RoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrust

21/11/19 h15,30
FONTANAFREDDA
FICO BOLOGNA
Agenda:
Ore 16.00 – Introduzione e moderazione
di Gabriele D’Angelo – Researcher & Professor @ Unibo
Parteciperanno alla tavola rotonda:
Valerio Dalla Casa – ICT Security Manager @ VM Sistemi
Giulia Caliari – Security Architect @ IBM
Massimo Lucarelli – Senior Sales Engineer @ Bitdefender
Alessandro Cecchetti – General Manager @ Colin & Partners
Mario Anglani – Founder @ HackInBo
Andrea Biondo – Capitano Nazionale Italiana
Cyber Defender
Ore 18.00 – Chiusura lavori e aperitivo di networking
con la degustazione di prodotti
di qualità del territorio.
RoundTable: da Industria 4.0 a GDPR
#ICTSecurity #ZeroTrust
Il punto della situazione sulla protezione dei dati e della produttività aziendale:
stakeholder dell’ICT Security a confronto.

Gabriele D’Angelo
Researcher & Professor
@ Unibo
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust

#ZeroTrust
(in Humans)
Gabriele D’Angelo <g.dangelo@unibo.it>

Cyber vs. Physical

Difesa del Perimetro: Evoluzione

La Caduta del Perimetro

(post) Industria 4.0

Advanced Persistent Threat (APT)

L’Umano al Centro

Sempre gli Stessi Problemi

La Mia Banca è Differente!

Programmare = Sbagliare

Soluzione?

Soluzione

Valerio Dalla Casa
ICT Security Manager
@ VM Sistemi

19
Operational Technology è l’insieme dei sistemi di
monitoraggio e di controllo di processi fisici,
dispositivi ed infrastrutture aziendali.
Che cosa è
l’Operational Technology (OT)?

20
l’Operational Technology (OT)
utilizzata dove?
Monitorare, Controllare ed Attuare Automazione Industriale

21
l’OT che converge verso l’IT
Prima l’OT…
• Era Disconnesso dall’IT
• Utilizzava protocolli proprietari
• Utilizzava sistemi di cablaggio
proprietari
• Utilizzava HW e SW proprietari
• Erano solitamente sistemi dimenticati
Ora l’OT…
• È Incorporato nel network aziendale
• Utilizza protocolli Internet
• È in crescita l’utilizzo di tecnologia
wireless standard
• È in crescita l’utilizzo di HW general
purpose e sistemi operativi
molto diffusi
• È Un crescente target del cybercrime

22
La differenza tra l’IT e OT
Requisiti Real-Time
Disponibilità
Ciclo di vita dei dispositivi
Aggiornamenti
Maturo
Ritardi accettati
Ritardi accettati
Regolari e schedulati
4/5 anni
Schedulati e mandatori
Molto Alta
Aspetto necessario e critico
Oltre 20 anni
Poco frequente
Occasionali
In crescita
Test sicurezza/audit
Sicurezza

23
Security Fabric Overview
OT Solution

L’approccio Fortinet alla Sicurezza OT
24
Enterprise Zone
DMZ
Operation & Control
Control Zone

Fortiguard Industial
25
Isolamento dei singoli
device all’interno
delle stesse subnet

Gestione Access Point integrata
all’interno della dashboard del firewall
26
• SSID Singola
• Multiple PSK (MPSK)
• Segmentazione rete per device
• Vlan policy o device policy
• Autenticazione Radius
• Autenticazione MAC
• Dynamic Vlan allocation

Fortiguard Industial DB
27
IPS e
Application
control su
protocolli
industriali

Use Case – Necessità:
28
IT
CDL 1 Network CDL 2 Network
1) Integrazione OT con IT per
elaborazioni dati, monitoraggio,
manutenzione ecc..
2) Messa in sicurezza centri
di lavoro
3) Livelli di sicurezza maggiori per
centri di lavoro specifici
4) Unico SSID per il mondo OT
5) Gestione automatica
degli incidenti di sicurezza

29
1) Collegamento al mondo IT tramite FW
dedicato alla gestione dell’infrastruttura OT
2) Separazione network centri di lavoro tramite
VLAN gestite centralmente da OT FW
3) Separazione singoli device all’interno del
CDL1 tramite policy di device isolation
gestite da OT FW
4) Unico SSID per l’ OT ed autenticazione
tramite MAC address gestita dal NAC.
5) FortiAnalyzer con IoC
e integrazione con la Fabric
Fortinet per isolamento
device compromessi
OT FW
FortiNAC FortiAnalyzer
Security Fabric
CDL 2 Network
Device isolation con Intraswitch policy
CDL 1 Network
IT
Soluzioni

30
Automazione della messa in quarantena di device che presentano
Anomalie o tracce di comportamenti malevoli
OT FWFortiNAC FortiAnalyzer
CDL 1 Network
OT FWFortiNAC FortiAnalyzer
CDL 1 Network

Giulia Caliari
Security Architect
@ IBM

Massimo Lucarelli
Senior Sales Engineer
@ Bitdefender

Non è possibile visualizzare l'immagine.
A GLOBAL SECURITY-TECHNOLOGY CO.
Founded in 2001
1,600+ employees …
800 in R&D /
engineering
Enterprise HQ in Silicon
Valley (Santa Clara,
California)
Enterprise business
growing 92%+ year-
over-year
Operates world’s largest
security-delivery
infrastructure

Estimated 38% of global cyber security solutions use Bitdefender software in some form.
500 Million
Endpoints Protected
150 Countries
WORLD’S LARGEST SECURITY-DELIVERY INFRASTRUCTURE
More than 150 OEM partnerships

BITDEFENDER
GRAVITYZONE
Single Agent
Single Console
All Endpoints
END-USER DEVICES
DATACENTER & CLOUD
Public, Private &
Hybrid Cloud
Software-Defined &
Hyperconverged
Infrastructure
Servers
(physical)
Virtual Desktops
(VDI / DaaS)
Mobile
Laptops &
Workstations
(physical)
AN INTEGRATED ENTERPRISE-SECURITY PLATFORM

Single
Modular
Agent
INTEGRATED LAYERED NEXT-GEN EPP AND EDR PLATFORM
Next-Gen EPP
EDR
Sandbox
Patch
Management
ERA
Full-Disk
Encryption

47
GravityZone
Prevention, Detection, Response and Risk Analytics
REPORTING AND INTEGRATION
DETECTION AND RESPONSE
PREVENTION
RISK ANALYTICS and
HARDENING Encryption Web Threat Protection Application Control Device ControlPatch Management
Endpoint Risk
Analytics
Powershell Script Protection Local & Cloud Machine Learning HyperDetect Sandbox Analyzer Firewall
Machine
Learning
Dashboards & Reports Notifications SIEM Integration API Support
IoC Lookup Blocklist Network Isolation Sandbox Detonation Visualization
Access Blocking Quarantine Disinfection & RemovalProcess Termination Rollback
Exploit Mitigation Process Inspector Event Recorder Threat Analytics
Managed EDR and MDR

HYPERDETECT – TUNABLE MACHINE LEARNING
Protects from:
• Ransomware
• Exploits
• Fileless attacks
• Script-based attacks
Provides maximum
detection accuracy
without false positives
Delivers full visibility
into suspicious
activities
Set the detection-aggressiveness level…
…to counter relevant threats
Gain full visibility and enable automatic action

Advanced detection and
response shows precisely
how a potential threat
works and its context in
your environment.
MITRE attack techniques
and indicators of
compromise provide up to
the minute insight into
named threats and other
malware that may be
involved.
Easy to understand visual
guides highlight critical
attack paths, easing
burdens on IT staff.
EDR workflow and visualization

SANDBOX ANALYZER
Uses machine learning and behavioral
analysis to assess suspicious files
Runs in blocking or monitoring mode
Provides a verdict in near-real-time
and takes policy-based remediation
action
Delivers in-depth reporting on malware
behavior
Protects against:
• Advanced targeted
attacks
• Custom malware
• Unknown packers

GravityZone Endpoint Risk Analytics
Enterprise-Wide Risk Dashboard
View prioritized risks across the
Enterprise (1240 Disabled Firewalls)
See the highest priority
endpoints by Risk Score
View Risks by endpoint
and automatically fix
specific misconfigurations

Helps improve security posture by expediently
discovering and eliminating vulnerabilities
Provides the widest range of security- and non-
security patches for operating systems, third-
party applications and golden images
Covers Windows-based physical, virtual on-
prem and cloud-based endpoints and servers
Is deployed and managed from the GravityZone
console and integrated into its agent
INTEGRATED PATCH MANAGEMENT

Full-disk encryption
 Leverages native Windows BitLocker and Mac OS FileVault
encryption to ensure compatibility and performance
 Is fully integrated into the GravityZone Control Center for
centralized deployment, management and key recovery
 Requires no additional agent to deploy or key management
server to install
 Delivers encryption-specific reports to help prove compliance
 Supports pre-boot authentication enforcement

GRAVITYZONE SECURITY FOR HYBRID & MULTI-CLOUD ENVIRONMENTS

• SEE WHAT OTHERS CAN’T
WITH LIVE HYPERVISOR
MEMORY INTROSPECTION
Protection against advanced persistent threats
Isolated and impossible to compromise
Truly agentless
No impact on consolidation ratios
Deploys in minutes
Supports any EPP
BITDEFENDER HYPERVISOR INTROSPECTION
A REVOLUTION IN DATACENTER SECURITY

Global Protective Network Threat Intelligence System
Bitdefender Cyberlabs and the Global Protective Network
• 77M+ malicious URLs
• 1PB+ of known files
• 3M+ threat samples
processed/day
Classification and Analysis Transforms data
in into Technical Threat Intelligence (IOCs).
Use AI/ML models, Event Correlation,
automated IOC creation tools
Global
Protective
Network
Telemetry from 500M
Bitdefender Customers
Honeypot Infrastructure
Dark Web monitoring
Web crawlers
Customer submissions
IoT focused Honeypots
Blogs, News, Social Media
monitoring
SPAM feeds
Telemetry from 500M
Bitdefender Customers
Honeypot Infrastructure
Dark Web monitoring
Web crawlers
Customer submissions
IoT focused Honeypots
Blogs, News, Social Media
monitoring
SPAM feeds
Classification and Analysis Transforms data
in into Technical Threat Intelligence (IOCs).
Use AI/ML models, Event Correlation,
automated IOC creation tools
Data
Clustering
Machine
Learning engines
used to group by
feature
Advanced
Sandboxing
Records
complete
malware
behavior
Object features
extraction
Extract over
80,000 features
and behaviors
Network
Threat
Inspection
Stream based
machine
learning engine
Object
Reputation
Billions of known
file hashes used
for whitelisting
Event
Correlation,
IOC Creation
Identify
malicious
content across
multiple engines

Alessandro Cecchetti
General Manager
@ Colin & Partners

Mario Anglani
Founder
@ HackInBo

Andrea Biondo
Capitano Nazionale
Italiana Cyber Defender

Team Italy & mhackeroni
Andrea Biondo
2019-11-21

About me
● MSc student in CS @ UniPd
● Security researcher (academia / industry)
○ Memory corruption (esp. browsers)
○ Reverse engineering / code analysis
○ Exploit mitigations
● Capture The Flag player
○ 4 years with spritzers/NoPwnIntended
○ 2 years with mhackeroni
○ 2 years with Team Italy

What are CTFs?
● Set of vulnerable challenges in various categories
○ Binary, web, cryptography, forensics, reversing, …
● Each challenge holds a flag
○ FLAG{this_is_a_flag}
● Hack the challenge to get the flag

Styles of CTFs
● Jeopardy
○ Hack the challenge, get the flag
● Attack/defense
○ Each team hosts a server with the same vulnerable services
○ Teams attack and defend against each other
○ Flags change every “tick” (few minutes)
○ Points for availability (“SLA”)

mhackeroni
● Born in 2018 for competing at DEF CON CTF
○ Most prestigious A/D hacking competition in the world
● Coalition of some of the best italian teams
○ ~50 persons
= + + + +

Arena Suite

DEF CON CTF 2018, Las Vegas

DEF CON CTF 2019, Las Vegas

HITB PRO CTF 2019, Abu Dhabi

Team Italy
● “Nazionale Italiana Cyberdefender”
○ 10 persons
○ Some also from mhackeroni
● Supported by the government
● Selected (partially) from CyberChallenge.IT
○ Intensive 3-month cybersecurity training for high-school/university students
● One competition: European Cybersecurity Challenge (ECSC)
○ Each participating European country sends a team

ECSC 2017, Malaga

ECSC 2018, London

ECSC 2019, Bucharest

Why?
● A lot of fun, but also a great way of learning
○ We are integrating CTFs in university education
○ Some tech companies (e.g., Google, Facebook) do it too
● Compared to the real world:
○ Less attack surface and exploit polishing
○ Complex, state-of-the-art vulnerabilities and exploitation techniques
https://ctftime.org/

Fine
Grazie a tutti
per l’attenzione

RoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrust

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie RoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrust

Ähnlich wie RoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrust (20)

Mehr von Talea Consulting Srl

Mehr von Talea Consulting Srl (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

RoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrust