ForeScout Security for IoT in Banking · systems to few targeted servers and cripples them, usually...

ForeScout Security for IoT in Banking

1. IoT Trends in Banking

2. Types of Attacks

3. Security Gaps

4. ForeScout Solution and Its Value

5. References, Analyst Reports, Recognition

6. Summary

Exponential Growth In IoT Devices

4

It took 25 years

to connect 10B

devices

It will take only 5 more

years to connect 30B

devices

Banking Services

are an IoT adopter

20B of which will be

IoT devices

Source: Gartner IoT, PC and Mobile device forecast 2015; ABI research

Reference acronym glossary at the end of presentation

IoT Use Cases in Banking

5

Delivering easy-to-

access services for debit

and credit card holders

Predicting fraud in

debit/credit card

transactions

Tracking autos with

disbursed loans to

minimize theft

Building automation and

video survelliance


Banks Using IoT

Customers use different devices for

transactions and inquiries

Banks collect the information about customers from devices used

Banks offer different services and offerings

to customers

6

1. IoT Trends in Banking

2. Types of Attacks

3. Security Gaps



6. Summary

Types of Cyberattacks

8

Distributed Denial of Service (DDoS) is an attack in which

a master program sends data heavy traffic from multiple

systems to few targeted servers and cripples them, usually

mission critical servers

A vulnerability in the system

that bypasses normal

security authentications to

enter a system

Malicious software that is

used to disrupt operations,

gather or modify sensitive

information

Some systems run on outdated or

unsupported software that have

vulnerabilities that are hard to patch

A type of malicious software

designed to block access to a

computer system until a sum

of money is paid

Attacker secretly

relays/ alters the

communication

between two systems

DDoS

Backdoor

Malware

Man in the middle

Ransomware

Software vulnerability


Per Capita Cost of Data Breach

9IBM Ponemon report: Cost of a data breach

$177Media

$220Education

$264Financial

$402Healthcare


1. IoT Trends in Financial Services

2. Types of Attacks

3. Security Gaps



6. Summary

Many New Devices Will be Vulnerable to Attacks

Less than 10% of new devices connecting to the corporate environment will be manageable through traditional methods

11

Source: Gartner, BI Intelligence, Verizon, ForeScout

Managed

Devices

Unmanaged

Devices

2010 2012 2014 2016 2018 2020

By 2020: 20+ BillionUnmanagedConnected Devices66%

of all networks will have an

IoT security breach by 2018


Internet of Things Are Everywhere

12Reference acronym glossary at the end of presentation

Many organizations already have IoT devices yet don’t think of those devices as IoT.

IP-Connected Security Systems

An Example of IoT Device Risks

13

Many use proprietary radio

frequency technology that lack

authentication and encryption.

Attackers can form radio signals

to send false triggers and

access system controls.

User compute capability to ex-filtrate

large amounts of data.

Disable camera to allow physical

break in.

Hijack camera to spy on employees

usage of computers, passwords,

applications and designs.

DISASTROUS


Use as launching point for DDoS

attacks.


2. Types of Attacks

3. Security Gaps



6. Summary

Many IoT Devices Are Vulnerable

15

ForeScout’s agentless solution helps overcome these limitations


Many IoT

devices lack

basic security

features

Many IoT

devices cannot

be patched

Many IoT

devices run on

outdated or

unsupported

software

Many IoT

devices cannot

host an agent

See

16

CONTINUOUS

AGENTLESS

Not VisibleVisible

See withIoT

Manageable with an

Agent

Non-

Traditional/IoT

Computing Devices

Network Devices

Applications

Antivirus out-of-date

Broken agent

Vulnerability

Reference Acronym Glossary at the end of presentation

Who are you?

Who owns the device?

What type of device?

Where/how are you

connecting?

What is the device

hygiene?

Many IoT devices are invisible to the traditional security systems

Control

17

Restrict

Comply

Notify

Less Privileged

Access

Guest

Network

Corporate

Network

Quarantine

Data Center

AUTOMATED

POLICY-DRIVEN

Reference acronym glossary at end of presentation.

Orchestrate

Reference Acronym Glossary at the end of presentation18

MAXIMIZE EXISITING

INVESTMENTS

BREAK DOWN SILOS

Share Contextual

Insights

Automate

Workflows

Automate

Response Actions

VENDOR OPTIONS

*As of April 2017

ATD SIEMEMM EDR/EPP NGFW VAITSM

IDC Paper: https://www.forescout.com/idc-business-value/

Faster

Time To

Value

10

24% more devices discovered

18% more devices in compliance

42% reduction in network-related breaches

38% reduction in device-related breaches

24%

18%

42%

38%

Security Benefits of a ForeScout Solution

IDC interviewed 7 ForeScout customers, and on an average, benefits were

Business Benefits of a ForeScout Solution

$2M average savings

392% ROI over 5 years

13 months to break even



IDC interviewed 7 ForeScout customers, and on an average, benefits were

Average benefits

for an organization

with 43K devices


2. Types of Attacks

3. Security Gaps



6. Summary

"In a banking environment, there are a lot of thin clients such as teller machines and embedded devices. With these systems any extra overhead, such as installing

an agent, could adversely impact performance and slow our ability to service customers. Additionally, we wanted to avoid the management nightmare of

installing and maintaining an agent on each device."

- Brian Meyer, System Or Network Administrator, Meritrust Credit Union

22Reference Acronym Glossary at the end of presentation

https://www.forescout.com/solutions/industries/financial-services/

https://www.forescout.com/company/customers/

https://www.forescout.com/solutions/industries/financial-services/

https://www.forescout.com/company/customers/

A Customer Success Story: Secure Heterogeneous Environments; Integrate Two Networks

23

1

Implementing 802.1X became very cost-prohibitive and complex2

M&A brought in a hybrid IT environment with mix of 802.1X, non-

802.1X, various device hygiene, device types and applications

3

ForeScout immediately brought in higher value and ROI, turning a

3 year complex integration project into a 2 year success story.

ForeScout’s agentless approach and ability to plug into the

network out of band reduced integration effort

A Customer Success Story: Example of Containment of an Attack

24

1

Location of the system had to be determined quickly to contain

the problem2

Alert received in the endpoint security system of a computer

infected with ransomware

3

Before ForeScout, it took 30 mins or longer to locate a device and disable it,

now it is done in real time. ForeScout also cut down on staff time as the team

only had to re-image one device compared to multiple if the virus had spread.

ForeScout determined the system location and removed it from the

network in real time

A Customer Success Story: Example of Fast Remediation

25

1

Report shows assets on network that are not reporting to Asset

Management system2

Weekly threat report is generated to show risk level

ForeScout helps IT team remediate by locating and registering

these devices3

ForeScout reduced time to remediate by 83% (3 hours to 30 mins).

Scale

1M+ Devices in a single

deployment

Engineering

3x Increase

in ForeScout R&D

Customers

2500+ In over

70 countries

Service

87 NPS Net Promoter

Score

ForeScout Accolades

27

Gartner IoT Security Market Guide

Gartner, 2016

JP Morgan Chase Hall of Fame Innovation Award for Transformative

Security TechnologyJPMC, 2016

Cloud100 World’s Best Cloud CompaniesForbes, 2016, 2017

Deloitte’s Fastest Growing Companies in North America

Deloitte, 2016

20 Fastest Growing Security Companies

The Silicon Valley Review, 2016

Gartner NAC Market Guide

Gartner, 2016

Excellence Award for Threat Solutions

Gartner, 2016

Computer Reseller News Top Security Company

CRN, 2016

Inc. 5000 Fastest Growing Companies

Inc. 5000, 2016

9 Hot Cybersecurity Startups

Nanalyze, 2016


2. Types of Attacks

3. Security Gaps



6. Summary

Do you know how many

devices are in your

network?

Request a ForeScout

POC to find out.

Summary

29

ForeScout’s agentless approach has helped companies discover on an average 24% more devices

on their networks – IDC Report.

IoT devices are growing in the Financial Services industry.

Many IoT devices lack basic security features and are invisible

to traditional security systems, posing bigger security risk!

Many organizations underestimate number of IoT devices in

their networks thereby opening up vulnerabilities.


Thank you!

Various Banks

http://www.ibtimes.co.uk/billion-dollar-bank-job-how-hackers-stole-1bn-100-banks-30-countries-1488148

31

Overview: The Billion Dollar Bank Job: How hackers stole $1bn from 100 banks in 30 countries

Devices: Video surveillance camera among others

Industry: Finance

Description: Carbanak gang (named after the malware it uses), with members in Russia, Ukraine, China and other parts

of Europe, has been stealing tens of millions of dollars from banks, e-payment systems and other financial institutions

since 2013. In addition to other means the gang used the bank's own cameras against them, the gang were able to see

and record everything that was happening on the screens of bank employees. By monitoring these screens the hackers

were able to gain intimate knowledge of just how each bank's specific internal systems worked, allowing them to tailor

each attack.

Reference acronym glossary at end of presentation

http://www.dailymail.co.uk/news/article-3824470/Bored-worker-hacks-giant-electronic-billboard-streams-Japanese-PORN-afternoon-rush-hour-traffic.html

Sberbank & Alfabank

http://www.theregister.co.uk/2016/11/11/russian_banks_ddos/

32

Overview: Russian banks floored by withering DDoS attacks

Devices: Botnet using IoT devices

Industry: Finance

Description: At least five Russian banks weathered days-long DDoS attacks this week. A wave of

assaults began on a Tuesday afternoon and continued over the next two days. Victims include Sberbank

and Alfabank, both of which confirmed DDoS attacks on their online services, RT reports.

The attacks were powered by compromised IoT devices, according to an unnamed Russian Central

Bank official.

Reference acronym glossary at end of presentation

http://www.dailymail.co.uk/news/article-3824470/Bored-worker-hacks-giant-electronic-billboard-streams-Japanese-PORN-afternoon-rush-hour-traffic.html

https://www.rt.com/news/366172-russian-banks-ddos-attack/

Acronym Glossary

AAA Authentication, Authorization and Accounting

ACL Access Control List

ACS Access Control Server [Cisco]

AD Active Directory

ANSI American National Standards Institute

API Application Programming Interface

ARP Address Resolution Protocol

ATD Advanced Threat Detection

ATP Advanced Threat Prevention

AUP Acceptable Use Policy

AV Antivirus

AWS Amazon Web Services

BYOD Bring Your Own Device

C&C Command and Control

CA Certificate Authority

CAM Content Addressable Memory

CASB Cloud Access Security Broker

CCE Common Configuration Enumeration

CDP Cisco Discovery Protocol

CEF Cisco Express Forwarding

CIS Center for Internet Security, Inc.

CIUP Cumulative Infrastructure Update Pack

CLI Command Line Interface

CMDB Configuration Management Database

CoA Change of Authorization

CPPM ClearPass Policy Manager

CPU Central Processing Unit

CSC Critical Security Controls

CSV Comma Seperated Value

CUP Cumulative Update Pack

CVE Common Vulnerabilities and Exposures

DB Database

DDoS Distributed Denial of Service

DHCP Dynamic Host Configuration Protocol

DLP Data Loss Prevention

DNS Domain Name Server

EDR Endpoint Detection and Response

EM Enterprise Manager

EMM Enterprise Mobility Management

ePO ePolicy Orchestrator

EPP Endpoint Protection Platform

FERC Federal Energy Regulatory Commission

FIPS Federal Information Processing standards

FQDN Fully Qualified Domain Name

FTP File Transfer Protocol

FW Firewall

GCP Google Cloud Platform

GPO Group Policy Object

GUI Graphical User Interface

HA High Availability

HBSS Host Based Security System

HIP Host Information Policy [Palo Alto Networks]

HIPAA Health Insurance Portability & Accountability Act

HITECHHealth Information Technology for Economic and

Clinical Health

HITRUST Health Information Trust Alliance

HPS Host Property Scanner

HR Human Resources

HTML Hypertext Markup Language

HTTP Hypertext Transfer Protocol

IaaS Infrastructure as a Service

ICMP Internet Control Message Protocol

ID Identification

IDaaS Identity as a Service

iDRAC Integrated Dell Remote Access Controller

IM Instant Messaging

IMAP Internet Message Access Protocol

IOC Indicator of Compromise

iOS iPhone Operating System [Apple]

IoT Internet of Things

IP Internet Protocol

IPMI Intelligent Platform Management Interface

IPS Intrusion Protection System

ISE Identity Services Engine [Cisco]

IT Information Technology

ITAM Information Technology Access Management

ITSM Information Technology Service Management

LAN Local area Network

LDAP Lightweight Directory Access Protocol

LLDP Link Layer Discovery Protocol

MAB Mac Authentication Bypass

MAC Media Access Control

MAPI Messaging Application Programming Interface

MDM Mobile Device Management

MTP Mobile Threat Prevention [FireEye]

MTTD Mean Time to Detection

MTTR Mean Time to Resolution

NA Not Applicable

NAC Network Access Control

NAT Network Address Translation

NBT NetBIOS over TCP/IP

NERC North American Electric Reliability Corp.

NetBIOS Network Basic Input/Output System

NGFW Next-Generation Firewall

NIC Network Interface Card

NIST National Institute of Standards and Technology

Nmap Network Mapper

NOC Network Operations Center

OS Operating System

OT Operational Technology

OU Organizational Unit

OVAL Open Vulnerability and Assessment Language

P2P Peer-to-Peer

PAM Privileged Access Management

PAN OS 7.x Palo Alto Networks Operating System 7.x

PC Personal Computer

PCI Payment Card Industry

PKI Public Key Infrastructure

PoE Power over Ethernet

POP3 Post Office Protocol

pxGrid Platform Exchange Grid [Cisco]

RADIUS Remote Authentication Dial-In User Service

RAP Roving Analysis Port

RDP Remote Desktop Protocol

Reauth Reauthorization

RI Remote Inspection

RM Recovery Manager

RMM Remote Monitoring and Management

RO Read Only

ROI Return on Investment

RPC Remote Procedure Call

RRP Remote Registry Protocol

RTU Remote Terminal Unit

RW Read/Write

SaaS Software as a Service 33

Acronym Glossary

SANSSystem Administration, Networking and Security

Institute

SCADA Supervisory Control and Data Acquisition

SCAP Security Compliance Automation Protocol

SCCM System Center Configuration Manager

SDN Software Defined Network

SEL System Event Log

SGT Security Group Tags [Cisco]

SGT Security Group Tags [Cisco]

SIEM Security Information and Event Management

SMS Short Message Service

SNMP Simple Network Management Protocol

SOC Security Operations Center

SOX Sarbanes-Oxley

SPAN Switch Port Analyzer

SQL Structured Query Language

SSH Secure Shell

SSID Service Set Identifier

SSL Secure Sockets Layer

SSO Single Sign On

STIG Security Technical Implementation Guide

SYSLOG System Log

TACACS Terminal Access Controller Access Control System

TAM Threat Assessment Manager [FireEye]

TAP Threat Analytics Platform [FireEye]

TCO Total Cost of Ownership

TCP Transmission Control Protocol

TIP Threat Intelligence Platform

TLS Transport Layer Security

UBA User Behavior Analytics

UDP User Datagram Protocol

URL Universal Resource Locator

USB Universal Serial Bus

VA Vulnerability Assessment

vCT Virtual CounterACT

VDI Virtual Desktop Infrastructure

vFW Virtual Firewall

VGA Video Graphics Array

VLAN Virtual Local Area Network

VM Virtual Machine

VoIP Voice over IP

VPN Virtual Private Network

WAF Web Application Firewall

WAN Wide Area Network

WAP Wireless Application Protocol

WMI Windows Management Instrumentation

WSUS Windows System Update Services

XCCDFThe Extensible Configuration Checklist Description

Format

XML Extensible Markup Language

34

ForeScout Security for IoT in Banking · systems to few targeted servers and cripples them, usually...

Documents

Transcript of ForeScout Security for IoT in Banking · systems to few targeted servers and cripples them, usually...