ForeScout Security for IoT in Banking
1. IoT Trends in Banking
2. Types of Attacks
3. Security Gaps
4. ForeScout Solution and Its Value
5. References, Analyst Reports, Recognition
6. Summary
1. IoT Trends in Banking
2. Types of Attacks
3. Security Gaps
4. ForeScout Solution and Its Value
5. References, Analyst Reports, Recognition
6. Summary
Exponential Growth In IoT Devices
4
It took 25 years
to connect 10B
devices
It will take only 5 more
years to connect 30B
devices
Banking Services
are an IoT adopter
20B of which will be
IoT devices
Source: Gartner IoT, PC and Mobile device forecast 2015; ABI research
Reference acronym glossary at the end of presentation
IoT Use Cases in Banking
5
Delivering easy-to-
access services for debit
and credit card holders
Predicting fraud in
debit/credit card
transactions
Tracking autos with
disbursed loans to
minimize theft
Building automation and
video survelliance
Reference acronym glossary at the end of presentation
Banks Using IoT
Customers use different devices for
transactions and inquiries
Banks collect the information about customers from devices used
Banks offer different services and offerings
to customers
6
1. IoT Trends in Banking
2. Types of Attacks
3. Security Gaps
4. ForeScout Solution and Its Value
5. References, Analyst Reports, Recognition
6. Summary
Types of Cyberattacks
8
Distributed Denial of Service (DDoS) is an attack in which
a master program sends data heavy traffic from multiple
systems to few targeted servers and cripples them, usually
mission critical servers
A vulnerability in the system
that bypasses normal
security authentications to
enter a system
Malicious software that is
used to disrupt operations,
gather or modify sensitive
information
Some systems run on outdated or
unsupported software that have
vulnerabilities that are hard to patch
A type of malicious software
designed to block access to a
computer system until a sum
of money is paid
Attacker secretly
relays/ alters the
communication
between two systems
DDoS
Backdoor
Malware
Man in the middle
Ransomware
Software vulnerability
Reference acronym glossary at the end of presentation
Per Capita Cost of Data Breach
9IBM Ponemon report: Cost of a data breach
$177Media
$220Education
$264Financial
$402Healthcare
Reference acronym glossary at the end of presentation
1. IoT Trends in Financial Services
2. Types of Attacks
3. Security Gaps
4. ForeScout Solution and Its Value
5. References, Analyst Reports, Recognition
6. Summary
Many New Devices Will be Vulnerable to Attacks
Less than 10% of new devices connecting to the corporate environment will be manageable through traditional methods
11
Source: Gartner, BI Intelligence, Verizon, ForeScout
Managed
Devices
Unmanaged
Devices
2010 2012 2014 2016 2018 2020
By 2020: 20+ BillionUnmanagedConnected Devices66%
of all networks will have an
IoT security breach by 2018
Reference acronym glossary at the end of presentation
Internet of Things Are Everywhere
12Reference acronym glossary at the end of presentation
Many organizations already have IoT devices yet don’t think of those devices as IoT.
IP-Connected Security Systems
An Example of IoT Device Risks
13
Many use proprietary radio
frequency technology that lack
authentication and encryption.
Attackers can form radio signals
to send false triggers and
access system controls.
User compute capability to ex-filtrate
large amounts of data.
Disable camera to allow physical
break in.
Hijack camera to spy on employees
usage of computers, passwords,
applications and designs.
DISASTROUS
Reference acronym glossary at the end of presentation
Use as launching point for DDoS
attacks.
1. IoT Trends in Financial Services
2. Types of Attacks
3. Security Gaps
4. ForeScout Solution and Its Value
5. References, Analyst Reports, Recognition
6. Summary
Many IoT Devices Are Vulnerable
15
ForeScout’s agentless solution helps overcome these limitations
Reference acronym glossary at the end of presentation
Many IoT
devices lack
basic security
features
Many IoT
devices cannot
be patched
Many IoT
devices run on
outdated or
unsupported
software
Many IoT
devices cannot
host an agent
See
16
CONTINUOUS
AGENTLESS
Not VisibleVisible
See withIoT
Manageable with an
Agent
Non-
Traditional/IoT
Computing Devices
Network Devices
Applications
Antivirus out-of-date
Broken agent
Vulnerability
Reference Acronym Glossary at the end of presentation
Who are you?
Who owns the device?
What type of device?
Where/how are you
connecting?
What is the device
hygiene?
Many IoT devices are invisible to the traditional security systems
Control
17
Restrict
Comply
Notify
Less Privileged
Access
Guest
Network
Corporate
Network
Quarantine
Data Center
AUTOMATED
POLICY-DRIVEN
Reference acronym glossary at end of presentation.
Orchestrate
Reference Acronym Glossary at the end of presentation18
MAXIMIZE EXISITING
INVESTMENTS
BREAK DOWN SILOS
Share Contextual
Insights
Automate
Workflows
Automate
Response Actions
VENDOR OPTIONS
*As of April 2017
ATD SIEMEMM EDR/EPP NGFW VAITSM
IDC Paper: https://www.forescout.com/idc-business-value/
Faster
Time To
Value
10
24% more devices discovered
18% more devices in compliance
42% reduction in network-related breaches
38% reduction in device-related breaches
24%
18%
42%
38%
Security Benefits of a ForeScout Solution
IDC interviewed 7 ForeScout customers, and on an average, benefits were
Business Benefits of a ForeScout Solution
$2M average savings
392% ROI over 5 years
13 months to break even
Reference acronym glossary at the end of presentation
IDC Paper: https://www.forescout.com/idc-business-value/
IDC interviewed 7 ForeScout customers, and on an average, benefits were
Average benefits
for an organization
with 43K devices
1. IoT Trends in Financial Services
2. Types of Attacks
3. Security Gaps
4. ForeScout Solution and Its Value
5. References, Analyst Reports, Recognition
6. Summary
"In a banking environment, there are a lot of thin clients such as teller machines and embedded devices. With these systems any extra overhead, such as installing
an agent, could adversely impact performance and slow our ability to service customers. Additionally, we wanted to avoid the management nightmare of
installing and maintaining an agent on each device."
- Brian Meyer, System Or Network Administrator, Meritrust Credit Union
22Reference Acronym Glossary at the end of presentation
https://www.forescout.com/solutions/industries/financial-services/
https://www.forescout.com/company/customers/
A Customer Success Story: Secure Heterogeneous Environments; Integrate Two Networks
23
1
Implementing 802.1X became very cost-prohibitive and complex2
M&A brought in a hybrid IT environment with mix of 802.1X, non-
802.1X, various device hygiene, device types and applications
3
ForeScout immediately brought in higher value and ROI, turning a
3 year complex integration project into a 2 year success story.
ForeScout’s agentless approach and ability to plug into the
network out of band reduced integration effort
A Customer Success Story: Example of Containment of an Attack
24
1
Location of the system had to be determined quickly to contain
the problem2
Alert received in the endpoint security system of a computer
infected with ransomware
3
Before ForeScout, it took 30 mins or longer to locate a device and disable it,
now it is done in real time. ForeScout also cut down on staff time as the team
only had to re-image one device compared to multiple if the virus had spread.
ForeScout determined the system location and removed it from the
network in real time
A Customer Success Story: Example of Fast Remediation
25
1
Report shows assets on network that are not reporting to Asset
Management system2
Weekly threat report is generated to show risk level
ForeScout helps IT team remediate by locating and registering
these devices3
ForeScout reduced time to remediate by 83% (3 hours to 30 mins).
26
Scale
1M+ Devices in a single
deployment
Engineering
3x Increase
in ForeScout R&D
Customers
2500+ In over
70 countries
Service
87 NPS Net Promoter
Score
ForeScout Accolades
27
Gartner IoT Security Market Guide
Gartner, 2016
JP Morgan Chase Hall of Fame Innovation Award for Transformative
Security TechnologyJPMC, 2016
Cloud100 World’s Best Cloud CompaniesForbes, 2016, 2017
Deloitte’s Fastest Growing Companies in North America
Deloitte, 2016
20 Fastest Growing Security Companies
The Silicon Valley Review, 2016
Gartner NAC Market Guide
Gartner, 2016
Excellence Award for Threat Solutions
Gartner, 2016
Computer Reseller News Top Security Company
CRN, 2016
Inc. 5000 Fastest Growing Companies
Inc. 5000, 2016
9 Hot Cybersecurity Startups
Nanalyze, 2016
1. IoT Trends in Financial Services
2. Types of Attacks
3. Security Gaps
4. ForeScout Solution and Its Value
5. References, Analyst Reports, Recognition
6. Summary
Do you know how many
devices are in your
network?
Request a ForeScout
POC to find out.
Summary
29
ForeScout’s agentless approach has helped companies discover on an average 24% more devices
on their networks – IDC Report.
IoT devices are growing in the Financial Services industry.
Many IoT devices lack basic security features and are invisible
to traditional security systems, posing bigger security risk!
Many organizations underestimate number of IoT devices in
their networks thereby opening up vulnerabilities.
IDC Paper: https://www.forescout.com/idc-business-value/
Thank you!
Various Banks
http://www.ibtimes.co.uk/billion-dollar-bank-job-how-hackers-stole-1bn-100-banks-30-countries-1488148
31
Overview: The Billion Dollar Bank Job: How hackers stole $1bn from 100 banks in 30 countries
Devices: Video surveillance camera among others
Industry: Finance
Description: Carbanak gang (named after the malware it uses), with members in Russia, Ukraine, China and other parts
of Europe, has been stealing tens of millions of dollars from banks, e-payment systems and other financial institutions
since 2013. In addition to other means the gang used the bank's own cameras against them, the gang were able to see
and record everything that was happening on the screens of bank employees. By monitoring these screens the hackers
were able to gain intimate knowledge of just how each bank's specific internal systems worked, allowing them to tailor
each attack.
Reference acronym glossary at end of presentation
Sberbank & Alfabank
http://www.theregister.co.uk/2016/11/11/russian_banks_ddos/
32
Overview: Russian banks floored by withering DDoS attacks
Devices: Botnet using IoT devices
Industry: Finance
Description: At least five Russian banks weathered days-long DDoS attacks this week. A wave of
assaults began on a Tuesday afternoon and continued over the next two days. Victims include Sberbank
and Alfabank, both of which confirmed DDoS attacks on their online services, RT reports.
The attacks were powered by compromised IoT devices, according to an unnamed Russian Central
Bank official.
Reference acronym glossary at end of presentation
Acronym Glossary
AAA Authentication, Authorization and Accounting
ACL Access Control List
ACS Access Control Server [Cisco]
AD Active Directory
ANSI American National Standards Institute
API Application Programming Interface
ARP Address Resolution Protocol
ATD Advanced Threat Detection
ATP Advanced Threat Prevention
AUP Acceptable Use Policy
AV Antivirus
AWS Amazon Web Services
BYOD Bring Your Own Device
C&C Command and Control
CA Certificate Authority
CAM Content Addressable Memory
CASB Cloud Access Security Broker
CCE Common Configuration Enumeration
CDP Cisco Discovery Protocol
CEF Cisco Express Forwarding
CIS Center for Internet Security, Inc.
CIUP Cumulative Infrastructure Update Pack
CLI Command Line Interface
CMDB Configuration Management Database
CoA Change of Authorization
CPPM ClearPass Policy Manager
CPU Central Processing Unit
CSC Critical Security Controls
CSV Comma Seperated Value
CUP Cumulative Update Pack
CVE Common Vulnerabilities and Exposures
DB Database
DDoS Distributed Denial of Service
DHCP Dynamic Host Configuration Protocol
DLP Data Loss Prevention
DNS Domain Name Server
EDR Endpoint Detection and Response
EM Enterprise Manager
EMM Enterprise Mobility Management
ePO ePolicy Orchestrator
EPP Endpoint Protection Platform
FERC Federal Energy Regulatory Commission
FIPS Federal Information Processing standards
FQDN Fully Qualified Domain Name
FTP File Transfer Protocol
FW Firewall
GCP Google Cloud Platform
GPO Group Policy Object
GUI Graphical User Interface
HA High Availability
HBSS Host Based Security System
HIP Host Information Policy [Palo Alto Networks]
HIPAA Health Insurance Portability & Accountability Act
HITECHHealth Information Technology for Economic and
Clinical Health
HITRUST Health Information Trust Alliance
HPS Host Property Scanner
HR Human Resources
HTML Hypertext Markup Language
HTTP Hypertext Transfer Protocol
IaaS Infrastructure as a Service
ICMP Internet Control Message Protocol
ID Identification
IDaaS Identity as a Service
iDRAC Integrated Dell Remote Access Controller
IM Instant Messaging
IMAP Internet Message Access Protocol
IOC Indicator of Compromise
iOS iPhone Operating System [Apple]
IoT Internet of Things
IP Internet Protocol
IPMI Intelligent Platform Management Interface
IPS Intrusion Protection System
ISE Identity Services Engine [Cisco]
IT Information Technology
ITAM Information Technology Access Management
ITSM Information Technology Service Management
LAN Local area Network
LDAP Lightweight Directory Access Protocol
LLDP Link Layer Discovery Protocol
MAB Mac Authentication Bypass
MAC Media Access Control
MAPI Messaging Application Programming Interface
MDM Mobile Device Management
MTP Mobile Threat Prevention [FireEye]
MTTD Mean Time to Detection
MTTR Mean Time to Resolution
NA Not Applicable
NAC Network Access Control
NAT Network Address Translation
NBT NetBIOS over TCP/IP
NERC North American Electric Reliability Corp.
NetBIOS Network Basic Input/Output System
NGFW Next-Generation Firewall
NIC Network Interface Card
NIST National Institute of Standards and Technology
Nmap Network Mapper
NOC Network Operations Center
OS Operating System
OT Operational Technology
OU Organizational Unit
OVAL Open Vulnerability and Assessment Language
P2P Peer-to-Peer
PAM Privileged Access Management
PAN OS 7.x Palo Alto Networks Operating System 7.x
PC Personal Computer
PCI Payment Card Industry
PKI Public Key Infrastructure
PoE Power over Ethernet
POP3 Post Office Protocol
pxGrid Platform Exchange Grid [Cisco]
RADIUS Remote Authentication Dial-In User Service
RAP Roving Analysis Port
RDP Remote Desktop Protocol
Reauth Reauthorization
RI Remote Inspection
RM Recovery Manager
RMM Remote Monitoring and Management
RO Read Only
ROI Return on Investment
RPC Remote Procedure Call
RRP Remote Registry Protocol
RTU Remote Terminal Unit
RW Read/Write
SaaS Software as a Service 33
Acronym Glossary
SANSSystem Administration, Networking and Security
Institute
SCADA Supervisory Control and Data Acquisition
SCAP Security Compliance Automation Protocol
SCCM System Center Configuration Manager
SDN Software Defined Network
SEL System Event Log
SGT Security Group Tags [Cisco]
SGT Security Group Tags [Cisco]
SIEM Security Information and Event Management
SMS Short Message Service
SNMP Simple Network Management Protocol
SOC Security Operations Center
SOX Sarbanes-Oxley
SPAN Switch Port Analyzer
SQL Structured Query Language
SSH Secure Shell
SSID Service Set Identifier
SSL Secure Sockets Layer
SSO Single Sign On
STIG Security Technical Implementation Guide
SYSLOG System Log
TACACS Terminal Access Controller Access Control System
TAM Threat Assessment Manager [FireEye]
TAP Threat Analytics Platform [FireEye]
TCO Total Cost of Ownership
TCP Transmission Control Protocol
TIP Threat Intelligence Platform
TLS Transport Layer Security
UBA User Behavior Analytics
UDP User Datagram Protocol
URL Universal Resource Locator
USB Universal Serial Bus
VA Vulnerability Assessment
vCT Virtual CounterACT
VDI Virtual Desktop Infrastructure
vFW Virtual Firewall
VGA Video Graphics Array
VLAN Virtual Local Area Network
VM Virtual Machine
VoIP Voice over IP
VPN Virtual Private Network
WAF Web Application Firewall
WAN Wide Area Network
WAP Wireless Application Protocol
WMI Windows Management Instrumentation
WSUS Windows System Update Services
XCCDFThe Extensible Configuration Checklist Description
Format
XML Extensible Markup Language
34
Top Related