Post on 21-May-2020
Using Threat Intelligence to Secure IoT
Threat Hunting with Open Source
Steve Skoronski sskorons@checkpoint.com
Why?
• IoT is expanding rapidly, as is connectivity
• The stakes have never been higher
• The impact has never been so severe
IoT Security Market Overview
8©2018 Check Point Software Technologies Ltd.
Spectre and Meltdown
Proof of Concept
Firmware Emulation - Firmadyne
Cyber Kill Chain from Lockheed Martin
Where to Start?
• Security Professionals and Administrators alike are drowning in data
• This means there is a lack of situational awareness
• It also means a long time to react, amplifying the security event impact on the business, reputation and brand perception
The Setup
Diagram credit to Corelight
IoT Development Kits
Stage 1: Collection - Data Inputs
• The reference infrastructure has many data collection points we can ingest to start getting a wider and deeper view;• Network Firewall – providing information on layer 2-7 data
crossing that network perimeter
• Ubiquiti’s Unifi Software Defined Controller for UAP-AC-Lite Wireless Access Point
• Syslog from simpler network devices / bro for devices that cannot log (IoT)
Stage 2 – Normalization
• Search and Reporting App very helpful to validate correct collection and format• Apps were used in conjunction with data inputs to view
from several perspectives, IE, Splunk Security Essentials
•Validation with proxy indicators – other correlation and reporting tools as a starting point for asking questions of the dataset
Threat Feeds
Transportation
Manufacturing
Smart cities
Smart buildings
Banking
Utilities
Healthcare
Telecom
Automotive
Energy
Smart homes
cloud
AI ADAPTIVE SECURITY CONTROLS
33©2018 Check Point Software Technologies Ltd.
Introducing the Micro Gateway
Centralized Management
Easy Deployment / Zero Touch Provisioning
Integrated FW & VPN in a Micro Gateway
Wired & Wireless Support
Monitoring & Control via Mobile App
34©2018 Check Point Software Technologies Ltd.
Protection Against Known and Unknown Threats
Enforce defined security policies
Accurately detect anomalous behavior
and identify threats in real time
Granular protocol understanding
Discover all IoT devices
35©2018 Check Point Software Technologies Ltd.
Off to the Lab!
I appreciate your time!