Intel and AWS have helped to deliver advances in technology and infrastructure that are delivering economic value to IoT Solutions across many industries and segments. This session will discuss the benefits and impediments to adoption of IoT solutions and include case studies from Smart Buildings, Parking, Transportation and Health with security as a foundational pillar to all these IoT solutions.
Speaker: Andrew Hurren, Senior Regional Solution Architect, ANZ, Intel Security and Peter Kerney, Enterprise Solutions Architect, Intel
Session Sponsored by Intel: Smart Cities, Infrastructure and Health powered by the Secure Internet of Things (IoT)
1. Smart Cities, Infrastructure and Health
powered by the Secure Internet of Things
Peter Kerney, Intel Australia
Andrew Hurren, Intel Security
2. 1. IDC
2. MC/EDC: The Digital Universe of
Opportunities
3. Goldman Sachs
4. IMS Research
The Internet of Things is …
Home
Mobile
Network
Industrial
Gateway
DC/Cloud
44ZETABYTES2
3
COST OF
SENSORS 2X
PAST10YEARS
COST OF
BANDWIDTH40X
PAST10YEARS
COST OF
PROCESSING60X
PAST10YEARS
50BDEVICES1
85%UNCONNECTED4
21
212BSensors
3. Saved $1M in
1 Building / Year
$.50/sq ft.
Di-BOSS (Digital Building
Operating System) + Cisco
Energy Management:
Electrical, Steam and Water
Measured Benefits:
$9M/ year
Intel’s Assembly / Test –
sensors and analytics help
maintain productivity.
Potential US Benefits:
38 Million Tons
of CO
2
Vnomics solution: 6%
increase in fuel economy
across 100% of fleet =
$15M / Year
Saved $1M in
one Building
in first year
Energy Management
with IT/OT for Electrical,
Steam and Water
Saved $9M in
one year
Intel’s Assembly / Test –
sensors and analytics
help maintain
productivity.
Reduces
of CO
2
Emissions
38MTons in US
6% increase in fuel
economy across 100% of
fleet savings of $15M per
Year
Potential US Benefits:
100M credit card
numbers stolen
in 2013
NCR POS w/ Intel® DPT
and vPro for Transactions:
Reducing fraud through e2e
encryption.
100M credit card
numbers stolen
in U.S. 2013
Reducing fraud
through
e2e encryption for
POS
Smart Retail Smart Manufacturing Smart Transportation Smart Buildings
Saved $1M in
1 Building / Year
$.50/sq ft.
Di-BOSS (Digital Building
Operating System) + Cisco
Energy Management:
Electrical, Steam and Water
Reduces risk of
child
accidents
Intel new product to alert
parents who left their
kids in the car
Smart Consumer
3*Other names and brands may be claimed as the property of others.
Intel IoT Case Studies: Results
4. 300 observations per
second from each
patient
Machine learning and
graph analytics to deliver
more accurate predictive
models
How It Works
Problem
Significant challenges in monitoring symptoms,
the progression of the disease, and
the effectiveness of drug therapies.
*Other names and brands may be claimed as the property of others
Michael J. Fox
Foundation
Anonymous patient data is
aggregated and analyzed
4
https://videoportal.intel.com/media/The+Michael+J.+Fox+Foundation+and+Intel+join+jorces+to+improve+Parkinson%27s+Disease+%28YouTube%29/0_7ad5hbdw
Smart Healthcare: Parkinson's Disease
5. Incremental Revenue - Smart Cities: Traffic Management
5
Service Gateway
Service 1 Service 2 Service 3 Service 4
Strategic PartnersE
R
P
C
R
M
Automotive PartnersCity Partners
M B S F L P
Applications
API Management Intel Mashery
API Management Platform
Car Navigation
API
free free
Parking API Violation API
Parking House
API
Shopping Boni API
6. 6
Intel IoT in Action: Irrigation Automation
*Other names and brands may be claimed as the property of others.
Challenges/Opportunities
• Malaysia produces 80% of rice consumed,
imports 20%
• Improve rice harvest from 2 to 3 cycles by
improving water pond depth control
• Automation of rice paddy water irrigation
system supply to the paddy fields
Solution
An IoT system that collects real-time paddy data
and automates water irrigation
Solution Components
• Intel® IoT Gateway by Kontron *
• Abbaco Controls * cloud controls & local automation
• WIND Development Platform
• Intel® 3G Modem
Business Outcomes
• Water savings of up to
10%
• Rice yields increased by
50%
• Reduced labor expenses
• Accurate & real-time
status of water flow
Door Open/Close Sensor
Solar Power
Monitoring Sensor
Water Level
Sensor
Temperature
Sensor Actuator
3G/Cloud Connection
Video - http://www.intel.com/content/www/us/en/internet-of-things/videos/abbaco-controls-uses-iot-for-water-supply-management.html
7. There are Challenges to IoT Scale…
7
Security, Privacy, and Compliance
Fragmentation of Vertical Markets
IT/OT and Legacy Infrastructure Integration
Connectivity
Underutilized Data
Interoperability and Standards
8. Intel: Leading in IoT Standards and Consortia
8*Other names and brands may be claimed as the property of others.
IOT END-TO-END WORLDWIDE STANDARDSChina IoT National
Standards Group
80+
Industry
Standards
Open Source
Solutions
Interoperability
+ =
185+
Reference
Architecture
Frameworks
and
Testbeds
Interoperability
+ =
IIC Founder Companies OIC Board of Directors
9. Intel’s Strategy to Enable a Smart World
9
Communications, Discovery
and Provisioning
Monetize HW, SW, and
Data Management
Actionable Analytics
Data Normalization1001000100100100100
10011
Security as the Foundation
- HW and SW
10. Logical Definition of Intel® IoT Platform – Rev2.1
10
MCU
WiFi + LP WiFi
Bluetooth* + BTLE
2G/3G/4G/LTE (GPRS)
ZigBee*
Zwave*
6LoWPAN*
WiHART*
RFID
Satellite
Ethernet
Gateway
I/O
I/O
Data as a
Service (DaaS)
Data Ingestion &
Processing
Load
Balancer
Services
Orchestration
Data Transport
Broker
Query
Storage
Compute
Metadata
Catalog
TCP/IP
Security & Edge
Management Systems
MQTT, HTTPS,
CoAP, REST,
XMPP, DDS,
etc.
TCP/IP
TCP/IP
Gateway
APILibrary&APIMgmt
Device Attestation
Persistence &
Concurrency
Cloud Management System (Monitoring, Auto-scaling, Logging, Eventing)
Device Attestation Analytics
MCU
MCU & Gateway: Identity Protection + Secure Boot
Rev 2.1
I/O
Sensor
Actuator
Sensor
Actuator
Sensor
Sensor
= Protocol Abstraction Layer
The Intel® IoT Platform is an end-to-end reference model and family of products from Intel—that works with third-party solutions—to provide a foundation
for seamlessly and securely connecting devices, delivering trusted data to the cloud, and delivering value through analytics.
*Other names and brands may be claimed as the property of others.
11. Logical Definition of Intel® IoT Platform – Rev2.1
10
MCU
WiFi + LP WiFi
Bluetooth* + BTLE
2G/3G/4G/LTE (GPRS)
ZigBee*
Zwave*
6LoWPAN*
WiHART*
RFID
Satellite
Ethernet
Gateway
I/O
I/O
Data as a
Service (DaaS)
Data Ingestion &
Processing
Load
Balancer
Services
Orchestration
Data Transport
Broker
Query
Storage
Compute
Metadata
Catalog
TCP/IP
Security & Edge
Management Systems
MQTT, HTTPS,
CoAP, REST,
XMPP, DDS,
etc.
TCP/IP
TCP/IP
Gateway
APILibrary&APIMgmt
Device Attestation
Persistence &
Concurrency
Cloud Management System (Monitoring, Auto-scaling, Logging, Eventing)
Device Attestation Analytics
MCU
MCU & Gateway: Identity Protection + Secure Boot
Rev 2.1
I/O
Sensor
Actuator
Sensor
Actuator
Sensor
Sensor
U
P
A
L
U
P
A
L
U P A L = Protocol Abstraction Layer
The Intel® IoT Platform is an end-to-end reference model and family of products from Intel—that works with third-party solutions—to provide a foundation
for seamlessly and securely connecting devices, delivering trusted data to the cloud, and delivering value through analytics.
*Other names and brands may be claimed as the property of others.
12. As a Service
Cloud Economics
Agility/Response
Open for Innovation
IaaS, PaaS, SaaS
API’s e.g. “DHL button”
Weeks to Days, Hours to Minutes
Orchestration and Automation
On-Demand …with Cloud
Other names and brands may be claimed as the property of others.
11
13. As a Service
Cloud Economics
Agility/Response
Open for Innovation
IaaS, PaaS, SaaS
API’s
Weeks to Days, Hours to Minutes
Orchestration and Automation
On-Demand …with Cloud
Other names and brands may be claimed as the property of others.
11
Do you have a strategy
for Software Defined
Infrastructure?
Industry leaders
embrace SDI Private
Cloud infrastructure
Software Defined Infrastructure
Cloud: Increase agility whilst reducing operational
cost
14. Attack-Driven View
12
Sophistication of attacks leads to increased emphasis on detect and correct.
PR
O
T
Shifting emphasis, given large
volume and complexity
of attacks
PROTECT
Prevent attacks, often by reducing exposure; or, detecting and blocking via
countermeasures
Encryption | Anti-Virus | Firewall
DETECT
Iterative process to find compromises; usually with a cycle of hunting, assessing, and
prioritizing
Security Information and Event Management | Sandboxing
CORRECT
Process of remediating an attack, restoring normal operations, reporting impact, and
adapting for the future
Remediation | System Restore | Incident Response
15. Cloud Security is a Shared Responsibility
https://aws.amazon.com/security/sharing-the-security-responsibility/
17. 15
Provides
comprehensive
protection of Critical
infrastructure from
physical and
cyberattacks
Intel®SecurityCriticalInfrastructureProtection
PRIVATE /
PUBLIC CLOUD
SECURITY
EVENT
MANAGEMEN
T
AND THREAT
INTELLIGENC
E
DEVICE LEVEL
SECURITY
NETWORK
SECURITY
McAfee Security Information
and Event Monitoring System
(SIEM)
Central security intelligence system for
IOT‘s heterogenes architecture
McAfee Threat
Intelligence Exchange
& Data Exchange Layer
Tailors comprehensive threat intelligence
from multiple intelligence data sources
McAfee ePolicy Orchestrator
(McAfee ePO)
Security agent that connects with the
McAfee security infrastructure for
monitoring and managing security of
the IoT
McAfee Network Security
Platform
Helps detect and block attacks by
enforcing security policies at the
application, port and protocol levels
McAfee Network Security
Platform*
McAfee Embedded/ Integrity
Control (Whitelisting
Technology)
Helps block unauthorized applications
and changes in IOT devices
Intel Silicon Hardened
Foundation
Security capabilities that include Secure
Boot, HW Root of Trust and EPID
Secure: Intel® Security IoT Portfolio
18. Visibility into Cloud Infrastructure
▪ Gain insights of cloud
infrastructure
▪ Manage cloud and on-
premises security needs from
one console
▪ Identify and respond to
security issues
▪ Save time with automated
workflows
▪ AWS hierarchy of systems are
logically grouped under region
19. Comprehensive Host-Based Security Controls
DevOps-friendly deployment
INTEGRITY
MONITORING
ENCRYPTION
MANAGEMENT
APPLICATION
WHITELISTING
INTRUSION
PREVENTION
HOST
FIREWALL
ANTIVIRUS THREAT INTELLIGENCE
EXCHANGE*
For Windows and Linux
20. Reduce Operational Overhead in Orchestrated Environment
Dynamic Application Whitelisting
Locked down with
Whitelisting
Whitelist automatically
updated
Trusted
Processes
Trusted
Directories
Trusted
Certificates
Trusted
Users
RA
M
Rated #1 capability in
ASD Top 4 Mitigation
Strategies
21. McAfee
TIE Endpoint
Module
McAfee
TIE Endpoint
Module
McAfee ePO
Management Console
McAfee
ATD
Data
Exchange
Layer
McAfee
Application
Control
McAfee
Global Threat
Intelligence
3rd Party
Solutions
McAfee
TIE Server
Use Case: Protection From Unknown Threats
22. McAfee
TIE Endpoint
Module
McAfee
TIE Endpoint
Module
McAfee ePO
Management Console
McAfee
ATD
Data
Exchange
Layer
McAfee
Application
Control
McAfee
Global Threat
Intelligence
3rd Party
Solutions
McAfee
TIE Server
Unknown process is discovered
on Cloud Server
Use Case: Protection From Unknown Threats
23. McAfee
TIE Endpoint
Module
McAfee
TIE Endpoint
Module
McAfee ePO
Management Console
McAfee
ATD
Data
Exchange
Layer
McAfee
Application
Control
McAfee
Global Threat
Intelligence
3rd Party
Solutions
McAfee
TIE Server
Request for
information sent to
TIE for lookup
Use Case: Protection From Unknown Threats
24. McAfee
TIE Endpoint
Module
McAfee
TIE Endpoint
Module
McAfee ePO
Management Console
McAfee
ATD
Data
Exchange
Layer
McAfee
Application
Control
McAfee
Global Threat
Intelligence
3rd Party
Solutions
McAfee
TIE Server
Use Case: Protection From Unknown Threats
25. McAfee
TIE Endpoint
Module
McAfee
TIE Endpoint
Module
McAfee ePO
Management Console
McAfee
ATD
Data
Exchange
Layer
McAfee
Application
Control
McAfee
Global Threat
Intelligence
3rd Party
Solutions
McAfee
TIE Server
Application Control prevents
malicious process from running
Use Case: Protection From Unknown Threats
27. Centralise Security Analysis – Collect at the Source
McAfee ESM Components
AWS Service Log Sources
Private, Cloud and Hybrid Deployment Models
• ESM Management
• ESM Log Collectors
• ESM Advanced Correlation Engine
• ESM Raw Log Storage
McAfee ESM Components
On-Premise/Private Log Sources
• ESM Management
• ESM Log Collectors
• ESM Advanced Correlation Engine
• ESM Raw Log Storage
Amazon
EC2Physical and/or Virtual
corporate data center AWS cloud
Direct Connect/VPN
28. Fewer resource
constraints
Integrate, streamline, and
automate processes to
improve operational
efficiency.
Solving security’s most acute pain points
Delivering Business and Security Outcomes
22
ProblemSolution
Complexity Time Constraints
Respond
rapidly
Deliver automated
detection and
correction; operate as
a security system.
Resolve more threats
Extend beyond discrete and
siloed security. Move to a
cohesive threat lifecycle
defense; “Cloudify,” and
“mobilize” protection.