Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

0

Share

Download to read offline

"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016

Download to read offline

Verimatrix SVP of Marketing Steve Christian examines the security vulnerabilities that device and systems vendors become susceptible to as they aggregate and analyze sensitive customer data. His presentation underscores the importance of determining whether or not the expertise, data capture capabilities and computing infrastructures they have available in-house are agile and scalable enough to not only uncover and use detailed customer behavior, but also keep abreast of regulatory and legal data privacy regulations, which vary county-by-country.

  • Be the first to like this

"IoT Security - Make vs Buy?" - IoT Data Analytics & Visualization Summit 2016

  1. 1. IoT Security Make vs Buy? Feb 2016
  2. 2. They Tell Us IoT Will be BIG! Copyright © 2016 Verimatrix, Inc.2
  3. 3. Opportunity vs Threat Technical exposure Business risk Customer confidence Regulatory compliance Copyright © 2016 Verimatrix, Inc.3
  4. 4. More Connectivity >>> More Threat Surfaces Device control Reprogramming Man in middle • Intercepting communication • Alter communication • Pretend to be a different player Jamming / Blocking Replay Cloning Monitoring Data theft Copyright © 2016 Verimatrix, Inc.4
  5. 5. Attacker Incentive Research Hacktivist Economic – Exploits or Crime Terrorism Cyber warfare Copyright © 2016 Verimatrix, Inc.5
  6. 6. Attacks: SOHO examples Copyright © 2016 Verimatrix, Inc. FAIL: Management backdoors FAIL: Password vulnerabilities FAIL: Update verification https://www.sohopelesslybroken.com/news.html 6
  7. 7. Attacks: Samsung Fridge Copyright © 2016 Verimatrix, Inc. FAIL: test validity of SSL certificate Threat: Neighbor stealing gmail credentials http://www.theregister.co.uk/2015/08/24/smart_fridge_security_fubar/ 7
  8. 8. Attacks: Vizio TV Copyright © 2016 Verimatrix, Inc. FAIL: test validity of SSL certificate Threat: Impact on privacy Awareness: 6th link http://arstechnica.com/security/2015/11/man-in-the-middle-attack-on-vizio-tvs-coughs-up-owners-viewing-habits/ 8
  9. 9. Attacks: Baby Monitor Copyright © 2016 Verimatrix, Inc. Baby monitor weaknesses overview: http://fusion.net/story/192189/internet-connected-baby-monitors-trivial-to-hack/ Threat: someone close by listening to you baby. 9
  10. 10. Attacks: Hue Light Bulb Copyright © 2016 Verimatrix, Inc. Fail: Securing Token Threat Control light – remotely http://www.dhanjani.com/blog/2013/08/hacking-lightbulbs.html 10
  11. 11. Attacks: Smart Meter Copyright © 2016 Verimatrix, Inc. Open protocol / credentials Threat: Smart meter data provides info on • Appliance: HDR TV • Occupancy and schedule From: Smart Meter Data: Privacy and Cybersecurity Congressional Research Service R42338 11
  12. 12. Attacks: Jeep Copyright © 2016 Verimatrix, Inc. FAIL: No segmentation FAIL: No OTA update http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ Threat: Loosing control in a driving car 12
  13. 13. Copyright © 2016 Verimatrix, Inc. Attacks: Cloud 13 …and many others such as Sony
  14. 14. IoT Security Snapshot Copyright © 2016 Verimatrix, Inc.14 Device Hardware Security Secure Device Update Secure IP Communications Data Management and Integrity Threat monitoring & response TPM (Trusted Platform Module) and SE (Secure Element)Used to harden software based security solutions in a layered security approach secure storage secure boot Leverages security credentials and signature process to enable a trusted services for full or modular software update Leverages security credentials to provide authenticated client comms end point and connection oriented or connectionless secure communications framework Activity tracking, Signature analysis, flagging threats and orchestrating response Data aggregation, access control and auditing Policy compliance, regulatory compliance
  15. 15. IoT Vertical Markets – Generic Challenges Copyright © 2016 Verimatrix, Inc. Cloud data integrity and compliance Threat monitoring And response Secure device communications Secure device update Device integrity Credential mgmnt Smart Home Automotive mHealth Smart Cities Industrial 15
  16. 16. Copyright © 2016 Verimatrix, Inc. Who Would You Trust? Not just for Christmas - typical lifetime tasks • Device credential management • Secure software update • Trusted secure IP communications – TCP, UDP, unicast, multicast • Device threat monitoring • Threat reporting/aggregation/alerting • Data curation - secure repository with regulatory and policy compliance Few in the industry with a broad, long term track record 16
  17. 17. Copyright © 2016 Verimatrix, Inc. Summary 17 Threat surface of connected systems is extensive The security challenge exists over the lifetime of the application How do you combine innovation and system integrity
  18. 18. Discussion info@verimatrix.com Copyright © 2016 Verimatrix, Inc.

Verimatrix SVP of Marketing Steve Christian examines the security vulnerabilities that device and systems vendors become susceptible to as they aggregate and analyze sensitive customer data. His presentation underscores the importance of determining whether or not the expertise, data capture capabilities and computing infrastructures they have available in-house are agile and scalable enough to not only uncover and use detailed customer behavior, but also keep abreast of regulatory and legal data privacy regulations, which vary county-by-country.

Views

Total views

651

On Slideshare

0

From embeds

0

Number of embeds

27

Actions

Downloads

12

Shares

0

Comments

0

Likes

0

×