Name: IoT Security Best Practices: Migrating Away from Open Source Security
Start: 2018-04-11T18:00:00Z
End: 2018-04-11T18:00:41.000Z
Location: BrightTALK
Rating: 4

Mocana is here to protect the planet one secure endpoint at a time. Through on-device cyber-protection software and a comprehensive lifecycle management platform, Mocana empowers manufacturers, governments and companies to build self-defending, tamper-resistant devices that are trusted end-to-end.Mocana protects families, companies, cities and countries by securing the mission-critical connected devices of our modern world.
Mocana safeguards more than 100 million devices and is trusted by 200 of the largest industrial manufacturing, aerospace, defense, utility, energy, medical and transportation companies globally. More information is available at www.mocana.com and on Linkedin, Twitter, Facebook or YouTube.

An increasing number of IIoT devices, and an expanding interconnectedness between these devices, cloud-based services, and traditional IT networks has created a massive attack surface that can be exploited by criminal actors. Thus, the board of directors of many industrial enterprises now require their executive teams to report on the level and specificity of cybersecurity risk related to their IIoT devices. In this webinar, Rolf O’Grady (Mocana’s VP, Customer Success) will discuss how traditional risk management methods and adherence to IIoT-specific cybersecurity standards can address this demand.

Reporting on Cybersecurity Risk for Industrial IoT (IIoT) Devices

IT security vendors often use language similar to that of OT security vendors to describe their offerings. However, most of the devices described as ‘IoT endpoints’ run standard operating systems and come with significant system resources. IIoT devices are far less standards-based, and often come with unique operating requirements and significant system resource constraints. In this webinar, Rolf O’Grady (Mocana’s VP, Customer Success) will discuss why the majority of IoT/IIoT endpoints aren’t candidates for traditional IT-centric endpoint security solutions and don’t address their unique cryptographic needs.

IT (Information Technology) versus OT (Operational Technology) approaches to IoT

Compliance-based standards such as NIST SP 800-53, DO-355/ED 204, the CJIS Security Policy, NERC-CIP, and ISO 15118 were developed to address the cybersecurity needs of a specific industry. Risk-based standards such as ISO 27001 and ISA/IEC 62443 were developed to address a more comprehensive and industry-agnostic set of cybersecurity needs. In this webinar, Mocana CTO Dean Weber will discuss why compliance-built standards are not a replacement for risk-based standards.

Understanding IEC 62443 and Cybersecurity Standards

Securing distributed systems does not have to be hard! When industry leaders in security and connectivity come together, they can help fast track the development of high-performing, secure industrial control systems (ICS) and IoT devices while enabling compliance with stringent cybersecurity standards. Join us as Mocana, the leading provider of device security solutions for IoT and industrial control systems, and Real-Time Innovations (RTI), the leading Industrial Internet of Things (IIoT) connectivity company, share insights about establishing essential device security to both scale and protect your IIoT systems through their expected lifecycle. Mocana & RTI will also highlight how their integrated solution saves OEMs time and money while accelerating the delivery of a secure offering in today’s marketplace.

How to Overcome Obstacles of IIoT System Security

One of the biggest security challenges for electric utilities is upgrading the vast number of substation control systems that lack compliant electronic access controls. Ensuring the safety and reliability of our electric grid requires a practical and effective approach to upgrading security across a variety of IEDs, RTUs, gateway controllers and bridges. Additionally, complying with standards such as NERC CIP 003-7, IEC 62443, IEC 62351, FIPS 140-2, and NIST 800-53 require stronger access controls and authentication. In this session, Mocana and GE will present an overview of the cyber threat vectors impacting the grid and ways to defend against them. Additionally, an example will be presented on upgrading brownfield substation devices with DNP3 Secure Authentication and stronger cryptographic controls to meet the new and existing cybersecurity standards.

Updating Brownfield Substation Control Systems with DNP3 Secure Authentication

Part 3 Automated Certificate Management

Protecting the manufacturing supply chain requires rethinking the way companies develop, manufacture, activate and manage IoT devices. Traditional IT approaches to identity management, enrollment and updates are vulnerable and not scalable. This 3-part webinar series will focus on approaches for making it easier to automate onboarding, enrollment and device management and updates.

Automated Security Lifecycle Management – Mocana TrustCenter

IoT Industrial Cloud systems are rapidly maturing as packaged systems that can sense, collect, analyze, and action on edge devices. However, the software-based device security and manual/proprietary provisioning methods delivered by platform providers are preventing deployments from scaling. 

In this webinar, we decompose the industrial data pipeline and demonstrate where device management security services instrumented for hardware security can be applied to build a connected security model that attests, provisions, updates, and manages devices. Automated secure device provisioning without human intervention is the key scaling element to place more devices into service to accelerate value from the Industrial Cloud.

Industrial Cybersecurity: Zero Touch Provisioning

Part 3 Securing Firmware Updates and Patches

When people think about cybersecurity today, they typically think about securing data in motion and at rest or analyzing threats. But when you move into this new Iot connected world, you need to think about more than just the data and monitoring hackers. How do you ensure you can trust the actual IoT endpoint device? This 3-part webinar series will focus on approaches for making devices trustworthy and enabling secure device-to-cloud communications.

Protecting IoT Endpoint Devices and Communications – Mocana TrustPoint

Part 2 - Update Service

Protecting the manufacturing supply chain requires rethinking the way companies develop, manufacture, activate and manage IoT devices. Traditional IT approaches to identity management, enrollment and updates are vulnerable and not scalable. This 3-part webinar series will focus on approaches for making it easier to automate onboarding, enrollment and device management and updates.

Part 2 Dangers of Relying on Threat Detection

When people think about cybersecurity today, they typically think about securing data in motion and at rest or analyzing threats. But when you move into this new connected world, you need to think about more than just the data and watching hackers. How do you ensure you can trust the actual IoT endpoint device? This 3-part webinar series will focus on approaches for making devices trustworthy and enabling secure device-to-cloud communications.

Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. This session will cover how Mocana enables the use TPM certified keys to secure Docker containers, LinuX Containers (LXCs) and VMs on industrial IoT gateways and endpoints.

Securing Containers in IIoT Gateways and Endpoints with TPM 2.0

Part 1 Enrollment Service

Protecting the manufacturing supply chain requires rethinking the way companies develop, manufacture, activate and manage IoT devices. Traditional IT approaches to identity management, enrollment and updates are vulnerable and not scalable. This 3-part webinar series will focus on approaches for making it easier to automate onboarding, enrollment and device management and updates.

Part 1 - Securing the Boot Process

When people think about cybersecurity today, they typically think about securing data in motion and at rest or analyzing threats. But when you move into this new IoT connected world, you need to think about more than just the data and monitoring hackers. How do you ensure you can trust the actual IoT endpoint device? This 3-part webinar series will focus on approaches for making devices trustworthy and enabling secure device-to-cloud communications.

The industrial Internet Consortium (IIC) has released the Endpoint Security Best Practices (ESBP) document that provides recommendations on the type of security industrial equipment manufacturers and operators should implement on endpoint devices. In this webinar, industry experts will provide an overview of the recommendations and demonstrate how to approach implementing the guidance.

Endpoint Security Best Practices: Implementing the New Guidance from IIC

Part 2 – Understanding Compliance and Support Costs

Open source security software has made it easy for developers to get started with securing IoT devices. In this webinar (Part 2 in a 3-part series), you’ll hear from industry experts on the hidden compliance challenges and support costs of using open source security.

IoT Security Best Practices: Migrating Away from Open Source Security

Part 1 – Understanding the Hidden Vulnerabilities and Risks of Open Source Security

Open source security software has made it easy for developers to get started with securing IoT devices. In this webinar (Part 1 in a 3-part series), you’ll hear from industry experts on the hidden vulnerabilities and risks of using open source security software, especially for resource-constrained devices and IoT.

The Department of Homeland Security (DHS) released a report on the HatMan malware in December 2017. The focus of the malware attack was on key safety control systems used in industrial environments that impact the safety and reliability of mission-critical systems. In this webinar, we will provide you with:

• An overview of the attack, also known as TRITON or Trisis
• Identify the defensive mechanisms that failed
• Provide recommendations and best practices for ensuring the safety and reliability of industrial control and safety systems.

We look forward to having you join us for this informative session.

Defending Against HatMan Malware & Cyber Attacks on Industrial Control Systems

Part 3 – How to Migrate Safely off of Open Source Security and SSL Libraries

Open source security software has made it easy for developers to get started with securing IoT devices. In this webinar (Part 3 in a 3-part series), you’ll hear from industry experts on how to migrate off of open source security and SSL libraries with Mocana.

IoT Security

Open Source Security

Data Protection

SSL Libraries

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

IoT Security Best Practices: Migrating Away from Open Source Security

Presented by

About this talk

More from this channel