1©2019 Check Point Software Technologies Ltd.

Joel Hollenbeck, Director of EngineeringOffice of the CTO

Surviving the Digital StormIoT Security DELUGE

2©2019 Check Point Software Technologies Ltd.

Shadow/ Unmanaged Devices

ENTERPRISE IoT/OT ENVIRONMENT HAS GROWN INCREASINGLY COMPLEX

Smart Building/Office Devices

Operational Technology (OT)

Medical Devices

General IoTMany types of devices & vendors

Different protocols and behaviours

YOUR ORGANIZATION

?

?

?

?

?

?

3©2019 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees

4©2019 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees

5©2019 Check Point Software Technologies Ltd.

6©2019 Check Point Software Technologies Ltd.

ATTACK LANDSCAPE

•Triton –Tampering with SIS systems (ME)

Dec/2017

•Industroyer –High voltage station shut down using backdoors and IEC protocol flaws (Ukraine)

2016

•Black Energy –Cut off electricity via HMI remote control (Ukraine)

2015

•Energetic bear – 3 SCADA software suppliers infected (US/Europe)

2014

•Stuxnet –Uranium production centrifuges sabotaged by compromising SCADA system (Iran)

2009

•Slammer –Attacks SIS in nuclear plant (US)

2003

Nation states heavily involved

7©2019 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees

8©2019 Check Point Software Technologies Ltd.

IoT/OT DEVICES ARE VULNERABLE AND EASY TO HACK

June 19: Attacker can remotely manipulate infusion pumps, either to withhold meds or dispense too much.

BD Alaris Gateway Workstation

Infusion Pump

Rockwell Energy Smart MeterFeb. 19: Power monitors used by energy companies worldwide can be remotely manipulated by hackers.

Industrial Smart Meter

Chinese-Made CamerasAug. 19: Millions Of Chinese-Made Cameras Can Be Hacked To Spy On Users.IP Camera

9©2019 Check Point Software Technologies Ltd.

IoT/OT DEVICES ARE VULNERABLE AND EASY TO HACK

Weak Password

No Built-in Security

Difficult to Patch

Risk to IoT Devices Damage, manipulation, or Downtime

Risk to NetworksLateral movement infecting other systems

10©2019 Check Point Software Technologies Ltd.

TRADITIONAL SECURITY SOLUTIONS DON’T CUT IT…

YOU CAN’T PROTECT WHAT YOU CAN’T SEE,

OR UNDERSTAND…

Limited Visibilityinto IoT devices and their vulnerabilities

of IoT device behavior and security Needs Insufficient Knowledge

IoT specific threat intelligence is missingNo Threat Prevention

11©2019 Check Point Software Technologies Ltd.

IoT DEFENSESmart Security for Smart Devices

See All your Devices, their Attributes and Risk Level

IOT DISCOVERY & VISIBILITY

Minimize Attack Surfaces Without Disrupting Critical Processes

ZERO TRUST IOT

Block IoT Related Attacks

IOT THREAT PREVENTION

12©2019 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees

DISCOVER DEVICES CONNECTED TO YOUR NETWORK

Smart Office

Printers TV VOIP Phone

Smart Building

IP Camera Smart elevatorSmart Thermostat

Operational Technology (OT)

HMI PLC Barometer

Healthcare

MRI Infusion Pump Patient Monitor

13©2019 Check Point Software Technologies Ltd.

Dynamically Calculated Risk Score

[Internal Use] for Check Point employees

CLASSIFY DEVICESUSING UNIQUE IDENTIFIERS

Granular Device Attributes

Communication Patterns

14©2019 Check Point Software Technologies Ltd.

15©2019 Check Point Software Technologies Ltd.

Weak Password 1111

Functionality & SeverityCritical

Legacy Operating SystemWindows 95

CVECVE-2018-10601

Patient Monitor

No. Name Source Destination Service & Application Action

1 High Risk RISK=HIGH Any Any High Risk

2 Patient Monitor Patient Monitor External Zone Any Drop

IDENTIFY HIGH RISK DEVICES AND PROTECT THEM WITH RISK BASED ACCESS POLICY

Prevent From High Risk Patient Monitor To Communicate With The Internet

16©2019 Check Point Software Technologies Ltd.

ONVIF Protocol VMS

IP Camera

Smart Office IoT

IDENTIFY AND CONTROLIOT/OT PROTOCOLS AND COMMANDS

ModbusProtocol

Limited to only 4 specific

CommandsSCADA Server/HMI

PLC

OT

DICOMProtocol

MRI

PACS

Medical Devices

Source Destination Service & Application

IP CAM VMS ONVIF protocol

Source Destination Service & Application

MRI PACS DICOM protocol

Source Destination Service & Application

HMI PLC Modbus protocol - read input register

Modbus protocol - read holding registers

Modbus protocol - write multiple coils

Modbus protocol - write multiple registers

17©2019 Check Point Software Technologies Ltd.

A POLICY FOR EVERY IOT DEVICE ENTERPRISE IoT EXAMPLE

Application Authorized Traffic

IP Camera Video Management System

No. Name Source Destination Service & Application Action

1 IP CAM to VMS IP CAM VMS ONVIF Protocol Accepted

18©2019 Check Point Software Technologies Ltd.

Virtual Patching 300+ IPS Signatures

against IoT related Threats

Powered by

PROTECT VULNERABLE DEVICES WITHOUT THE NEED FOR PHYSICAL PATCHING

Infusion Pump IP Camera PLC

19©2019 Check Point Software Technologies Ltd.

Smart Office & Smart Building Protect your business from

corporate spying

IoT DEFENSENeeds to be Tailored to various IoT/OT Environments

Industrial Ensure Reliable and

safe operations

HospitalsEnsure patient safety and

data confidentiality

20©2019 Check Point Software Technologies Ltd.

21©2019 Check Point Software Technologies Ltd.

22©2019 Check Point Software Technologies Ltd.

SECURITY GW

IP Camera

IDENTIFY AND BLOCK UNAUTHORIZED ACCESSTO AND FROM IoT DEVICES

BlockxServer Update

V Allow

Video Management Server

V Allow

Internet

23©2019 Check Point Software Technologies Ltd.

POLICY ENFORCEMENT

zone 2zone 3

zone 1

§ Check Point security gateways are being deployed inside the network in order to enforce the IoT policy

§ Threat prevention engines including IPS, APPI and Anti-Bot are activated inside the security gateways in order to identify and block malicious traffic and malicious intents

North-south policy can be enforced through perimeter security gateway

East-west policy can enforced through internal segmentation security gateways