Atjaunināt sīkdatņu piekrišanu

Orchestrating and Automating Security for the Internet of Things: Delivering Advanced Security Capabilities from Edge to Cloud for IoT [Mīkstie vāki]

, ,
  • Formāts: Paperback / softback, 1008 pages, height x width x depth: 235x190x52 mm, weight: 1860 g
  • Izdošanas datums: 06-Aug-2018
  • Izdevniecība: Cisco Press
  • ISBN-10: 1587145030
  • ISBN-13: 9781587145032
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 79,41 €
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
Orchestrating and Automating Security for the Internet of Things: Delivering Advanced Security Capabilities from Edge to Cloud for IoTPalielināt
  • Formāts: Paperback / softback, 1008 pages, height x width x depth: 235x190x52 mm, weight: 1860 g
  • Izdošanas datums: 06-Aug-2018
  • Izdevniecība: Cisco Press
  • ISBN-10: 1587145030
  • ISBN-13: 9781587145032
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9781587145032.html
Keywords:

Master powerful techniques and approaches for securing IoT systems of all kinds–current and emerging


Internet of Things (IoT) technology adoption is accelerating, but IoT presents complex new security challenges. Fortunately, IoT standards and standardized architectures are emerging to help technical professionals systematically harden their IoT environments. In Orchestrating and Automating Security for the Internet of Things, three Cisco experts show how to safeguard current and future IoT systems by delivering security through new NFV and SDN architectures and related IoT security standards.


The authors first review the current state of IoT networks and architectures, identifying key security risks associated with nonstandardized early deployments and showing how early adopters have attempted to respond. Next, they introduce more mature architectures built around NFV and SDN. You’ll discover why these lend themselves well to IoT and IoT security, and master advanced approaches for protecting them. Finally, the authors preview future approaches to improving IoT security and present real-world use case examples.


This is an indispensable resource for all technical and security professionals, business security and risk managers, and consultants who are responsible for systems that incorporate or utilize IoT devices, or expect to be responsible for them.


·         Understand the challenges involved in securing current IoT networks and architectures

·         Master IoT security fundamentals, standards, and modern best practices

·         Systematically plan for IoT security

·         Leverage Software-Defined Networking (SDN) and Network Function Virtualization (NFV) to harden IoT networks

·         Deploy the advanced IoT platform, and use MANO to manage and orchestrate virtualized network functions

·         Implement platform security services including identity, authentication, authorization, and accounting

·         Detect threats and protect data in IoT environments

·         Secure IoT in the context of remote access and VPNs

·         Safeguard the IoT platform itself

·         Explore use cases ranging from smart cities and advanced energy systems to the connected car

·         Preview evolving concepts that will shape the future of IoT security

 

Foreword xxvii
Introduction xxix
Part I Introduction to the Internet of Things (IoT) and IoT Security
Chapter 1 Evolution of the Internet of Things (IoT)
1(10)
Defining the Internet of Things
2(3)
Making Technology and Architectural Decisions
5(3)
Is the Internet of Things Really So Vulnerable?
8(1)
Summary
9(1)
References
10(1)
Chapter 2 Planning for IoT Security
11(20)
The Attack Continuum
11(2)
The IoT System and Security Development Lifecycle
13(4)
Phase 1: Initiation
15(1)
Phase 2: Acquisition and Development
15(1)
Phase 3: Implementation
16(1)
Phase 4: Operations and Maintenance
17(1)
Phase 5: Disposition
17(1)
The End-to-End Considerations
17(4)
Segmentation, Risk, and How to Use Both in Planning the Consumer/Provider Communications Matrix
21(9)
Segmentation
21(4)
New Approach
25(5)
Summary
30(1)
References
30(1)
Chapter 3 IoT Security Fundamentals
31(18)
The Building Blocks of IoT
31(4)
The IoT Hierarchy
35(2)
Primary Attack Targets
37(6)
Layered Security Tiers
43(3)
Summary
46(1)
References
47(2)
Chapter 4 IoT and Security Standards and Best Practices
49(34)
Today's Standard Is No Standard
49(4)
Defining Standards
53(3)
The Challenge with Standardization
56(2)
IoT "Standards" and "Guidance" landscape
58(5)
Architectural or Reference Standards
59(2)
Industrial/Market Focused
61(2)
Standards for NFV, SDN, and Data Modeling for Services
63(7)
Data Modeling and Services
67(3)
Communication Protocols for IoT
70(5)
Physical and MAC layers
73(1)
Network layer
73(1)
Transport Layer
74(1)
Application Layer
74(1)
Specific Security Standards and Guidelines
75(4)
Summary
79(1)
References
80(3)
Chapter 5 Current IoT Architecture Design and Challenges
83(102)
What, Why, and Where? A Summary
85(3)
Approaches to IoT Architecture Design
88(32)
An X-Centric Approach
91(7)
The People-/User-Centric IoT Approach (Internet of People and Social IoT)
98(2)
The Information-Centric IoT Approach
100(4)
The Data-Centric IoT Approach
104(2)
System Viewpoint: A Cloudy Perspective
106(12)
Cloud Computing
106(6)
Fog/Edge Computing
112(6)
Middleware
118(1)
lambda Architecture
119(1)
Full IoT Stack/Universal
120(1)
General Approaches
120(24)
Internet of Things Architecture Reference Architecture (IoT-A RA)
120(5)
ITU-T Y.2060
125(1)
IoT World Forum (IoTWF) Reference Model
126(3)
oneM2M Reference Architecture
129(3)
IEEE P
P2413
IoT Architecture
132(1)
The OpenFog Consortium Reference Architecture
133(5)
Alliance for the Internet of Things Innovation (AIOTI)
138(2)
Cloud Customer Architecture for IoT
140(2)
Open Connectivity Foundation and IoTivity
142(2)
Industrial/Market Focused
144(10)
The Industrial Internet Consortium (IIC)
144(4)
Industry 4.0
148(2)
OPC Unified Architecture (OPC UA)
150(3)
Cisco and Rockwell Automation Converged Plantwide Ethernet
153(1)
Cisco Smart Grid Reference Model: GridBlocks
153(1)
NFV- and SDN-Based Architectures for IoT
154(2)
Approaches to IoT Security Architecture
156(16)
Purdue Model of Control Hierarchy Reference Model
157(3)
Industrial Internet Security Framework (IISF) IIC Reference Architecture
160(5)
Cloud Security Alliance Security Guidance for IoT
165(3)
Open Web Application Security Project (OWASP)
168(1)
Cisco IoT Security Framework
168(4)
The IoT Platform Design of Today
172(11)
Security for IoT Platforms and Solutions
178(1)
Challenges with Today's Designs: The Future for IoT Platforms
179(4)
Summary
183(1)
References
183(2)
Part II Leveraging Software-Defined Networking (SDN) and Network Function Virtualization (NFV) for IoT
Chapter 6 Evolution and Benefits of SDX and NFV Technologies and Their Impact on IoT
185(66)
A Bit of History on SDX and NFV and Their Interplay
185(3)
Software-Defined Networking
188(29)
OpenFlow
192(3)
Open Virtual Switch
195(3)
Vector Packet Processing
198(3)
Programming Protocol-Independent Packet Processors (P4)
201(2)
OpenDaylight
203(9)
Extending the Concept of Software-Defined Networks
212(5)
Network Functions Virtualization
217(18)
Virtual Network Functions and Forwarding Graphs
221(4)
ETSI NFV Management and Orchestration (MANO)
225(10)
The Impact of SDX and NFV in IoT and Fog Computing
235(13)
Summary
248(1)
References
249(2)
Chapter 7 Securing SDN and NFV Environments
251(36)
Security Considerations for the SDN Landscape
251(21)
1 Securing the Controller
252(4)
Securing the Controller Application
252(1)
Securing the Underlying Operating System
253(1)
Securing the Controller East-West Communications
254(2)
2 Securing Controller Southbound Communications
256(4)
Authentication and Encryption
258(1)
Leveraging Inherent Protocol Security Options
259(1)
Revocation
259(1)
Checks and Balances
260(1)
3 Securing the Infrastructure Planes
260(3)
Operations
261(1)
Management Plane
261(1)
Control Plane
262(1)
Data Plane
262(1)
4 Securing Controller Northbound Communications
263(5)
API/REST Authentication
264(3)
Authorization
267(1)
Nonrepudiation
267(1)
5 Securing Management and Orchestration
268(2)
6 Securing Applications and Services
270(2)
Security Considerations for the NFV Landscape
272(13)
NFV Threat Landscape
273(1)
Secure Boot
274(1)
Secure Crash
275(1)
Private Keys Within Cloned Images
276(2)
Performance Isolation
278(1)
Tenant/User Authentication, Authorization, and Accounting (AAA)
279(2)
Authenticated Time Service
281(1)
Back Doors with Test and Monitor Functions
281(1)
Multi-administrator Isolation
282(1)
Single Root I/O Virtualization (SRIOV)
283(2)
SRIOV Security Concerns
285(1)
Summary
285(1)
References
285(2)
Chapter 8 The Advanced IoT Platform and MANO
287(36)
Next-Generation IoT Platforms: What the Research Says
287(4)
Next-Generation IoT Platform Overview
291(17)
Platform Architecture
294(1)
Platform Building Blocks
295(8)
Platform Intended Outcomes: Delivering Capabilities as an Autonomous End-to-End Service
303(5)
Model-Driven and Service-Centric
304(2)
Service Chaining
306(1)
Contextual Automation
307(1)
Example Use Case Walkthrough
308(13)
Event-Based Video and Security Use Case
309(15)
Preparatory Work
315(1)
Deploying the Use Case
316(3)
The Use Case in Action
319(2)
Summary
321(1)
References
321(2)
Part III Security Services: For the Platform, by the Platform
Chapter 9 Identity, Authentication, Authorization, and Accounting
323(94)
Introduction to Identity and Access Management for the IoT
324(12)
Device Provisioning and Access Control Building Blocks
326(1)
Naming Conventions to Establish "Uniqueness"
327(1)
Secure Bootstrap
328(1)
Immutable Identity
328(1)
Bootstrapping Remote Secure Key Infrastructures
329(1)
Device Registration and Profile Provisioning
330(1)
Provisioning Example Using AWS IoT
331(3)
Provisioning Example Using Cisco Systems Identity Services Engine
334(2)
Access Control
336(15)
Identifying Devices
336(1)
Endpoint Profiling
337(1)
Profiling Using ISE
337(3)
Device Sensor
340(5)
Methods to Gain Identity from Constrained Devices
345(1)
Energy Limitations
346(1)
Strategy for Using Power for Communication
347(1)
Leveraging Standard IoT Protocols to Identify Constrained Devices
348(1)
CoAP
349(1)
MQTT
350(1)
Authentication Methods
351(16)
Certificates
351(4)
X.509
352(1)
IEEE 1609.2
353(1)
Private Key Infrastructure
353(2)
Trust Stores
355(1)
Revocation Support
356(1)
CRL
356(1)
OCSP
357(1)
SSL Pinning
357(1)
Passwords
357(1)
Limitations for Constrained Devices
358(1)
Biometrics
359(2)
TouchID
359(1)
Face ID
359(1)
Risk Factor
360(1)
AAA and RADIUS
361(1)
A/V Pairs
362(1)
802.1X
363(2)
MAC Address Bypass
365(1)
Flexible Authentication
366(1)
Dynamic Authorization Privileges
367(23)
Cisco Identity Services Engine and TrustSec
368(1)
RADIUS Change of Authorization
368(3)
CoA Requests
368(1)
CoA Request/Response Code
369(1)
Session Identification
369(1)
CoA Request Commands
370(1)
VLAN
371(3)
Access Control Lists
374(2)
TrustSec and Security Group Tags
376(3)
The Security Group Tag
377(1)
Software Defined
378(1)
Dynamic Segmentation Based on RBAC
378(1)
TrustSec Enablement
379(5)
Classification
380(1)
Propagation
381(2)
Inline Tagging Mediums (Ethernet and L3 Crypto)
383(1)
Enforcement
384(1)
SGACL
384(6)
Consumer/Provider Matrix
384(2)
SGACL for North-South and East-West
386(2)
Automation of SGACLs and Dynamic Segmentation
388(2)
Manufacturer Usage Description
390(4)
Finding a Policy
390(1)
Policy Types
390(2)
The MUD Model
392(2)
AWS Policy-based Authorization with IAM
394(3)
Amazon Cognito
395(1)
AWS Use of IAM
395(1)
Policy-based Authorization
395(2)
Accounting
397(5)
How Does Accounting Relate to Security?
398(1)
Using a Guideline to Create an Accounting Framework
398(2)
Meeting User Accounting Requirements
400(2)
Scaling IoT Identity and Access Management with Federation Approaches
402(9)
IoT IAM Requirements
403(1)
OAuth 2.0 and OpenID Connect 1.0
404(1)
OAuth 2.0
404(1)
OpenID Connect 1.0
405(1)
OAuth2.0 and OpenID Connect Example for IoT
405(1)
Cloud to Cloud
406(2)
Native Applications to the Cloud
408(1)
Device to Device
409(2)
Evolving Concepts: Need for Identity Relationship Management
411(3)
Summary
414(1)
References
415(2)
Chapter 10 Threat Defense
417(82)
Centralized and Distributed Deployment Options for Security Services
418(4)
Centralized
418(2)
Components
419(1)
Distributed
420(2)
Hybrid
422(1)
Fundamental Network Firewall Technologies
422(6)
ASAv
423(1)
NGFWv
423(1)
Network Address Translation
424(1)
Dynamic NAT
424(1)
Static NAT
424(1)
Overlapping
425(1)
Overloading or Port Address Translation
425(1)
Packet Filtering
426(2)
Industrial Protocols and the Need for Deeper Packet Inspection
428(2)
Common Industrial Protocol
428(1)
Lack of Security
429(1)
Potential Solutions: Not Good Enough
430(1)
Alternative Solution: Deep Packet Inspection
430(3)
Sanity Check
431(1)
User Definable
432(1)
Applying the Filter
432(1)
Application Visibility and Control
433(4)
Industrial Communication Protocol Example
435(1)
MODBUS Application Filter Example
436(1)
Intrusion Detection System and Intrusion Prevention System
437(3)
IPS
438(1)
Pattern Matching
438(1)
Protocol Analysis
439(1)
IDS/IPS Weakness
439(1)
Advanced Persistent Threats and Behavioral Analysis
440(15)
Behavior Analysis Solutions
441(1)
Protocols Used to Gain Additional Visibility
442(2)
NetFlow
442(2)
Flexible NetFlow
444(1)
Network-Based Application Recognition
444(1)
Network Security Event Logging
444(1)
Network as a Sensor
444(2)
Algorithms for Security Events
445(1)
Pairing with Contextual Information and Adaptive Network Control
446(4)
Cisco TrustSec Fields in Flexible NetFlow
447(1)
Anomaly Detection Example
447(3)
Encrypted Traffic Analytics
450(5)
Detecting Threats Using Encrypted Traffic Analytics
451(3)
Crypto Compliance
454(1)
WannaCry Example
454(1)
Malware Protection and Global Threat Intelligence
455(7)
Cisco Advanced Malware Protection and TALOS
456(6)
Point-in-Time Detection, Retrospective Security, and Sandboxing
456(3)
Example of How the Firewall Uses the Malware Feature
459(2)
File Policy
461(1)
DNS-Based Security
462(4)
Umbrella (DNS Security + Intelligent Proxy)
463(3)
Intelligent Proxy
464(1)
Umbrella + AMP Threat Grid
465(1)
Using Umbrella to Help Protect Healthcare
465(1)
Centralized Security Services Deployment Example Using NSO, ESC, and OpenStack
466(20)
ETSI MANO Components in the Use Case
468(1)
VMs (Services) Being Instantiated in the Use Case
469(1)
Use Case Explanation
469(17)
Activation Sequence Basics and NSO Service Creation (VNFD, NSD, and NSR)
470(2)
Activation Sequence Example
472(2)
Fulfillment and Assurance Sequences Basics
474(1)
Monitoring and KPI
475(1)
Prerequisites for Monitoring
475(1)
Metrics and Actions and Dynamic Mapping
475(3)
Dynamic Mapping in the Data Model
478(1)
Monitoring Methods
479(1)
Fulfillment and Assurance Sequence Examples
479(1)
KPI
480(3)
Rules
483(3)
Distributed Security Services Deployment Example Using Cisco Network Function Virtualization Infrastructure Software (NFVIS)
486(9)
Solution Components
487(1)
NFVIS
488(2)
Hardware
488(2)
Supported VMs
490(1)
Orchestration
490(1)
vBranch Function Pack
490(28)
Service Chaining and Traffic Flow
494(1)
Summary
495(1)
References
495(4)
Chapter 11 Data Protection in IoT
499(76)
Data Lifecycle in IoT
507(11)
Data at Rest
518(6)
Data Warehouses
521(1)
Data Lakes
522(2)
Data in Use
524(3)
Data on the Move
527(4)
Protecting Data in IoT
531(42)
Data Plane Protection in IoT
531(34)
Message Queuing Telemetry Transport Protocol
532(1)
Authentication in MQTT
533(2)
Authorization in MQTT
535(4)
Confidentiality in MQTT
539(1)
Integrity in MQTT
540(2)
Availability in MQTT
542(1)
Nonrepudiation in MQTT
543(1)
RabbitMQ
544(3)
Authentication in RabbitMQ
547(1)
Authorization in RabbitMQ
548(1)
Confidentiality in RabbitMQ
549(1)
Integrity in RabbitMQ
549(1)
Availability in RabbitMQ
550(1)
Other Considerations Related to Data Availability in RabbitMQ
550(2)
Nonrepudiation in RabbitMQ
552(1)
Example: Orchestrated Security on RabbitMQ at the Fog Node Level
552(8)
Cisco Edge and Fog Processing Module (EFM)
560(4)
Data Virtualization: Enabling Single Query Models in IoT
564(1)
Protecting Management Plane Data in IoT
565(1)
Protecting Control Plane Data
566(1)
Considerations When Planning for Data Protection
567(6)
Summary
573(1)
References
574(1)
Chapter 12 Remote Access and Virtual Private Networks (VPN)
575(50)
Virtual Private Network Primer
575(1)
Focus for This
Chapter
576(1)
Site-to-Site IPsec VPN
576(12)
IPsec Overview
577(2)
Authentication Header (AH)
578(1)
Encapsulating Security Payload (ESP)
578(1)
Internet Key Exchange (IKE) Overview
578(1)
IKEv1 Phase 1
579(3)
Authentication Method
579(1)
Diffie-Hellman (D-H) Groups
580(1)
Encryption Algorithms
580(1)
Hashing Algorithms
580(1)
IKE Modes (Main and Aggressive)
580(2)
Aggressive Mode
582(1)
IKEv1 Phase 2
582(2)
NAT-Traversal (NAT-T)
583(1)
Perfect Forward Secrecy (PFS)
584(1)
Internet Key Exchange Protocol Version 2
584(2)
IKEv2 Exchange
584(2)
Benefits of IKEv2 over IKEv1
586(2)
Software-Defined Networking-Based IPsec Flow Protection IETF Draft
588(4)
IPsec Databases
589(1)
Use Case: IKE/IPsec Within the NSF
589(1)
Interface Requirements
590(2)
Multiple Security Controllers
591(1)
Applying SDN-Based IPsec to IoT
592(2)
Leveraging SDN for Dynamic Decryption (Using IKE for Control Channels and IPsec for Data Channels)
592(2)
Software-Based Extranet Using Orchestration and NFV
594(4)
Traditional Approach
594(1)
Automating Extranet Using Orchestration Techniques and NFV
595(2)
Software-Based Extranet Use Case
597(1)
Remote Access VPN
598(24)
SSL-Based Remote Access VPN
598(1)
SSL VPN for Multiple Solutions
599(1)
Reverse Proxy
599(1)
Clientless and Thin Client VPN
599(12)
Tunnel Groups and Group Policies
600(2)
Clientless Components
602(1)
Clientless Portal
602(2)
Application Access (Bookmarks, Port Forwarding, Smart Tunnels)
604(5)
Dynamic Access Policy
609(1)
Clientless Example for IoT: Oil and Gas
610(1)
Client Based: Cisco AnyConnect Secure Mobility Client
611(1)
Cisco AnyConnect
611(1)
Deployment
611(1)
Configuration Choices
612(1)
Modules
612(5)
VPN Module
612(2)
Network Access Manager Module
614(1)
Endpoint Compliance Module
614(1)
Roaming Protection Module
614(1)
Network Visibility Module
615(1)
Threat Protection Module
616(1)
Using AnyConnect in Manufacturing: Use Case Example
617(14)
Use Case
617(1)
Working Components
618(4)
Summary
622(1)
References
622(3)
Chapter 13 Securing the Platform Itself
625(44)
Visualization Dashboards and Multitenancy
627(4)
Back-End Platform
631(27)
Scenario 1: A New Endpoint Needs to Be Connected to the Network
639(1)
Scenario 2: A User Wants to Deploy a New Service Across the Fog, Network, and Data Center Infrastructure
639(2)
Scenario 3: Creating New Data Topics and Enabling Data Sharing Across Tenants
641(12)
Docker Security
653(3)
Kubernetes Security and Best Practices
656(2)
Communications and Networking
658(2)
Fog Nodes
660(6)
End Devices or "Things"
666(1)
Summary
667(1)
References
667(2)
Part IV Use Cases and Emerging Standards and Technologies
Chapter 14 Smart Cities
669(60)
Use Cases Introduction
669(1)
The Evolving Technology Landscape for IoT
670(2)
The Next-Generation IoT Platform for Delivering Use Cases Across Verticals: A Summary
672(4)
Smart Cities
676(2)
Smart Cities Overview
678(10)
The IoT and Secure Orchestration Opportunity in Cities
688(5)
Security in Smart Cities
693(3)
Smart Cities Example Use Cases
696(29)
Use Case Automation Overview and High-Level Architecture
701(1)
Power Monitoring and Control Use Case: Secure Lifecycle Management of Applications in the Fog Nodes
702(3)
Access Control and Sensor Telemetry of City Cabinets: Simple and Complex Sensor Onboarding
705(4)
Sensor Access Control
708(1)
Event-Based Video: Secure Data Pipeline and Information Exchange
709(5)
Public Service Connectivity on Demand: Secure User Access and Behavioral Analysis
714(4)
Emergency Fleet Integration
718(3)
Automated Deployment of the Use Cases
721(4)
Summary
725(2)
References
727(2)
Chapter 15 Industrial Environments: Oil and Gas
729(68)
Industry Overview
733(2)
The IoT and Secure Automation Opportunity in Oil and Gas
735(3)
The Upstream Environment
738(6)
Overview, Technologies, and Architectures
739(3)
Digitization and New Business Needs
742(1)
Challenges
743(1)
The Midstream Environment
744(5)
Overview, Technologies, and Architectures
744(3)
Digitization and New Business Needs
747(1)
Challenges
748(1)
The Downstream and Processing Environments
749(5)
Overview, Technologies, and Architectures
749(3)
Digitization and New Business Needs
752(1)
Challenges
753(1)
Security in Oil and Gas
754(9)
Oil and Gas Security and Automation Use Cases: Equipment Health Monitoring and Engineering Access
763(25)
Use Case Overview
763(2)
Use Case Description
765(2)
Deploying the Use Case
767(6)
Preconfiguration Checklist
773(4)
Automated Deployment of the Use Cases
777(1)
Securing the Use Case
778(3)
Security Use Case #1: Identifying, Authenticating, and Authorizing the Sensor for Network Use
778(2)
Security Use Case #2: Detecting Anomalous Traffic with Actionable Response
780(1)
Power of SGT as a CoA
781(1)
Auto-Quarantine Versus Manual Quarantine
782(1)
Security Use Case #3: Ensuring That Contractors and Employees Adhere to Company Policy (Command Validation)
782(1)
Leveraging Orchestrated Service Assurance to Monitor KPIs
783(26)
Security Use Case #4: Securing the Data Pipeline
786(2)
Evolving Architectures to Meet New Use Case Requirements
788(4)
Summary
792(2)
References
794(3)
Chapter 16 The Connected Car
797(76)
Connected Car Overview
800(9)
The IoT and Secure Automation Opportunity for Connected Cars
809(21)
The Evolving Car Architecture
824(6)
Security for Connected Cars
830(19)
Connected Car Vulnerabilities and Security Considerations
838(11)
Connected Car Security and Automation Use Case
849(22)
Use Case Overview
852(2)
Use Case Automation Overview
854(1)
Secure Access/Secure Platform: Boundary Firewall for OTA Secure Updates
855(2)
Secure Network: Segmentation, Zones, and Interzone Communication
857(1)
Secure Content: Intrusion Detection and Prevention
858(3)
Secure Intelligence: Secure Internet Access from the Vehicle
861(1)
The Future: Personalized Experience Based on Identity
862(1)
Federal Sigma VAMA: Emergency Fleet Solution
863(4)
Automated Deployment of the Use Case
867(4)
Summary
871(1)
References
871(2)
Chapter 17 Evolving Concepts That Will Shape the Security Service Future
873(30)
A Smarter, Coordinated Approach to IoT Security
876(4)
Blockchain Overview
880(8)
Blockchain for IoT Security
888(2)
Machine Learning and Artificial Intelligence Overview
890(3)
Machine Learning
893(1)
Deep Learning
894(1)
Natural Language Processing and Understanding
895(1)
Neural Networks
896(2)
Computer Vision
898(2)
Affective Computing
898(1)
Cognitive Computing
898(1)
Contextual Awareness
899(1)
Machine Learning and Artificial Intelligence for IoT Security
899(1)
Summary
900(1)
References
901(2)
Index 903
Anthony Sabella, CCIE No. 5374, is the lead cybersecurity architect for the Enterprise Chief Technology Office at Cisco and has worked at Cisco for eight years. Anthony leads innovative work streams on methods to break free from manual tasks by applying the latest virtualization and orchestration techniques to cybersecurity. He combines this with machine learning concepts and the ingestion of intelligence feeds, to design effective solutions that can self-manage and self-heal. Anthony applies these concepts across a variety of use cases, including financial institutions, healthcare, energy, and manufacturing (examples included in this book).

Before joining Cisco, Anthony worked as principal engineer for a global service provider for 13 years, where he created cybersecurity solutions for enterprise customers. Anthony was also the cofounder and CTO for a technology consulting firm responsible for designing cybersecurity solutions for both commercial and enterprise customers. Anthonys expertise has resulted in speaking engagements at major conferences around the world for both Cisco and its major partners. Anthony holds a masters degree in computer science and an active CCIE, and he is a contributing member in the IEEE Cyber Security community.

Rik Irons-Mclean is the Industry Principal for Oil & Gas at Cisco. Rik has worked at Cisco for 11 years and has had lead roles in IoT/IIoT, communications and security for power utilities and process control industries, and energy management and optimization. He has led technical global teams in taking new products to market in all theaters, specializing in driving new technology adoption in both established and emerging markets. Before joining Cisco, he worked for a Cisco service provider partner for eight years, where he focused on converged solutions.

Rik has represented Cisco in a number of industry and standards bodies, including Open Process Automation, IEC 61850 for industrial communications, and IEC 62351 for industrial security. Additionally, he elected the U.K. lead for Cigre SC D2 for communications and security in the power industry. Rik has written for a number of industry publications and authored whitepapers on such topics as industrial cybersecurity, IoT security, distributed industrial control systems, next-generation operational field telecoms, fog computing, and digital IoT fabric architectures.

Rik holds a bachelor of science degree and a master of business administration degree, focused on international leadership. He is currently studying for a doctorate in cybersecurity.

Marcelo Yannuzzi is a principal engineer at the Chief Strategy Office in Cisco. Marcelo leads strategic innovation in the areas of IoT, security, and novel architectures fusing cloud and fog computing. He has led flagship innovations across different industry verticals, some of which are outlined in this book. Marcelo also provides strategic advisory on new business opportunities and technologies for Cisco and start-ups.

Before joining Cisco, Marcelo was the head of the Advanced Network Architectures Lab at the Department of Computer Architecture in a Barcelona university. He was the cofounder and CTO of a start-up for which Cisco was its first customer. Marcelo is the author of more than 100 peer-reviewed publications, including top journals and conferences in the areas of IoT, fog computing, security, NFV, software-defined systems (SDX), multilayer network management and control, sensor networks, and mobility. Marcelo has led several European research projects and contracts in the industry, and his research was funded multiple times by Cisco. He is a frequent speaker and invited panelist at major conferences and forums. He held previous positions as an assistant professor at the physics department in a universitys school of engineering.

Marcelo holds a bachelors degree in electrical engineering and both a master of science degree and a Ph.D. in computer science.