SlideShare ist ein Scribd-Unternehmen logo

Protecting IIoT Endpoints - an inside look at the Industrial Internet Security Framework

Als PPTX, PDF herunterladen
team-WIBU
team-WIBU

An attack to an Industrial Internet of Things (IIoT) system typically starts with an attack on one or more endpoints. As defined by the Industrial Internet Consortium (IIC), an endpoint is a component that has an interface for network communication and it can be of various types, including a device endpoint or an endpoint that provides cloud connectivity. Endpoints are the only place in an IIoT system where execution code is stored, started and updated and data is stored, modified or applied. In many cases, an attacker will, therefore, try to access the execution code and attack the weakest point in the devices’ security implementation, then modify or replace the execution code with malicious intent. The IIC has recently presented an endpoint protection/security model and policy in its Industry Internet Security Framework (IISF) document. The technical report is an in-depth cross-industry-focused security framework reflecting thousands of hours of knowledge and experiences from security experts, collected, researched and evaluated for the benefit of all IIoT system deployments.

Technologie
1 von 12
Protecting IIoT Endpoints Industrial Internet Security Forum Thursday, October 6, 2016 Sunnyvale, California, USA Marcellus Buchheit, mabu@wibu.com Wibu-Systems USA Inc.
Overview What is an endpoint? Why endpoint security? Security functions of an endpoint Implementing endpoint security 2
What is an Endpoint? 3 The IIoT Landscape: Where are Endpoints? EP EP EP EP EP EP EP
What is an Endpoint (II)? IISF and IIC defines endpoints similar as ISO/IEC 24791-1:2010 standard does: • An endpoint is one of two components that either implements and exposes an interface to other components or uses the interface of another component. 4 IIC simplified this definition (see IIC Vocabulary, version 2.0): • An endpoint is a component that has an interface for network communication. … but added a note for clarification: • An endpoint can be of various types including device endpoint or an endpoint that provides cloud connectivity. Endpoint 1 Endpoint 2 Communication
What is an Endpoint (III)? 5 The IIoT Landscape: Endpoints are everywhere! EP EP EP EP EP EP EP
What is an Endpoint (IV)? Summary: • Endpoints are everywhere in an IIoT System (including edge and cloud) • One single (security) model for all locations • A single computer, even a device, can have several endpoints • Example Router: One LAN endpoint, one WAN endpoint • Frequently shared code/data between multiple endpoints • Endpoint and its communication are another model 6
Why endpoint security? Endpoints are the only location in an IIoT system where: • Execution code is stored, started and updated • Data is stored, modified or applied (“Data at Rest” / “Data in Use“) • Communication to another endpoint is initiated and protected • Network security is analyzed, configured, monitored and managed 7 Result: An attack to an IIoT system typically starts in attacking one or more endpoints: • Try to access the execution code and analyze to find weak security implementation • Attack weak communication protection via network • Modify or replace (“hijack”) the execution code in a malicious way • ...
IISF Endpoint Protection Model 8
Threats and Vulnerabilities to an IIoT Endpoint 9 1. Hardware components 2/3. Boot process 4. Operating System 5. Hypervisor/Sep. Kernel 6. Non-OS Applications 7. Applications and their API 8. Runtime Environment 9. Containers 10. Deployment 11. Data at Rest, Data in Use 12. Monitoring/Analysis 13. Configuration/Management 14. Security Model/Policy 15. Development Environment
Endpoint security: Solutions • Start with a clean design of the security model and policies • Define endpoint identity, authorization, authentication • How other endpoints see me? What can they do with me? • Define proper data protection model • Integrity and confidentiality, especially of shared data-in-rest but also data-in-use • Define secure hardware, BIOS, roots of trust • Includes lifetime of hardware, BIOS update, consistent root of trust • Select secure OS, hypervisor, programming language • Consider lifetime of (open source?), dynamic of programming language • Consider isolation principles (4 different models explained in IISF) • Plan remote code update and provide code integrity • Security has an unspecific expiration date: needs update • Code integrity prevents malicious remote code-hijacking 10
Endpoint security: Solutions (II) • Plan “beyond the basics” security instantly • Plan security configuration and management • For example: defining, replacing and updating of keys and certificates • User-friendly setting of access rights and authorization • Plan endpoint monitoring and analysis • For example: log all security configuration changes • Log all unexpected remote activity • Provide user-friendly analysis, alerts etc. • Implement “state of the art”: • Have a team of experienced security implementers • Use latest versions of development tools, OS, hypervisors, libraries • Test a lot, including malicious attacks • Prepare and test your first remote update 11
Questions and Answers • Please send your comments and questions to: Marcellus Buchheit, Wibu-Systems USA, mabu@wibu.com 12

Empfohlen

IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security Industrial Internet Consortium
 
How to Lead in IIoT
How to Lead in IIoTHow to Lead in IIoT
How to Lead in IIoTIndustrial Internet Consortium
 
Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT securityIoT613
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
 
IoT security compliance checklist
IoT security compliance checklist IoT security compliance checklist
IoT security compliance checklist PriyaNemade
 
A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks GlobalSign
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...ClicTest
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 

Empfohlen

IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security Industrial Internet Consortium
 
How to Lead in IIoT
How to Lead in IIoTHow to Lead in IIoT
How to Lead in IIoTIndustrial Internet Consortium
 
Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT securityIoT613
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
 
IoT security compliance checklist
IoT security compliance checklist IoT security compliance checklist
IoT security compliance checklist PriyaNemade
 
A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks A History of IIoT Cyber-Attacks
A History of IIoT Cyber-Attacks GlobalSign
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...ClicTest
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 
Intelligent Internet of Things (IIoT): System Architectures and Communications
Intelligent Internet of Things (IIoT): System Architectures and CommunicationsIntelligent Internet of Things (IIoT): System Architectures and Communications
Intelligent Internet of Things (IIoT): System Architectures and CommunicationsRaghu Nandy
 
IoT security
IoT securityIoT security
IoT securityYashKesharwani2
 
Internet of Things Reference Architectures
Internet of Things Reference ArchitecturesInternet of Things Reference Architectures
Internet of Things Reference ArchitecturesSofoklisEfremidisAIT
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issuesAnastasios Economides
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...CableLabs
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of thingssreelekha appakondappagari
 
Chariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_InfosecgirlsChariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_InfosecgirlsVandana Verma
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsMario Drobics
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and ChallengesOWASP Delhi
 
Security of iot device
Security of iot deviceSecurity of iot device
Security of iot deviceMayank Pandey
 
The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesEuropean Union Agency for Network and Information Security (ENISA)
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoTVishnupriya T H
 
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsRisk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsSecureIoT H2020 funded project
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITYThe Avi Sharma
 
IoT Security Challenges
IoT Security ChallengesIoT Security Challenges
IoT Security ChallengesForest Interactive
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing GlobalSign
 
TOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of ThingsTOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of ThingsChromeInfo Technologies
 
Cybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT NetworksCybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT NetworksYokogawa1
 
To Bundle or To Nest? That is the Question
To Bundle or To Nest? That is the QuestionTo Bundle or To Nest? That is the Question
To Bundle or To Nest? That is the Questionteam-WIBU
 
Bündeln oder Schachteln? Das ist hier die Frage
Bündeln oder Schachteln? Das ist hier die FrageBündeln oder Schachteln? Das ist hier die Frage
Bündeln oder Schachteln? Das ist hier die Frageteam-WIBU
 

Weitere ähnliche Inhalte

Was ist angesagt?

Intelligent Internet of Things (IIoT): System Architectures and Communications
Intelligent Internet of Things (IIoT): System Architectures and CommunicationsIntelligent Internet of Things (IIoT): System Architectures and Communications
Intelligent Internet of Things (IIoT): System Architectures and CommunicationsRaghu Nandy
 
Internet of Things Reference Architectures
Internet of Things Reference ArchitecturesInternet of Things Reference Architectures
Internet of Things Reference ArchitecturesSofoklisEfremidisAIT
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...CableLabs
 
Chariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_InfosecgirlsChariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_InfosecgirlsVandana Verma
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsMario Drobics
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and ChallengesOWASP Delhi
 
Security of iot device
Security of iot deviceSecurity of iot device
Security of iot deviceMayank Pandey
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoTVishnupriya T H
 
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsRisk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsSecureIoT H2020 funded project
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITYThe Avi Sharma
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing GlobalSign
 
TOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of ThingsTOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of ThingsChromeInfo Technologies
 
Cybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT NetworksCybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT NetworksYokogawa1
 

Was ist angesagt? (20)

Intelligent Internet of Things (IIoT): System Architectures and Communications
Intelligent Internet of Things (IIoT): System Architectures and CommunicationsIntelligent Internet of Things (IIoT): System Architectures and Communications
Intelligent Internet of Things (IIoT): System Architectures and Communications
 
IoT security
IoT securityIoT security
IoT security
 
Internet of Things Reference Architectures
Internet of Things Reference ArchitecturesInternet of Things Reference Architectures
Internet of Things Reference Architectures
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
 
Chariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_InfosecgirlsChariot generic presentation owaspwia_Infosecgirls
Chariot generic presentation owaspwia_Infosecgirls
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applications
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and Challenges
 
Security of iot device
Security of iot deviceSecurity of iot device
Security of iot device
 
The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security Issues
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoT
 
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsRisk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITY
 
IoT Security Challenges
IoT Security ChallengesIoT Security Challenges
IoT Security Challenges
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing
 
TOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of ThingsTOP 6 Security Challenges of Internet of Things
TOP 6 Security Challenges of Internet of Things
 
Cybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT NetworksCybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT Networks
 

Andere mochten auch

To Bundle or To Nest? That is the Question
To Bundle or To Nest? That is the QuestionTo Bundle or To Nest? That is the Question
To Bundle or To Nest? That is the Questionteam-WIBU
 
Bündeln oder Schachteln? Das ist hier die Frage
Bündeln oder Schachteln? Das ist hier die FrageBündeln oder Schachteln? Das ist hier die Frage
Bündeln oder Schachteln? Das ist hier die Frageteam-WIBU
 
Zertifikate für Authetizität, Authentifizierung oder beides?
Zertifikate für Authetizität, Authentifizierung oder beides?Zertifikate für Authetizität, Authentifizierung oder beides?
Zertifikate für Authetizität, Authentifizierung oder beides?team-WIBU
 
Cybersecurity 2013 - Design for Security
Cybersecurity 2013 - Design for SecurityCybersecurity 2013 - Design for Security
Cybersecurity 2013 - Design for SecurityFraunhofer AISEC
 
OPC UA Security: Native and Add-on Solutions
OPC UA Security: Native and Add-on SolutionsOPC UA Security: Native and Add-on Solutions
OPC UA Security: Native and Add-on Solutionsteam-WIBU
 
Industrial Security Entmystifiziert
Industrial Security EntmystifiziertIndustrial Security Entmystifiziert
Industrial Security Entmystifiziertteam-WIBU
 
Tired of playing exploit kit whack-a-mole? Let's automate
Tired of playing exploit kit whack-a-mole? Let's automateTired of playing exploit kit whack-a-mole? Let's automate
Tired of playing exploit kit whack-a-mole? Let's automateAnjum Ahuja
 
Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Gerardo Pardo-Castellote
 
Introduction & Overview of Internet of Things - IoTMUM
Introduction & Overview of Internet of Things - IoTMUMIntroduction & Overview of Internet of Things - IoTMUM
Introduction & Overview of Internet of Things - IoTMUMSachin Pukale
 
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...CODE BLUE
 
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016jtmelton
 
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...ST_World
 
Linux binary analysis and exploitation
Linux binary analysis and exploitationLinux binary analysis and exploitation
Linux binary analysis and exploitationDharmalingam Ganesan
 
Hunting For Exploit Kits
Hunting For Exploit KitsHunting For Exploit Kits
Hunting For Exploit KitsJoe Desimone
 
MuVM: Higher Order Mutation Analysis Virtual Machine for C
MuVM: Higher Order Mutation Analysis Virtual Machine for CMuVM: Higher Order Mutation Analysis Virtual Machine for C
MuVM: Higher Order Mutation Analysis Virtual Machine for CSusumu Tokumoto
 
IIoT - A data-driven future for manufacturing
IIoT - A data-driven future for manufacturingIIoT - A data-driven future for manufacturing
IIoT - A data-driven future for manufacturingLisa Waddell
 
What is next for IoT and IIoT
What is next for IoT and IIoTWhat is next for IoT and IIoT
What is next for IoT and IIoTAhmed Banafa
 
Whitewood entropy and random numbers - owasp - austin - jan 2017
Whitewood entropy and random numbers - owasp - austin - jan 2017Whitewood entropy and random numbers - owasp - austin - jan 2017
Whitewood entropy and random numbers - owasp - austin - jan 2017WhitewoodOWASP
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsChristopher Frenz
 

Andere mochten auch (20)

To Bundle or To Nest? That is the Question
To Bundle or To Nest? That is the QuestionTo Bundle or To Nest? That is the Question
To Bundle or To Nest? That is the Question
 
Bündeln oder Schachteln? Das ist hier die Frage
Bündeln oder Schachteln? Das ist hier die FrageBündeln oder Schachteln? Das ist hier die Frage
Bündeln oder Schachteln? Das ist hier die Frage
 
Zertifikate für Authetizität, Authentifizierung oder beides?
Zertifikate für Authetizität, Authentifizierung oder beides?Zertifikate für Authetizität, Authentifizierung oder beides?
Zertifikate für Authetizität, Authentifizierung oder beides?
 
Cybersecurity 2013 - Design for Security
Cybersecurity 2013 - Design for SecurityCybersecurity 2013 - Design for Security
Cybersecurity 2013 - Design for Security
 
OPC UA Security: Native and Add-on Solutions
OPC UA Security: Native and Add-on SolutionsOPC UA Security: Native and Add-on Solutions
OPC UA Security: Native and Add-on Solutions
 
Industrial Security Entmystifiziert
Industrial Security EntmystifiziertIndustrial Security Entmystifiziert
Industrial Security Entmystifiziert
 
Tired of playing exploit kit whack-a-mole? Let's automate
Tired of playing exploit kit whack-a-mole? Let's automateTired of playing exploit kit whack-a-mole? Let's automate
Tired of playing exploit kit whack-a-mole? Let's automate
 
Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)
 
Introduction & Overview of Internet of Things - IoTMUM
Introduction & Overview of Internet of Things - IoTMUMIntroduction & Overview of Internet of Things - IoTMUM
Introduction & Overview of Internet of Things - IoTMUM
 
The IoT Hunger Games 2015
The IoT Hunger Games 2015The IoT Hunger Games 2015
The IoT Hunger Games 2015
 
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
[CB16] COFI break – Breaking exploits with Processor trace and Practical cont...
 
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
 
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
 
Linux binary analysis and exploitation
Linux binary analysis and exploitationLinux binary analysis and exploitation
Linux binary analysis and exploitation
 
Hunting For Exploit Kits
Hunting For Exploit KitsHunting For Exploit Kits
Hunting For Exploit Kits
 
MuVM: Higher Order Mutation Analysis Virtual Machine for C
MuVM: Higher Order Mutation Analysis Virtual Machine for CMuVM: Higher Order Mutation Analysis Virtual Machine for C
MuVM: Higher Order Mutation Analysis Virtual Machine for C
 
IIoT - A data-driven future for manufacturing
IIoT - A data-driven future for manufacturingIIoT - A data-driven future for manufacturing
IIoT - A data-driven future for manufacturing
 
What is next for IoT and IIoT
What is next for IoT and IIoTWhat is next for IoT and IIoT
What is next for IoT and IIoT
 
Whitewood entropy and random numbers - owasp - austin - jan 2017
Whitewood entropy and random numbers - owasp - austin - jan 2017Whitewood entropy and random numbers - owasp - austin - jan 2017
Whitewood entropy and random numbers - owasp - austin - jan 2017
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 

Ähnlich wie Protecting IIoT Endpoints - an inside look at the Industrial Internet Security Framework

IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practiceteam-WIBU
 
Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5FRSecure
 
Information Assurance And Security - Chapter 2 - Lesson 4
Information Assurance And Security - Chapter 2 - Lesson 4Information Assurance And Security - Chapter 2 - Lesson 4
Information Assurance And Security - Chapter 2 - Lesson 4MLG College of Learning, Inc
 
Fundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product DevelopmentFundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product DevelopmentMark Szewczul, CISSP
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfibramax
 
Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Adrian Sanabria
 
IBM i Security Best Practices
IBM i Security Best PracticesIBM i Security Best Practices
IBM i Security Best PracticesPrecisely
 
What's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynoteWhat's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynoteMarkDowd13
 
Ruxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration TestingRuxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration Testingeightbit
 
Evaluating iOS Applications
Evaluating iOS ApplicationsEvaluating iOS Applications
Evaluating iOS Applicationsiphonepentest
 
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017FRSecure
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slidesSteve Arnold
 
Tracing The Evolution Open Source & Embedded Systems - Mr. Jayakumar Balasubr...
Tracing The Evolution Open Source & Embedded Systems - Mr. Jayakumar Balasubr...Tracing The Evolution Open Source & Embedded Systems - Mr. Jayakumar Balasubr...
Tracing The Evolution Open Source & Embedded Systems - Mr. Jayakumar Balasubr...Lounge47
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 
SOC-BlueTEam.pdf
SOC-BlueTEam.pdfSOC-BlueTEam.pdf
SOC-BlueTEam.pdfBeratAkit
 
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 

Ähnlich wie Protecting IIoT Endpoints - an inside look at the Industrial Internet Security Framework (20)

IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
 
Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5
 
Information Assurance And Security - Chapter 2 - Lesson 4
Information Assurance And Security - Chapter 2 - Lesson 4Information Assurance And Security - Chapter 2 - Lesson 4
Information Assurance And Security - Chapter 2 - Lesson 4
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
 
Fundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product DevelopmentFundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product Development
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
 
Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017
 
C days2015
C days2015C days2015
C days2015
 
IBM i Security Best Practices
IBM i Security Best PracticesIBM i Security Best Practices
IBM i Security Best Practices
 
What's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynoteWhat's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynote
 
Ruxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration TestingRuxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration Testing
 
Evaluating iOS Applications
Evaluating iOS ApplicationsEvaluating iOS Applications
Evaluating iOS Applications
 
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
 
Tracing The Evolution Open Source & Embedded Systems - Mr. Jayakumar Balasubr...
Tracing The Evolution Open Source & Embedded Systems - Mr. Jayakumar Balasubr...Tracing The Evolution Open Source & Embedded Systems - Mr. Jayakumar Balasubr...
Tracing The Evolution Open Source & Embedded Systems - Mr. Jayakumar Balasubr...
 
Abdulkarim 1 and 2
Abdulkarim 1 and 2Abdulkarim 1 and 2
Abdulkarim 1 and 2
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
SOC-BlueTEam.pdf
SOC-BlueTEam.pdfSOC-BlueTEam.pdf
SOC-BlueTEam.pdf
 
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 

Mehr von team-WIBU

Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Unlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial SecurityUnlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial Securityteam-WIBU
 
The Power of Partnership: Enabling Success Together
The Power of Partnership: Enabling Success TogetherThe Power of Partnership: Enabling Success Together
The Power of Partnership: Enabling Success Togetherteam-WIBU
 
Unleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter BasicsUnleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter Basicsteam-WIBU
 
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für GeschäftskontinuitätKeine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuitätteam-WIBU
 
No Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityNo Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityteam-WIBU
 
Cloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline ScenariosCloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline Scenariosteam-WIBU
 
Optimizing Cloud Licensing: Strategies and Best Practices
Optimizing Cloud Licensing: Strategies and Best PracticesOptimizing Cloud Licensing: Strategies and Best Practices
Optimizing Cloud Licensing: Strategies and Best Practicesteam-WIBU
 
For a Few Licenses More
For a Few Licenses MoreFor a Few Licenses More
For a Few Licenses Moreteam-WIBU
 
App Management on the Edge
App Management on the EdgeApp Management on the Edge
App Management on the Edgeteam-WIBU
 
Protecting and Licensing .NET Applications
Protecting and Licensing .NET ApplicationsProtecting and Licensing .NET Applications
Protecting and Licensing .NET Applicationsteam-WIBU
 
A Bit of License Management Magic
A Bit of License Management MagicA Bit of License Management Magic
A Bit of License Management Magicteam-WIBU
 
The first step is always the most decisive
The first step is always the most decisiveThe first step is always the most decisive
The first step is always the most decisiveteam-WIBU
 
Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...team-WIBU
 
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevicesAuthenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevicesteam-WIBU
 
How and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based LicensesHow and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based Licensesteam-WIBU
 
Serving Up Features-on-Demand for Every Appetite
Serving Up Features-on-Demand for Every AppetiteServing Up Features-on-Demand for Every Appetite
Serving Up Features-on-Demand for Every Appetiteteam-WIBU
 
Security and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptxSecurity and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptxteam-WIBU
 
License Portal - The DIY Solution
License Portal - The DIY SolutionLicense Portal - The DIY Solution
License Portal - The DIY Solutionteam-WIBU
 
Running code in secure hardware or cloud environments
Running code in secure hardware or cloud environmentsRunning code in secure hardware or cloud environments
Running code in secure hardware or cloud environmentsteam-WIBU
 

Mehr von team-WIBU (20)

Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Unlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial SecurityUnlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial Security
 
The Power of Partnership: Enabling Success Together
The Power of Partnership: Enabling Success TogetherThe Power of Partnership: Enabling Success Together
The Power of Partnership: Enabling Success Together
 
Unleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter BasicsUnleash the Power of CodeMeter - CodeMeter Basics
Unleash the Power of CodeMeter - CodeMeter Basics
 
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für GeschäftskontinuitätKeine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
Keine Zeit für Leerlauf – Lizenzverfügbarkeit für Geschäftskontinuität
 
No Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityNo Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuity
 
Cloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline ScenariosCloud-Based Licensing in Offline Scenarios
Cloud-Based Licensing in Offline Scenarios
 
Optimizing Cloud Licensing: Strategies and Best Practices
Optimizing Cloud Licensing: Strategies and Best PracticesOptimizing Cloud Licensing: Strategies and Best Practices
Optimizing Cloud Licensing: Strategies and Best Practices
 
For a Few Licenses More
For a Few Licenses MoreFor a Few Licenses More
For a Few Licenses More
 
App Management on the Edge
App Management on the EdgeApp Management on the Edge
App Management on the Edge
 
Protecting and Licensing .NET Applications
Protecting and Licensing .NET ApplicationsProtecting and Licensing .NET Applications
Protecting and Licensing .NET Applications
 
A Bit of License Management Magic
A Bit of License Management MagicA Bit of License Management Magic
A Bit of License Management Magic
 
The first step is always the most decisive
The first step is always the most decisiveThe first step is always the most decisive
The first step is always the most decisive
 
Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...Protection and monetization of 3D printed objects in the spare parts business...
Protection and monetization of 3D printed objects in the spare parts business...
 
Authenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevicesAuthenticate and authorize your IIoTdevices
Authenticate and authorize your IIoTdevices
 
How and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based LicensesHow and Why to Create and Sell Consumption-Based Licenses
How and Why to Create and Sell Consumption-Based Licenses
 
Serving Up Features-on-Demand for Every Appetite
Serving Up Features-on-Demand for Every AppetiteServing Up Features-on-Demand for Every Appetite
Serving Up Features-on-Demand for Every Appetite
 
Security and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptxSecurity and Protection for Machine Learning.pptx
Security and Protection for Machine Learning.pptx
 
License Portal - The DIY Solution
License Portal - The DIY SolutionLicense Portal - The DIY Solution
License Portal - The DIY Solution
 
Running code in secure hardware or cloud environments
Running code in secure hardware or cloud environmentsRunning code in secure hardware or cloud environments
Running code in secure hardware or cloud environments
 

Kürzlich hochgeladen

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 

Kürzlich hochgeladen (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 

Protecting IIoT Endpoints - an inside look at the Industrial Internet Security Framework

  • 1. Protecting IIoT Endpoints Industrial Internet Security Forum Thursday, October 6, 2016 Sunnyvale, California, USA Marcellus Buchheit, mabu@wibu.com Wibu-Systems USA Inc.
  • 2. Overview What is an endpoint? Why endpoint security? Security functions of an endpoint Implementing endpoint security 2
  • 3. What is an Endpoint? 3 The IIoT Landscape: Where are Endpoints? EP EP EP EP EP EP EP
  • 4. What is an Endpoint (II)? IISF and IIC defines endpoints similar as ISO/IEC 24791-1:2010 standard does: • An endpoint is one of two components that either implements and exposes an interface to other components or uses the interface of another component. 4 IIC simplified this definition (see IIC Vocabulary, version 2.0): • An endpoint is a component that has an interface for network communication. … but added a note for clarification: • An endpoint can be of various types including device endpoint or an endpoint that provides cloud connectivity. Endpoint 1 Endpoint 2 Communication
  • 5. What is an Endpoint (III)? 5 The IIoT Landscape: Endpoints are everywhere! EP EP EP EP EP EP EP
  • 6. What is an Endpoint (IV)? Summary: • Endpoints are everywhere in an IIoT System (including edge and cloud) • One single (security) model for all locations • A single computer, even a device, can have several endpoints • Example Router: One LAN endpoint, one WAN endpoint • Frequently shared code/data between multiple endpoints • Endpoint and its communication are another model 6
  • 7. Why endpoint security? Endpoints are the only location in an IIoT system where: • Execution code is stored, started and updated • Data is stored, modified or applied (“Data at Rest” / “Data in Use“) • Communication to another endpoint is initiated and protected • Network security is analyzed, configured, monitored and managed 7 Result: An attack to an IIoT system typically starts in attacking one or more endpoints: • Try to access the execution code and analyze to find weak security implementation • Attack weak communication protection via network • Modify or replace (“hijack”) the execution code in a malicious way • ...
  • 9. Threats and Vulnerabilities to an IIoT Endpoint 9 1. Hardware components 2/3. Boot process 4. Operating System 5. Hypervisor/Sep. Kernel 6. Non-OS Applications 7. Applications and their API 8. Runtime Environment 9. Containers 10. Deployment 11. Data at Rest, Data in Use 12. Monitoring/Analysis 13. Configuration/Management 14. Security Model/Policy 15. Development Environment
  • 10. Endpoint security: Solutions • Start with a clean design of the security model and policies • Define endpoint identity, authorization, authentication • How other endpoints see me? What can they do with me? • Define proper data protection model • Integrity and confidentiality, especially of shared data-in-rest but also data-in-use • Define secure hardware, BIOS, roots of trust • Includes lifetime of hardware, BIOS update, consistent root of trust • Select secure OS, hypervisor, programming language • Consider lifetime of (open source?), dynamic of programming language • Consider isolation principles (4 different models explained in IISF) • Plan remote code update and provide code integrity • Security has an unspecific expiration date: needs update • Code integrity prevents malicious remote code-hijacking 10
  • 11. Endpoint security: Solutions (II) • Plan “beyond the basics” security instantly • Plan security configuration and management • For example: defining, replacing and updating of keys and certificates • User-friendly setting of access rights and authorization • Plan endpoint monitoring and analysis • For example: log all security configuration changes • Log all unexpected remote activity • Provide user-friendly analysis, alerts etc. • Implement “state of the art”: • Have a team of experienced security implementers • Use latest versions of development tools, OS, hypervisors, libraries • Test a lot, including malicious attacks • Prepare and test your first remote update 11
  • 12. Questions and Answers • Please send your comments and questions to: Marcellus Buchheit, Wibu-Systems USA, mabu@wibu.com 12