Cisco launches IoT Threat Defense
Cisco has launched its Internet of Things (IoT) Threat Defense solution in an effort to mitigate and solve common security issues threatening the deployment and operation of IoT devices.
According to Cisco Product Marketing Industry Solutions manager Marc Blackmer, many vendors and companies don't see IoT devices as security threats, with Cisco additionally having to combat the stripping out of security mechanisms from IoT devices in order to keep them low cost to ensure profitability.
"These devices are new to security, meaning the vendors are new in a lot of cases, so what happens is they tend to think, 'Why would anyone attack this?'," Blackmer explained during Cisco Live Las Vegas.
"For us on the security side, we see them as avenues into the network. So whether it's propagating malware, or whether it's a targeted attack, they're just not dealing with it."
Announced in March and launched at Cisco Live this week, the IoT Threat Defense suite includes network segmentation through Cisco TrustSec; cloud security using Cisco Umbrella; malware protection via Cisco AMP; a firewall using Cicso's Firepower NGFW; network behaviour analytics through Cisco Stealthwatch; device visibility through Cisco ISE; and remote access through Cisco AnyConnect.
"It's a validated architecture combining certain technologies and services to help our customers defend themselves against IoT-based threats," Blackmer said, with the first step being to segment devices so that they're not susceptible to an attack -- and, if they are attacked, they don't then spread that attack to further network components.
Cisco IoT CTO Shaun Cooley explained that the IoT Threat Defense suite is enabled by Cisco's newly unveiled network intuitive, which has combined many of the technologies Cisco has been working towards for the past few years: Software-defined networking, software-defined access, network function virtualisation, APIs, and intelligent WAN capabilities.
"We're really bringing all of these together into this intelligent network intuitive, and when you're using all of those technologies to make these devices easier to deploy and secure," Cooley said.
"On the network side, we're really talking about infinite scalability and automated network orchestration, network-provided device security ... a lot of these devices are too small to protect themselves, and we're getting better, the processors are getting cheaper and stronger so there's more capabilities on the things. But there's 8.4 billion things deployed already today that were potentially deployed with very, very small, sub-50-cent processors inside them."
Such network automation coupled with an improvement of device certification would ensure that IoT devices are segmented, and connected only to the components of the network they require for functionality, rather than to an entire network as is the process today, Cooley added.
"The network can automatically reconfigure this to create very small network segments or what we call micro segments, or micro segmentation, and they can control all of the access ... to allow just the particular ports that those policies indicated they're interested in using," he said.
"In doing this, those [devices] no longer have access to parts of the network that they don't need access to, like the work stations, and servers, and the phone systems, and point-of-sale systems -- and similarly all of those systems don't have access to the [devices]."
As many of these devices don't have the power to protect themselves, Cooley said network-side security must also be emphasised, along with improving processors, enforcing the better labelling of devices such as the "nutritional-style labelling" on IoT devices in Germany, and requiring a notification and approval process for when devices initially connect to parts of a network.
"On the things side, this is about certifying things, so getting partners with device agents and strong device identities, autonomous onboarding through a device that can define and describe its intent upon the network," Cooley said.
Cisco has so far partnered with ARM, Qualcomm, and Rockwell Automation on this, with more partners to be announced in the coming months.
"To bring the whole industry together, to really change the way that the things and the network interact, in order to make this easier to deploy and secure is obviously something that's very important to Cisco," Cooley said.
With 25 billion devices expected to be connected to the internet within three years, and approximately 374 new devices per second coming onto the network between 2020 and 2025, Cooley also said that IT workers will need to be responsible for increasing numbers of devices in order to prevent organisations from having to employ tens of thousands of additional staff members.
"One IT person should be able to handle a million or more devices on the network by themselves," he said, adding that Cisco's automated network will help enable IT managers to look after these devices and segmentation.
"As you scale up to millions and millions of devices, it becomes really difficult to manage all of those edges as a human, the edges between your different micro-segments and how they're allowed to communicate and interact with each other, and the rules for where those segments are allowed to reach out to the cloud."
Cisco Jasper's new Control Center 7.0 was also announced during Cisco Live, which will similarly include advanced features for security, automation, and analytics; threat detection and security services built on Cisco's Umbrella platform; and segmentation for different types of traffic.
Disclosure: Corinne Reichert travelled to Cisco Live in Las Vegas as a guest of Cisco