TrendMicro: 從雲到端,打造安全的物聯網
- 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Peter Yang, Sr. Product Manager
June 7th 2017
從雲到端,打造安全的物聯網
Trend Micro IoT Security
- 3. 趨勢科技
Founded in 1989 (28 years), IT security dedicated company
5,258 employees, cover 30 countries, 60% (3,300+) are engineers
500,000 enterprise customer and 155 million endpoints globally
>$1 billion annual sales
Founded in U.S. Headquartered in Japan
Tokyo Exchange Nikkei Index (4704) | >$5 billion market cap
Customers include 45 of top 50 global corporations, and 100% of
the top 10:
Auto Telecom Banks Oil
- 4. Gartner Magic Quadrant for
Endpoint Protection Platforms
Feb 2016
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated
in the context of the entire document. The Gartner document is available upon request from
https://resources.trendmicro.com/Gartner-Magic-Quadrant-Endpoints.html
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not
advise technology users to select only those vendors with the highest ratings or other designation. Gartner
research publications consist of the opinions of Gartner's research organization and should not be construed
as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research,
including any warranties of merchantability or fitness for a particular purpose.
Trend Micro TippingPoint®
Named a Leader in 2017
Gartner Magic Quadrant for
Intrusion Detection and
Prevention Systems (IDPS)
Jan 2017
- 6. 2009 2010 2011 2012 2013 2014 2015 2016
CarShark Software Lets
You Hack Into, Control
And Kill Any Car
Tesla fixes bug
after hackers
hijack Model S
Hackers remotely kill a Jeep
on the highway
• Recall of 1.4M vehicles
• Cost of $140M+
Controlling vehicle features of
Nissan LEAFs across the globe
• Nissan shut down an app
which controls Leaf cars
Hackers take remote
control of Tesla Model S
from 12 miles away
• Push Tesla to provide
new firmware for bug fix
Researchers reveal
methods behind car
hack (2010 Ford Escape)
at Defcon
Hack into the OnStar telematics
system of a 2009 Chevrolet Impala
• GM TOOK 5 YEARS TO FIX FULL
CONTROL HACK IN MILLIONS OF
VEHICLES EQUIPPED WITH ONSTAR
Flaws in 2.2M BMW
ConnectedDrive
Infotainment System
allow remote hack
OnStar hack remotely
starts cars
• GM fix the
RemoteLink App
download 3M+ times
Hackers compromise
Prius, seize control of
wheel, brakes and more
Friendly Hackers
Exploit Loophole to
Disable Alarm on
Mitsubishi Outlander
Car Hacking
- 10. IoT 終端裝置威脅來源
• Insecure Design/Code
• Third Party Libraries
• Existing Vulnerabilities
Open Network Ports
(WannaCry)
• Insecure Network Protocols
• Insecure FOTA/SOTA
Poor Authentication/Authorization
(Mirai)
• Undetected File Changes
• Undetected Process Behavior
- 11. Device is loading up
the firmware and
start to work as it
defined.
1. Boot Up
Boot up completed,
system will read
configuration,
establish connection
or sync up data etc.
2. Initialization
Device performs its
designed purpose
continually.
3. Operation
New firmware
arrived, devices
reboots then start to
load the new
firmware.
4. Update
Device is loading up
the firmware and
start to work as it
defined.
1. Boot Up
Boot up completed,
system will read
configuration,
establish connection
or sync up data etc.
2. Initialization
Device performs its
designed purpose
continually.
3. Operation
New firmware
arrived, devices
reboots then start to
load the new
firmware.
4. Update
Device is loading up
the firmware and
start to work as it
defined.
1. Boot Up
Boot up completed,
system will read
configuration,
establish connection
or sync up data etc.
2. Initialization
Device performs its
designed purpose
continually.
3. Operation
New firmware
arrived, devices
reboots then start to
load the new
firmware.
4. Update
..….............. Retiring
First cycle Second cycle N cycle Last cycle Termination
Device is loading up
the firmware and
start to work as it
defined.
1. Boot Up
Boot up completed,
system will read
configuration,
establish connection
or sync up data etc.
2. Initialization
Device performs its
designed purpose
continually.
3. Operation
New firmware
arrived, devices
reboots then start to
load the new
firmware.
4. Update
Next Cycle
IoT 終端設備生命週期
- 12. IoT 終端設備生命週期及保護
Device is loading up
the firmware and
start to work as it
defined.
1. Boot Up
Boot up completed,
system will read
configuration,
establish connection
or sync up data etc.
2. Initialization
Device performs its
designed purpose
continually.
3. Operation
New firmware
arrived, devices
reboots then start to
load the new
firmware.
4. Update
Next Cycle
(Secure) FOTA
Secure Boot
Firmware Check Reduce the Attack Surface
Health / Risk Check
Block Attack Attempts
Trend Micro FocusPlatform Provider Platform Provider
TMIS
- 13. File Integrity &
App
Whitelisting
System
Vulnerability
Self Protection
(Whitelist
lockdown)
Network
Protection
(IPS)
Security
Management
Console
Risk Detection System Protection Incident Response
TMIS
IoT Security
SDK/API
1 2 3
Network
Behavior
Anomaly
Trend Micro IoT Security 功能概述
須於產品開發
階段整合
- 14. TMIS 架構及設計理念
Security Service
Security Management
Endpoint SDK/ API
Learning Device
Behavior
Global Threats
Intelligent
Behavior
Baseline
Anomaly
Detection
Engine
Security
Attestation
Logs
Baseline (WL)
Management
Protection Rule
Management
Alert/Report
Responder
Protection
Rule Execution
Behavior
Collector
Feedback
Validate
最小化終端負擔
(運算, 儲存, 耗電…)
最大化雲端效用
(全球威脅搜集,
機器學習,準確性,
即時回應)
全面整合控管
(終端安全管理,
視覺化威脅分析,
SOC整合)
- 16. 使用 TMIS 保護關鍵物聯網終端裝置
CoralEdge Box
利用弱點攻擊
(或是Mirai案例)
入侵 IoT 終端
• 竊取機密監控影片
• 銷毀監控影片
• 癱瘓監視器
• ….
• NAD
• File Integrity
• App WL
Virtual Patch
TMIS
- 17. Anomaly Detection
Make sure all IoT devices still work as
originally design.
Vulnerability Detection & Virtual Patch
Understand whether IoT devices were
exposed to the latest threats and take
action to protect them.
Detail the cyber security status of the
firmware.
Find an anomaly of IoT devices, track
trends of the anomaly, and plan the
next fix or take mitigate actions.
TMIS 管理平台
- 20. Class 1 Class 2 Class 3 Class 4
Control unit MCU (8 bit/16bit) MCU (32bit) MPU (32bit) GPU, MPU, CPU (32bit/64bit)
OS Non Low cost RTOS RTOS/Embedded Linux Embedded Linux/Android/Full
feature RTOS/Win 10 IoT Core
Network ZigBee, NFC, Bluetooth Cellar, Wi-Fi Ethernet, Wi-Fi Wi-Fi with other multiple
network protocols
Application Lighting, Wearables,
Thermostats
Medical devices, low-end
network appliances,
telematics
Larger/ expensive medical
or industrial automation
devices; robotics; vending
machines
Gateways, high-end medical
devices, military devices,
autonomous driving car
IoT Device Security
Root of Trust HW SE (Secure Element) HW/SW PKI HW/SW PKI PKI/TPM
TMIS
(Function)
Risk Detection (Planning) Risk Detection (Planning) Risk Detection/System
Protection
Risk Detection/System
Protection
TMIS (Method) Restful API (Planning) Restful API (Planning) SDK (Agent) SDK (Agent)
OTA/Roll back OTA OTA OTA/Roll back OTA/Roll back
DeviceLifeCycle
IoT 終端裝置分類以及安全防護對策