Analytics
Guest Blog // Selected Security Content Provided By Intel
What's This?
10/22/2013
04:47 PM
Tom Quillin
Tom Quillin
Guest Blogs
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

There is No Security Silver Bullet, but What if...

Breaking security challenges down to identify new approaches and innovations.

You know it: there is no silver bullet for today's IT security challenges. I mean no disrespect for industry security vendors. The security industry is working fast and furious to keep pace with a wild environment and ever-changing threat landscape. But ultimately, it's fundamentally impossible to have a single monolithic security solution that does it all, all the time.

Intel knows the environment you protect has never been tougher:

• 128 Million and growing quickly: No, it's not the population of Los Angeles (whatever your friends stuck in the I-5 commute tell you). It's the number of total malware samples reportedly in McAfee's database, according to the firm's Q1 Threats Report. And the last two quarters have seen major accelerations in growth of that number.

• Your user's got an app for that! Recent research from market analyst firm Canalys found that in Q1 2013, the top four app stores hit 13.4 billion downloads. New apps downloaded by users can increase risk of malicious code making its way into the network, as well as increase vulnerabilities that can expose data.

• Every user wants to bring their favorite device from home and get it connected to your network. The combination of PCs from different vendors along with Macs once seemed challenging; today your users insist on connecting their tablets and smartphones.

• If that's not enough, how about the higher expectations for compliance and challenges keeping up with an evolving regulatory environment?

It's enough to induce a cold sweat in the bravest of us. So, how do you manage in situations that seem to be spiraling out of control?

We at Intel are working with customers and partners to help make sense of it all. Through our research and collaboration with information security experts, we've identified four common pain points and problems that plague technology users - from the average technology user all the way to the IT administrator trying to get good news out of the next month's indicators. Those pain points include:

Identity / Privacy Protection- How can I ensure that the user trying to get access to sensitive corporate resources is who they say? How do I best protect login credentials from compromise, theft and hijacking?

Data Protection- How can I ensure that intellectual property and other valuable company information stays where it belongs in my company, safe from attacks and tampering?

Anti-Malware- How do I create a multi-layered defense model that keeps malware from my infrastructure and endpoints? How do I detect and eliminate malware so my users can confidently go about their business?

Resiliency- Recognizing that some failures and problems are inevitable, how can we dramatically decrease downtime for security issues? How can we keep systems patched with the latest security updates to minimize risk of exposure to known security issues?

Breaking these problems down a bit, we might begin to identify new approaches and innovations that could help users like you sleep better at night.

Intel experts are working for you to reduce this complex reality through hard security research, to scrutinize and to drive toward thoughtful solutions by asking "what if?" In subsequent blogs, I'll examine and explore each of these pain points in more detail and ask the questions, "What if we could do something to lessen or even eliminate this worry? How would that solution look? How would it work? How could it become sustainable?"

Tom Quillin is the Director of Cyber Security for Technologies and Initiatives at Intel Corp. He is responsible for identifying security risks, as well as contributing to product planning that addresses future security challenges. He also manages Intel's policy positions on ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
11/13/2013 | 1:36:12 PM
re: There is No Security Silver Bullet, but What if...
Tom,--
You've got some really good thinking out here,--
One of the concerns that has been discussed here and elsewhere on the Net is Embedded Malware.

Embedded Malware is malware that is included in a software or firmware product and then distributed through the manufacturing channel.

This will need a Zero Defects type of quality control approach,-- and as Bruce Schneier mentioned in one of his essays -- a change in product liability law. Bruce notes this is necessary in order to make proper quality control less expensive than neglect.

Remember: Zero Defects is something we do -- not someting we get. For example, if I purchase a C compiler -- it is incumbent on me to verify the vendor and check the signature on his distribution before installing it or using it. This needs to be done by every builder along the development system lines.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3409
Published: 2014-10-25
The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

CVE-2014-4620
Published: 2014-10-25
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.

CVE-2014-4623
Published: 2014-10-25
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force a...

CVE-2014-4624
Published: 2014-10-25
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

CVE-2014-6151
Published: 2014-10-25
CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.