslides-190502035400.pdf
internetofthingsiotslides-190502035400.pdf
bkumar2974
Introduction to Internet of Things
Introduction to Internet of Things
Nikhil Patankar
IoT identity management: a comprehensive guide to creating secure IoT device ...
IoT identity management: a comprehensive guide to creating secure IoT device ...
Neil Johnson
IoT.pptx
IoT.pptx
fanah4
Internet of Things
Internet of Things
Mphasis
IoTs.pptx
IoTs.pptx
Manish Patel
Research: The Internet of Things
Research: The Internet of Things
Amy Ee
Similar to Bring Your Own Internet of Things: BYO‐IoT
(20)
The internet of things(IoT)
The internet of things(IoT)
Internet of Things
Internet of Things
Internet of Things (IoT)
Internet of Things (IoT)
Introduction of Iot and Logical and Physical design of iot
Introduction of Iot and Logical and Physical design of iot
IOT
IOT
Internet of things-Sky is not the limit, Its only the begining for IoT !!
Internet of things-Sky is not the limit, Its only the begining for IoT !!
Internet of things
Internet of things
iot.pptx
iot.pptx
IOT and Security.pptx
IOT and Security.pptx
IOT and Security.pptx
IOT and Security.pptx
PECB Webinar: The Internet of Things
PECB Webinar: The Internet of Things
Internet of things (IoT)
Internet of things (IoT)
De Revolutie van het Industrial Internet of Things
De Revolutie van het Industrial Internet of Things
internetofthingsiotslides-190502035400.pdf
internetofthingsiotslides-190502035400.pdf
Introduction to Internet of Things
Introduction to Internet of Things
IoT identity management: a comprehensive guide to creating secure IoT device ...
IoT identity management: a comprehensive guide to creating secure IoT device ...
IoT.pptx
IoT.pptx
Internet of Things
Internet of Things
IoTs.pptx
IoTs.pptx
Research: The Internet of Things
Research: The Internet of Things
More from Priyanka Aash
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
Priyanka Aash
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
Priyanka Aash
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
Priyanka Aash
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
Priyanka Aash
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
Priyanka Aash
DPDP Act 2023.pdf
DPDP Act 2023.pdf
Priyanka Aash
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Priyanka Aash
Cyber Crisis Management.pdf
Cyber Crisis Management.pdf
Priyanka Aash
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
Priyanka Aash
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
Priyanka Aash
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
Priyanka Aash
Stories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
Priyanka Aash
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
Priyanka Aash
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Priyanka Aash
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Priyanka Aash
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Priyanka Aash
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Priyanka Aash
Cyber Security Governance
Cyber Security Governance
Priyanka Aash
Ethical Hacking
Ethical Hacking
Priyanka Aash
More from Priyanka Aash
(20)
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
DPDP Act 2023.pdf
DPDP Act 2023.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Crisis Management.pdf
Cyber Crisis Management.pdf
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
Stories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cyber Security Governance
Cyber Security Governance
Ethical Hacking
Ethical Hacking
Recently uploaded
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
shyamraj55
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
BookNet Canada
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
Precisely
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
Softradix Technologies
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Andrey Dotsenko
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
Neo4j
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Hyundai Motor Group
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
jimielynbastida
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
LBM Solutions
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
Deakin University
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
The Digital Insurer
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
Recently uploaded
(20)
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Bring Your Own Internet of Things: BYO‐IoT
1.
SESSION ID: #RSAC Jake Kouns Bring Your Own Internet of Things: BYO‐IoT CSV‐F02 CISO Risk Based Security @jkouns Carsten Eiram Chief Research Officer Risk Based Security @carsteneiram
2.
#RSAC Agenda • What is IoT? • What’s the Problem? •
What’s the Attack Surface? • IoT Security – Current State • Response and Actions
3.
#RSAC Internet of Things – Who Came Up With It?
4.
#RSAC Internet of Things – Definition?
5.
#RSAC Internet of Things – Definition (Techopedia.com) “The Internet of Things (IoT) is a computing concept that describes a future where everyday physical objects will be connected to the Internet and be able to identify themselves to other devices. The term is closely identified with RFID as the method of communication, although it also may include other sensor technologies, wireless technologies or QR codes. The IoT
is significant because an object that can represent itself digitally becomes something greater than the object by itself. No longer does the object relate just to you, but is now connected to surrounding objects and database data. When many objects act in unison, they are known as having "ambient intelligence.“” ”The Internet of Things is a difficult concept to define precisely.” ‐ Techopedia.com
6.
#RSAC Internet of Things – So, What Is it?
7.
#RSAC Internet of Things – Definition (Conclusion) 1. Needs to be networked / connected 2.
Some capability of sensing and decision making without human interaction/control Many products have the word ”Smart” in their name or to describe its function
8.
#RSAC Internet of Things – Examples (Everyday Life)
9.
#RSAC Internet of Things – Examples (Just because we can...)
10.
#RSAC Internet of Things ‐ Definition Looking past all the hype, IoT does not just pertain to consumers. From a business perspective, it can: Help to cut costs Save time Improve productivity and efficiency.
11.
#RSAC Internet of Things – Process
12.
#RSAC Internet of Things – Examples (Retail)
13.
#RSAC Internet of Things – Examples (Environmental)
14.
#RSAC Internet of Things – Examples (Your Network?)
15.
#RSAC Internet of Things – Examples (Your Network?)
16.
#RSAC Internet of Things – Why Should You Care?
17.
#RSAC Internet of Things – Why Should You Care? The analyst firm Gartner says that by 2020 there will be over 26 billion connected devices… that’s a lot of connections (some even estimate this number to be much higher, over 100 billion). “We expect the number of connected objects to reach 50bn by 2020 (2.7% of things in the world)” ‐ Cisco http://www.forbes.com/sites/jacobmorgan/2014/05/13/simple‐explanation‐internet‐things‐that‐anyone‐can‐understand/ http://newsroom.cisco.com/feature‐content?type=webcontent&articleId=1208342
18.
#RSAC Internet of Things – What About YOUR Network? How many IoT devices are on your network today? How many of them do you know about? If they are not already on your company network, they will be soon!
19.
#RSAC What’s The Problem?
20.
#RSAC Internet of Things – What About YOUR Network?
21.
#RSAC Internet of Things – What About YOUR Network?
22.
#RSAC Internet of Things – IoT IS Coming!
23.
#RSAC Internet of Things – How Is This Different? Even more Shadow IT, where unexpected BI/PD (Bodily Injury, Property Damage) ‐
People can get hurt, and property can be damaged Real world impact ‐ no longer 1s and 0s
24.
#RSAC Internet of Things – What’s In The News?
25.
#RSAC Internet of Things – What’s In The News?
26.
#RSAC Internet of Things – What’s In The News?
27.
#RSAC Internet of Things – Junk Hacking
28.
#RSAC Internet of Things – IoT Not Just In Your Garage
29.
#RSAC Internet of Things – IoT Connected
30.
#RSAC Internet of Things – Tripwire Study http://www.tripwire.com/company/news/press‐release/study‐critical‐ infrastructure‐executives‐complacent‐about‐internet‐of‐things‐security/
31.
#RSAC Internet of Things – Tripwire Key Findings 63% of executives expect business efficiencies and productivity to force adoption of IoT devices despite security risks 46% say that IoT
has the potential to become “the most significant risk” on their networks
32.
#RSAC Internet of Things – Tripwire Key Findings 59% of IT personnel working in medium‐ and large‐sized businesses are concerned that IoT could become “the most significant security risk” on their networks
33.
#RSAC Internet of Things – Tripwire Key Findings Remote workers have an average of 11 IoT devices on their home networks 24% have already connected at least one of these to their enterprise networks
34.
#RSAC Internet of Things – Tripwire Key Findings Only 30% of IT professionals believe their company has the technology necessary to adequately evaluate the security of IoT devices 1/5 of the respondents stated that they have “no visibility”
into current protection levels
35.
#RSAC Internet of Things – Is There An Impact?
36.
#RSAC Internet of Things – 3rd Party Breaches
37.
#RSAC Internet of Things – 3rd Party Breaches
38.
#RSAC Internet of Things – 3rd Party Breaches
39.
#RSAC Internet of Things – 3rd Party Breaches Not just a few 3rd party breaches... In 2015 alone: Source: Cyber Risk Analytics (www.cyberriskanalytics.com)
40.
#RSAC Internet of Things – More Shadow IT With IoT!
41.
#RSAC What’s The Attack Surface?
42.
#RSAC Internet of Things ‐ Communication Mobile App Cloud / SaaS Other Devices Internal Network
43.
#RSAC Internet of Things – Devices (ASA) Remotely accessible services with proper authentication / authorization? Secured communication with other devices, clients, cloud? Secure firmware updating?
44.
#RSAC Internet of Things – It’s Not Just WiFi During a wireless assessment of a client’s WiFi network, InGuardians
sniffed for ZigBee, Z‐wave, and other 900 MHz traffic common for IoT devices It was found that the building contained a ZigBee network that the client was not aware of This network supported devices controlling the building’s HVAC system, which put the company’s manufacturing process at risk
45.
#RSAC Internet of Things – Google!
46.
#RSAC Internet of Things – Google!
47.
#RSAC Internet of Things – Mobile App (ASA) Remotely accessible services with proper authentication / authorization? Secure storage of data? Loss of device may be similar to losing keys to the kingdom. Secure communication to cloud and devices?
48.
#RSAC Internet of Things – Cloud (ASA) Servers securely configured? Mature patch strategy e.g. using VI solution? Secure storage of data? Redundancy and do devices work if no connectivity to cloud?
49.
#RSAC Internet of Things – Three Threat Scenarios Enterprise IoT BYOD (BYO‐IoT) / Cross‐contamination Remote workers
50.
#RSAC IoT Security – Current State
51.
#RSAC Internet of Things – What’s In The News? Stunt Hacking?
52.
#RSAC Internet of Things – IoT Vulns So Far?
53.
#RSAC Internet of Things – State of Security Why so relatively few critical vulnerabilies? Requires physical access to devices and often extracting firmware from them, as it’s not otherwise readily available
54.
#RSAC Internet of Things – State of Security Since there still isn’t much IoT vulnerability information (yet!) are there lessons learned from regular embedded devices?
55.
#RSAC Internet of Things – State of Security 2016*: *904 2015: 13,995 2014:
13,953 2013: 11,339 2012: 10,544 2011: 7,998 2010: 9,183 2009: 8,194 2008: 9,808 2007: 9,590 Source: VulnDB *YTD January 29th, 2016
56.
#RSAC Internet of Things – State of Security 2016*: *904 2015: 13,995 2014:
13,953 2013: 11,339 2012: 10,544 2011: 7,998 2010: 9,183 2009: 8,194 2008: 9,808 2007: 9,590 Source: VulnDB *YTD January 29th, 2016
57.
#RSAC Internet of Things – TRENDnet
58.
#RSAC Internet of Things – D‐Link
59.
#RSAC Internet of Things – TP‐LINK
60.
#RSAC Internet of Things – Everfocus 21 Vulnerabilities
61.
#RSAC Internet of Things – Everfocus (Code Maturity) Full reports available at: https://www.riskbasedsecurity.com/research/RBS‐2015‐001.pdf https://www.riskbasedsecurity.com/research/RBS‐2015‐002.pdf
62.
#RSAC Internet of Things – Topica IP Cameras (TOP‐788XMP) No CSRF protection whatsoever Allows e.g. rebooting device or creating user accounts http://[IP]/cgibin/reboot.cgi?action=reboot
63.
#RSAC Internet of Things – Topica IP Cameras (TOP‐788XMP) Supports 3 user types: “Viewer”, “Remote Viewer”, and “Administrator” Restricts access to user_management_config.html but not /cgi‐ bin/users.cgi action=add&index=5&username=test&password=test123&privilege=1
64.
#RSAC Internet of Things – Mobile Apps
65.
#RSAC Internet of Things – State of Security Devices are likely affected by many basic vulnerabilities (low code maturity) Mobile apps may not perform proper TLS certificate validation or store data securely If this is the state of their devices and apps, how much do you trust their cloud with your data?
66.
#RSAC Response and Actions!
67.
#RSAC
68.
#RSAC Internet of Things – FTC Fines and Penalities
69.
#RSAC Internet of Things – FTC Fines and Penalities
70.
#RSAC Internet of Things – FTC – TRENDnet Settlement TRENDnet is: prohibited from misrepresenting the security of its cameras required to establish a comprehensive information security program
designed to address security risks that could result in unauthorized access required to obtain third‐party assessments of its security programs every two years for the next 20 years. required to notify customers of security issues and updates available to correct any flaw
71.
#RSAC Internet of Things – FTC Fines and Penalities
72.
#RSAC Internet of Things – FTC Recommendations
73.
#RSAC Internet of Things – Where To Start At Your Org?
74.
#RSAC Internet of Things – Security Needs A Seat!
75.
#RSAC Internet of Things – Find Your IoT! Get an inventory of your current IoT devices Network scanning / mapping ‐
know what software is in use where including IoT devices Look at outgoing web traffic / logs to see what IoT devices are talking outbound Know where risk is in your environment Map and track in existing asset management data / CMDBs Ensure you have proper vulnerability intelligence
76.
#RSAC Internet of Things – Don’t Only Rely On Vuln Scanning Most organizations ONLY use scanners for managing vulnerabilities Many scanners do not even include IoT checks in their products! Even if they did they can’t find some of the issues! Even if they did, it is a much longer Time of Exposure than if you truly know your environment (assets) and map to known vulnerabilities Use scanners as a catch all and to help uncover configuration issues, but know IoT isn’t a focus yet!
77.
#RSAC Internet of Things – Basic Security Foundation! Implement proper network segmentation for all IoT devices where possible Allows for reduction of attack surface Improves incident response ability when devices are clearly indentified
78.
#RSAC Internet of Things – IoT Vendors Accept devices are going to be connected to the Internet and can be easily accessed Plan for this and ensure the proper security is in build into the product Ensure software / firmware can be updated and actually update it! Do NOT allow “forever day” bugs! Plan for updates, limit the use of embedded components where possible Create an easy to use auto‐update features available Educate staff on security issues Train developers on secure development Create a process and figure out how to respond when issues are found/reported Create an Incident Response team and disclosure vulnerabilities
79.
#RSAC Internet of Things – IoT Vendors Implement proper logging and audit history for access and usage Implement access control for the device, including two factor authentication options. Perform source code security audits and product penetration tests Consider creating a bug bounty program to reward reported vulnerabilities in products Understand the 3rd party libraries and code used in the product Select secure libraries from the beginning Monitor for 3rd party vulns and correct.
80.
#RSAC Internet of Things – Actions 1. Start talking with your executives about the issues and ensure you are in the loop to conduct the proper risk assessments. 2.
IoT is already in your network and more is coming very soon! Inventory current IoT and ensure ongoing monitoring 3. Ensure you incorporate your incident response program to include IoT products and vendors. 4. Work with vendors and pick products that demonstrate they care about security!
81.
#RSAC Thank You!
82.
#RSAC Internet of Things – Questions?
83.
SESSION ID: #RSAC Jake Kouns Bring Your Own Internet of Things: BYO‐IoT CSV‐F02 CISO Risk Based Security @jkouns Carsten Eiram Chief Research Officer Risk Based Security @carsteneiram
Download now