25 Jahre IT-Security:

Transkript

1 25 Jahre IT-Security: Ein Status Quo Bericht Udo H. Kalinna Geschäftsführer/CEO und Gründer IFASEC GmbH Professur IT-Sicherheit Hochschule Emden/Leer

2 AGENDA o Vorstellung o Rückblick auf 1993? o Entwicklung der Angriffsarten im Cyberspace o SCUDOS made in Germany o Q&A

3 Rückblick auf 1993?

4 Angriffstools werden zunehmend intelligenter. Es wird für Angreifer immer komfortabler, solche Software anzuwenden und einzusetzen. Auch ohne großes technisches Wissen und professionelles Können ist möglich geworden, einen großen Schaden einzurichten

5

6 Der Status Quo o Pro Tag kommen neue Schädlinge auf den Markt o Das klassische Anti Virus hat ausgedient o Neue Technologien müssen her: AI, DML, BigData o Keine Security Spezialisten vorhanden o Preisexplosion in SW&HW&Service

7 AUSBLICK o So lange man auf eine Technologien vor über 30 Jahre setzt o Software Qualtitäts-Management muss gehört als MUSS in den Vorlesungssaal o Die Ursachen o Ausbildung o Durch neue Technologien wie Software Defined Anything (SD-A)

8 FAZIT Es gibt keine Hoffnung für die IT-Sicherheit ohne Grundlegende andere Technologien. Wir benötigen einen schnellen Paradigmenwechsel zu neuen sicheren Technologien. Die heutigen Technologien werden immer unsicher bleiben. Das Design-Ziel war vor 25 Jahren nicht die IT-Sicherheit. Udo Kalinna

9 IT Security Today Major Trend Shifts

10 1. SHADOW IT Rapid growth in the variety and number of unmanaged devices connected to the organization network BYoD Contractor owned devices IoT Guest devices Industry 4.0 Virtualization

11 2. ZERO TRUST Firewalls are unable to protect our core network. The traditional perimeter-centric approach is gone. 73% of hackers: Firewalls are no longer relevant! Black Hat 2017 Survey Insider Threats Cloud Apps Software Defined Networks Malware Lateral Movement

12 How does it affect our business? The network infrastructure is responsible for our most essential services

13 How does it affect our business? The Firewall fails to protect it, leaving it exposed

14 How does it affect our business? And we no longer have control on who is connected

15 Key Challenges Security Teams are facing Improving Network Visibility Organizations are not aware which devices are connected to their networks. How can you protect what you can t see? Securing the Network Infrastructure Lateral movement, internal threats, compromised cloud apps.. Today s threats easily bypass the traditional perimeter Automate Incident Response Manual response is too late, as most of the damage happens in the first few hours

16 IT Inventory topology mapping Transparency and Protection for Today s Infrastructures Inventory physical mapping

17 How It Works 3D indoor mapping of office space, including network ports and IT racks Agentless mapping of the network topology and fingerprinting all connected devices 1 Visibility 2 Protection Strong network segmentation, ensuring devices can access only what they need Preventing layer-2 security threats (e.g. spoofing, flooding) Automated incident response by blocking a device in case of a 3 rd party security alert Navigate to the device location with ease and minimal time wasting 3 Orchestration

18 Example Use Case 1 Security Incident Response 1. SCUDOS identifies and quarantine a suspicious device connected to the network 2. With a single click, NAVVIS locates the physical port / access point 3. The security team find the intruder within minutes

19 Example Use Case 2 Monitoring Secured Zones 1. SCUDOS continuously send each device coordinates to NAVVIS Restricted Area 2. Using the coordinates, NAVVIS identify its physical location and share it with SCUDOS 3. SCUDOS will alert on the following: - A device in the open space is connected to the Restricted Area network - An unknown device is entering the Restricted Area - A confidential device is leaving the Restricted Area Open Space

20 Use Cases 1. Incident Response Real Time Mitigation IFASEC: Identify and quarantine a suspicious device NAVVIS: Immediately delivers intelligence on the intruder s physical location 2. Security Team Monitoring Secured Zones NAVVIS: Identify devices physical location and share it with SCUDOS IFASEC: Monitor devices leaving/entering the restricted area, or connecting to it network 3. IT Operations Efficient Maintenance SCUDOS: Agentless IT inventory mapping and central management NAVVIS: Quick troubleshooting, such as replacing a device or switching a network port 4. Service Providers Improve Time-To-Recover SCUDOS: In case of a server down time, find the point of connectivity (i.e. Switch) NAVVIS: Navigate the external technician to the exact location within the large facility

21 SCUDOS Platform Architecture SCUDOS Sensors Infrastructure Scans (e.g. SNMP) Device Fingerprint Enforcement SCUDOS Management Protection Segmentation via VLANs Policy Framework Attack Detection Visualization Topology Map Device Inventory Orchestration API with 3 rd party solutions (FW, SIEM, IPS, AV, etc.)

22 About IFASEC Industry Veterans Security Made in Germany Software Defined Security Forefront of IT security research, combined work with the Fraunhofer Institute Over 20 years of experience in hands-on pen. testing and App security Security Made-in-Germany, TeleTrusT member Certified vendor of the Germany economy and energy ministry Member "Deutschland sicher im Netz" and the BITKOM Working Group Security Agentless Vendor-Agnostic can provide tailored visibility by need On-premise and SaaS model Scalable solution, easily fit mid-to-large size networks

23 SCUDOS + NAVVIS, Integration Preview

24 FAZIT