IoT
5/26/2017
10:30 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cisco Launches IoT Threat Defense to Secure IoT Devices

London, May 23, 2017 – By 2020, Cisco (NASDAQ: CSCO) expects up to 50 billion connected devices to be in play, signaling a critical mass in achieving the promise of the Internet of Things (IoT). Today, Cisco takes a leading role in securing that promise – and offsetting risk – with the introduction of Cisco® IoT Threat Defense. This broad architectural and services solution segments devices on the network to provide adaptable, extensible protection for organizations at IoT scale. The first use of IoT Threat Defense is to secure vital services in advanced medical care, power generation and delivery, and automated manufacturing.

Escalation of Cyberattacks Can Cripple Vital Services

The escalation of ransomware and other malware events in the past year reveals that organizations are even more critically exposed, reflecting a long-held concern that “it’s not if but when” a business may fall victim to costly cyberattacks. The Cisco 2017 Annual Cybersecurity Report notes that CISOs find attacks can impact operations, reputation, and revenue. At stake is unauthorized access to networks, data and IP loss, and business shutdown.

These issues are compounded for those in manufacturing, with IT and OT challenges in how businesses securely connect devices, protect plant operations, and maintain functionality and uptime. While many device manufacturers are building in cybersecurity, implementation can take years. The logical move is to segment these devices to put them out of attackers’ reach. If devices are compromised, organizations can prevent them from being used as pivot points to move through the network, and to activate incident response processes to protect the business.

Segmentation Clears Obstacles to Securing the IoT

Organizations face two major hurdles in securing the IoT. First, most IoT devices can’t protect themselves. The resulting vulnerabilities create ample opportunities for attackers to exploit those devices and gain network access. The second complicating factor is scale, as businesses will be expected to connect billions of devices in the next few years.

Network segmentation is not new. Virtual Local Area Networks (VLANs) have been in use for decades. But the sheer scale of the IoT makes creating enough VLANs impractical, if not impossible.

Cisco has led the market in designing, deploying, and securing networks for over 25 years. It continues to build the equipment, invent the technologies, and develop the standards that help make the Internet possible. Cisco invented TrustSec, an extensible, automated, policy-based technology to solve problems of secure segmentation at scale for the IoT. It is supported across a range of Cisco equipment – ruggedized or non-ruggedized, from the data center to the factory floor.

IoT Solution Includes Best-of-Breed Threat Defense Architecture Over Point Products

In addition to the use of network segmentation to securely scale to meet the escalating needs of the IoT, Cisco IoT Threat Defense is built as a best-of-breed architecture, featuring a strong cast of integrated, trusted Cisco security capabilities:

  • Network segmentation (Cisco TrustSec®)
  • Network behavior analytics (Cisco Stealthwatch)
  • Device visibility (Cisco ISE)
  • Remote access (Cisco AnyConnect®)
  • Cloud security (Cisco Umbrella™)
  • Malware protection (Cisco AMP)
  • Firewall (Cisco Firepower® NGFW)

This architecture provides visibility and analysis of traffic to and from IoT devices, as well as traffic entering and exiting the enterprise to detect threats and compromised hosts. It can detect anomalies, block threats, identify compromised hosts, and help mitigate user error. Additionally, it can secure remote access between sites and between organizations.

Cisco Security Services adds deep expertise to enable organizations to have more effective security – from medical facilities treating patients, to plant operations using assembly lines, to power companies connecting to the electrical grid. The team offers an array of services to meet a customer’s needs, preferences and requirements of industrial networks, beginning with a risk assessment. Advisors will help design, deploy and operate a segmentation framework that considers identity and trust, visibility, policy enforcement, availability, and application interdependencies. Incident readiness and response services allow customers to respond to attacks and reduce damage, exposure, and network downtime.


For more information about Cisco IoT Threat Defense, click here.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-7682
PUBLISHED: 2018-06-22
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
CVE-2018-12689
PUBLISHED: 2018-06-22
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
CVE-2018-12538
PUBLISHED: 2018-06-22
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage...
CVE-2018-12684
PUBLISHED: 2018-06-22
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.
CVE-2018-12687
PUBLISHED: 2018-06-22
tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.