Cyber Defense eMagazine December 2019

More documents

Recommendations

Info

47 Visibility and Anomaly Detection in The Age of Iot By Craig Sanderson, Senior Director of Security Products at Infoblox Historically, organizations have struggled to gain visibility of what users, devices and applications are accessing their network infrastructure. If the maxim “you can’t protect what you can’t see” holds true, then the prospect of the Internet of Things (IoT) business transition which will result in billions of devices connecting to IP networks is a nightmare in waiting. Identification and classification of IoT devices is particularly problematic because the range of new device types leveraging the IP network is going to explode making it harder for IT security teams to manage and control policies that protect these new devices from themselves and the existing IP connected services. Beyond controlling accessing and setting policy, IoT also presents a sizable headache when it comes to detecting breaches and enabling effective response. The plethora of protocols that IoT devices will leverage, spanning a broad range of vertical industries from Healthcare to Retail will make it hard for traditional security platforms to detect breaches. Malware sandboxes whose expertise is identifying abuse of well-known operating systems such as Windows servers will have a steep learning curve to apply the same detection for the bespoke applications running on proprietary software platforms. Instead organizations will have to rely heavily on secure IoT endpoint platforms to try and reduce the potential attack surface area. Surely there must be a
48 simpler way to approach these problems. A common denominator that can cope with the breadth of platforms and devices that IoT will present. That common denominator could well be an infrastructure that is already prevalent across all IP networks, whether they be corporate network, public clouds, next generation data centers and even the Internet. That infrastructure would be the DHCP, DNS and IP address management (DDI) infrastructure which for the past 30 years has provided internet scale to all IP connected devices. How could this ubiquitous infrastructure be applied to the address the challenges of IoT? Device Identification and Classification Starting with device identification and classification. IP connected IoT devices are going to require an IP address. If the addresses are statically provisioned, organizations will need an IP address management platform to manage the IP address space, even more so given the dramatic increase in consumption of addresses. Even if the devices are going to use IPv6 where address space is not constrained, managing and tracking those addresses is an important operational need. Similarly, if the devices obtain their addresses dynamically, they will still need a DHCP (Dynamic Host Configuration Protocol) server to provide those addresses. In either case the centralized platforms that manage the IP address space will have a comprehensive view of what devices are on the network. More so, through the static address management process there is the opportunity to classify the device at the moment of provisioning. In the case of DHCP, the DHCP request from the IoT device provides a fingerprint that would enable the DHCP server to classify what devices is requesting an address. There does not seem to be any better common way to identify and classify the broad range of IoT devices than with an IP address management and DHCP platform. Threat Detection In the case of threat detection there is an advantage to protecting devices over users. Anomaly detection for users is difficult because it’s hard to predict what a user’s normal behaviour is. Machines on the other hand tend to be far more predictable which means anomaly detection could be a fruitful way of identifying compromised machines. One common means of applying anomaly detection across the breadth of IoT devices would be to leverage their DNS activity. Since statically configuring applications and services is impractical and not scalable, most IoT devices will leverage DNS to dynamically locate the services and platforms it needs to interact with. DNS provides that flexibility enabling services to be re-located between networks whilst maintaining a common point of reference: the fully qualified domain. On this premise, it’s possible to monitor and model the services the IoT device seeks to communicate with. If for example there is an IoT thermostat made by a manufacturer in Germany, it may communicate back to the manufacturer for software updates, leveraging DNS to resolve the address of the update server in Germany. DNS servers could model that behaviour and if the device began to deviate from its typical pattern of behaviour, perhaps by attempting to resolve
Page 1 and 2: 1 8 Most Common Cybersecurity Mista
Page 3 and 4: 2
Page 5 and 6: 4 The Internet Got Safer In 2019: A
Page 7 and 8: @CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 9 and 10: 8
Page 11 and 12: 10
Page 13 and 14: 12
Page 15 and 16: 14
Page 17 and 18: 16
Page 19 and 20: 18
Page 21 and 22: 20 8 Most Common Cybersecurity Mist
Page 23 and 24: 22 You can prevent (or decrease) th
Page 25 and 26: 24 While it’s not feasible to res
Page 27 and 28: 26 The major difference is the addi
Page 29 and 30: 28 Oh, my! PerCSoft’s Irony By Ch
Page 31 and 32: 30 • Conduct cybersecurity traini
Page 33 and 34: 32 Persistent Cybersecurity Industr
Page 35 and 36: 34 Automation is welcome and seen a
Page 37 and 38: 36 Protecting Against Modern Cybera
Page 39 and 40: 38 Conclusion Unfortunately, no tec
Page 41 and 42: 40 For 2020 The Death of Traditiona
Page 43 and 44: 42 The Next Five Years The End of E
Page 45 and 46: 44 Government Agencies Are Prime Ta
Page 47: 46 It’s a basic fact of contempor
Page 51 and 52: 50 Why Outsmart Cyber Attackers Whe
Page 53 and 54: 52 Depending on how you look at it,
Page 55 and 56: 54 devices. Russian actors can extr
Page 57 and 58: 56 How to Become a Cybersecurity Sl
Page 59 and 60: 58 industry. Perform online searche
Page 61 and 62: 60 The Security Challenges of Robot
Page 63 and 64: 62 The typical approach in providin
Page 65 and 66: 64 The Blockchain And Wireless Tech
Page 67 and 68: 66 systems. As is quite well-known,
Page 69 and 70: 68 Benefits of Having an SSL Certif
Page 71 and 72: 70 Google has made SSL compulsory s
Page 73 and 74: 72 This year, privacy and security
Page 75 and 76: 74 The Perspectives Of The 5th Indu
Page 77 and 78: 76 The balance between offense and
Page 79 and 80: 78 The Rise of Cybercrime-As-A-Serv
Page 81 and 82: 80 About the Author Mark Belgrove i
Page 83 and 84: 82 the conflict. Practically, it’
Page 85 and 86: 84 fact is something that would see
Page 87 and 88: 86 Furthermore, Tessian in 2019 del
Page 89 and 90: 88 Automatic for The SOC People How
Page 91 and 92: 90 Allows Transparency and Drive Le
Page 93 and 94: 92 Only large enterprises can benef
Page 95 and 96: 94 The Growing Costs of Cyber Attac
Page 97 and 98: 96 After suffering a cyber attack m
Page 99 and 100:
98 Some of the most damaging Inside
Page 101 and 102:
100 Out-Smarting the Cybersecurity
Page 103 and 104:
102 Empower Other Teams Network and
Page 105 and 106:
104 New Security Report Highlights
Page 107 and 108:
106 The Threat Lab team also analyz
Page 109 and 110:
108 Drive, AWS, Office 365, etc. It
Page 111 and 112:
110 former governor, this bill also
Page 113 and 114:
112 I mean, if you want to be able
Page 115 and 116:
114 Is It Safe to Connect to Public
Page 117 and 118:
116 5. Safe Browsing Additional dil
Page 119 and 120:
118 flawed method in which Evernote
Page 121 and 122:
120 Really, Imagine a Day Without W
Page 123 and 124:
122
Page 125 and 126:
124
Page 127 and 128:
126
Page 129 and 130:
128
Page 131 and 132:
130
Page 133 and 134:
132
Page 135 and 136:
134
Page 137 and 138:
136
Page 139 and 140:
138 Meet Our Publisher: Gary S. Mil
Page 141 and 142:
140 Free Monthly Cyber Defense eMag
Page 143 and 144:
142
Page 145 and 146:
144
Page 147 and 148:
146 Nearly 8 Years in The Making…
Page 149 and 150:
148
Page 151:
150
show all

Cyber Defense eMagazine December 2019

Create successful ePaper yourself

Delete template?

Save as template?