Analytics
Guest Blog // Selected Security Content Provided By Intel
What's This?
10/22/2013
04:47 PM
Tom Quillin
Tom Quillin
Guest Blogs
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

There is No Security Silver Bullet, but What if...

Breaking security challenges down to identify new approaches and innovations.

You know it: there is no silver bullet for today's IT security challenges. I mean no disrespect for industry security vendors. The security industry is working fast and furious to keep pace with a wild environment and ever-changing threat landscape. But ultimately, it's fundamentally impossible to have a single monolithic security solution that does it all, all the time.

Intel knows the environment you protect has never been tougher:

• 128 Million and growing quickly: No, it's not the population of Los Angeles (whatever your friends stuck in the I-5 commute tell you). It's the number of total malware samples reportedly in McAfee's database, according to the firm's Q1 Threats Report. And the last two quarters have seen major accelerations in growth of that number.

• Your user's got an app for that! Recent research from market analyst firm Canalys found that in Q1 2013, the top four app stores hit 13.4 billion downloads. New apps downloaded by users can increase risk of malicious code making its way into the network, as well as increase vulnerabilities that can expose data.

• Every user wants to bring their favorite device from home and get it connected to your network. The combination of PCs from different vendors along with Macs once seemed challenging; today your users insist on connecting their tablets and smartphones.

• If that's not enough, how about the higher expectations for compliance and challenges keeping up with an evolving regulatory environment?

It's enough to induce a cold sweat in the bravest of us. So, how do you manage in situations that seem to be spiraling out of control?

We at Intel are working with customers and partners to help make sense of it all. Through our research and collaboration with information security experts, we've identified four common pain points and problems that plague technology users - from the average technology user all the way to the IT administrator trying to get good news out of the next month's indicators. Those pain points include:

Identity / Privacy Protection- How can I ensure that the user trying to get access to sensitive corporate resources is who they say? How do I best protect login credentials from compromise, theft and hijacking?

Data Protection- How can I ensure that intellectual property and other valuable company information stays where it belongs in my company, safe from attacks and tampering?

Anti-Malware- How do I create a multi-layered defense model that keeps malware from my infrastructure and endpoints? How do I detect and eliminate malware so my users can confidently go about their business?

Resiliency- Recognizing that some failures and problems are inevitable, how can we dramatically decrease downtime for security issues? How can we keep systems patched with the latest security updates to minimize risk of exposure to known security issues?

Breaking these problems down a bit, we might begin to identify new approaches and innovations that could help users like you sleep better at night.

Intel experts are working for you to reduce this complex reality through hard security research, to scrutinize and to drive toward thoughtful solutions by asking "what if?" In subsequent blogs, I'll examine and explore each of these pain points in more detail and ask the questions, "What if we could do something to lessen or even eliminate this worry? How would that solution look? How would it work? How could it become sustainable?"

Tom Quillin is the Director of Cyber Security for Technologies and Initiatives at Intel Corp. He is responsible for identifying security risks, as well as contributing to product planning that addresses future security challenges. He also manages Intel's policy positions on ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
11/13/2013 | 1:36:12 PM
re: There is No Security Silver Bullet, but What if...
Tom,--
You've got some really good thinking out here,--
One of the concerns that has been discussed here and elsewhere on the Net is Embedded Malware.

Embedded Malware is malware that is included in a software or firmware product and then distributed through the manufacturing channel.

This will need a Zero Defects type of quality control approach,-- and as Bruce Schneier mentioned in one of his essays -- a change in product liability law. Bruce notes this is necessary in order to make proper quality control less expensive than neglect.

Remember: Zero Defects is something we do -- not someting we get. For example, if I purchase a C compiler -- it is incumbent on me to verify the vendor and check the signature on his distribution before installing it or using it. This needs to be done by every builder along the development system lines.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-4403
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.ph...

CVE-2012-2930
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers...

CVE-2012-2932
Published: 2015-04-24
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the (1) selitems[] parameter in a copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/...

CVE-2012-5451
Published: 2015-04-24
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.

CVE-2015-0297
Published: 2015-04-24
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methos via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.