“Visible” to “Manageable”: Security Management of IoT Terminals

In the past, the end point of electricity can be said to be the electricity meter of every household. The operation and maintenance depended on the grass-roots employees walking around the streets to check the electricity meter, repair the line, and steal electricity. The emergence of the Internet of Things in electric power makes the older generation of meter readers no longer run and break their legs. With the rise of new energy vehicles, the times require the power system to be the “gas station” for new energy vehicles, that is, charging stations. In the grid concept, the charging station is still endpointed by the electricity meter. But in the IoT concept, a charging station is a sub-network, and this sub-network contains at least smart meters, charging piles, and cameras. The traditional endpoint has changed from a single electricity meter to dozens or hundreds of IoT devices. To ensure the healthy operation of this Internet of Things, it is necessary to solve problems such as easy access of legal devices to the network, prevention of intrusion and risk assessment of IoT devices, so as to protect the security of the Internet of Things. Therefore, terminal admission and access control are very necessary for the power Internet of Things. This issue releases cattle product recommendation – Shanghai Ningdun: Internet of Things (IoT) access security scenario solution.

#牛品Recommended the twenty-fourth issue #

01

Label

Terminal compliance detection, network access, access control, asset management, visualized topology, risk alerts

02

User pain points

1. How to allow legitimate devices to easily access the network

The new IoT management must provide support for the rapid development of the business. The traditional access method is to configure 802.1x authentication on IoT devices, or configure a MAC address whitelist. The problem is that, firstly, most new dumb terminals cannot support 802.1x certification, which raises the equipment threshold and makes procurement less flexible; secondly, the traditional method is based on static information, and the rapid development of new services must involve a large number of equipment additions and changes, and even Changes in equipment brands and access based on static information make operation and maintenance inefficient.

2. How to detect implantation or invasion

The power Internet of Things is a TCP/IP network with network border protection based on firewalls. The charging station has many IoT devices exposed outside the building, such as charging piles and cameras. These devices are inside the network boundary but outside the physical boundary. It is easy for criminals to access through the outdoor physical port and launch attacks inside the network boundary.

3. How to dynamically assess the risks of IoT devices and be prepared

One of the major features of IoT devices is that the firmware is not easy to upgrade, and the default password for installation and operation and maintenance is not changed, leaving hidden dangers for long-term operation and maintenance. Over time, devices will continue to have vulnerabilities. Risk assessment of IoT devices is a relatively new field. In addition to dynamic assessment of a single device, it is also necessary to conduct an overall assessment and ranking of security risks in the network area, alert high-risk devices, and even isolate the network.

03

solution

To solve the above problems, we must first “see”, so as to achieve “manage”.

First, all terminals in the network should be detected to form an overall view, which can identify “legitimate devices” and “illegal devices”. This requires detecting the device type, MAC address, geographic location, etc. of the terminal, and matching the terminal with the local asset library or the linked external asset library. The ones that can be matched are legal terminals, and the unsuccessful ones are marked as illegal terminals.

Secondly, the terminal fingerprint is continuously detected. Once the terminal fingerprint changes, it means that its MAC address may be forged, it needs to be marked as a security event, and the network device is automatically linked to restrict its access.

In addition, a third-party IoT vulnerability detection system needs to be linked to collect and count terminal threats to form a risk assessment list so that risky devices can also be seen.

The complete system composition of the Ningdun solution includes Ningdun probe, Ningdun IoT central control, IoT vulnerability detection (optional), and a big data analysis platform for customer self-operation and maintenance (optional):

Ningdun Probe: Acts as a network “camera” and policy enforcer, discovering and detecting terminal information through traffic mirroring. When the traffic of IoT devices is relatively small, a single probe has a large capacity, and 1 to 2 probes can be deployed in each city;

Ningdun IoT Central Control: It is a pan-terminal asset and risk management center, which provides centralized asset view (linkage), centralized terminal view and terminal risk view;

IoT vulnerability detection system: After the Ningdun probe discovers the terminal device, it regularly scans it to enrich the terminal risk view, so that the Ningdun system can automatically alert or restrict network access according to the risk rating;

Big data analysis platform: The customer has its own platform, and Ning Dunyou can send various information and dynamics of terminal equipment to third parties.

Asset definition or linkage:

Terminal centralized visualization:

Terminal risk view (linked to OpenVAS effect):

04

Program Features

This solution abandons the idea of ​​border protection and adopts a borderless “zero trust” mechanism to solve the terminal problem. At the execution level, the whole process “visualization” replaces the traditional agent-based method to realize the terminal information collection problem. , responsible for the pan-terminal security management connector and perception center.

1. Innovation point:

Automation: After setting rules, it can automatically discover pan-terminals;

Open Ecology: Different from the previous attempts to provide overall solutions, it attempts to create a problem-solving ecosystem. Through linkage with various security products and big data platforms, the overall solution to the explosive growth of pan-terminal assets and security management issues;

Based on learning: Through machine learning, the terminal identification library is continuously expanded and the accuracy of terminal behavior judgment is improved.

2. Technical advantages

Automatically realize the classification of terminal assets, improve the accuracy of asset provision, realize real-time terminal asset statistics and update time, replace the traditional manual statistics method that cannot achieve global collection problems, and reduce management costs;

The larger the terminal scale, the lower the recognition cost and the higher the accuracy;

Automatically identify risk terminals, and be able to locate the terminal’s identity, location, equipment type, and risk situation, greatly improving the efficiency of problem discovery and resolution;

The open connection architecture improves the ability to jointly solve pan-terminal security problems, and can connect the security capabilities and data capabilities of different manufacturers to achieve joint solutions to pan-terminal security problems, such as DLP, vulnerability management, SIEM, and situational awareness.

05

customer feedback

“Ningdun terminal access products help improve the visualization of IT infrastructure, effectively identify the identity information and security of network access terminals, block illegal terminal access, and automatically isolate abnormal terminals and self-repair, ensuring the security of enterprise intranet resources. “

——From an artificial intelligence company

“For terminals accessing the network, Ningdun provides comprehensive terminal access security review and protection functions, which can effectively check the compliance of network access terminals. Through the client/clientless mode, the user access process is simplified and improved. It improves the user product experience. It is compatible with the existing network architecture, does not require network changes, supports linkage with third-party platforms, and strengthens the internal network security of enterprises. It is convenient, economical and efficient.”

——From a chip semiconductor company

“The Ningdun terminal access solution enhances the enterprise’s ability to visualize terminal management and control, including discovering and connecting to internal PCs, mobile phones, IoT devices, network devices, etc., as well as trusted and untrusted terminals, and performing flexible network access security control. Efficient, convenient and ecological linkage ability to realize the overall protection of the enterprise network environment.”

——From an IoT technology company

“The distributed deployment mode can flexibly adapt to the organizational structure of the enterprise and realize the centralized management and control requirements of the enterprise for terminal access. By conducting security checks on terminal access to the network, it can effectively prevent non-compliant terminals or terminals that do not meet security requirements from accessing the network, so that insecurity can be changed. It can be seen. For example, anti-virus software is not updated in time, operating system patches are not updated in time, security non-compliant software and other behaviors. Effectively improve the security baseline of the enterprise intranet.”

——From a large financial company

Safety Cow Review

While the industry is promoting the rapid development of the Industrial Internet of Things, the security issue of the Internet of Things has also sounded the alarm for us. In the past two years, domestic and foreign mining and equipment hijacking incidents have occurred frequently, and smart home products have continued to break out security loopholes. When loopholes are exploited, they will cause irreversible economic losses. At the same time, it is also reflected in the early stage of the construction of the Internet of Things industry. the importance of infrastructure. “Complicated attack sources, huge attack damage, and weak traditional protection” are the three major characteristics of IoT security.

Ningdun Technology’s IoT terminal security solution realizes “visualized” IoT asset discovery and terminal information collection. Through the third-party security platform, it realizes the automatic identification of terminal risks and greatly improves the efficiency of problem discovery and resolution.

The Links:   G190EG01-V1 EP4CE40F23I7N