Analytics
Guest Blog // Selected Security Content Provided By Intel
What's This?
10/22/2013
04:47 PM
Tom Quillin
Tom Quillin
Guest Blogs
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

There is No Security Silver Bullet, but What if...

Breaking security challenges down to identify new approaches and innovations.

You know it: there is no silver bullet for today's IT security challenges. I mean no disrespect for industry security vendors. The security industry is working fast and furious to keep pace with a wild environment and ever-changing threat landscape. But ultimately, it's fundamentally impossible to have a single monolithic security solution that does it all, all the time.

Intel knows the environment you protect has never been tougher:

• 128 Million and growing quickly: No, it's not the population of Los Angeles (whatever your friends stuck in the I-5 commute tell you). It's the number of total malware samples reportedly in McAfee's database, according to the firm's Q1 Threats Report. And the last two quarters have seen major accelerations in growth of that number.

• Your user's got an app for that! Recent research from market analyst firm Canalys found that in Q1 2013, the top four app stores hit 13.4 billion downloads. New apps downloaded by users can increase risk of malicious code making its way into the network, as well as increase vulnerabilities that can expose data.

• Every user wants to bring their favorite device from home and get it connected to your network. The combination of PCs from different vendors along with Macs once seemed challenging; today your users insist on connecting their tablets and smartphones.

• If that's not enough, how about the higher expectations for compliance and challenges keeping up with an evolving regulatory environment?

It's enough to induce a cold sweat in the bravest of us. So, how do you manage in situations that seem to be spiraling out of control?

We at Intel are working with customers and partners to help make sense of it all. Through our research and collaboration with information security experts, we've identified four common pain points and problems that plague technology users - from the average technology user all the way to the IT administrator trying to get good news out of the next month's indicators. Those pain points include:

Identity / Privacy Protection- How can I ensure that the user trying to get access to sensitive corporate resources is who they say? How do I best protect login credentials from compromise, theft and hijacking?

Data Protection- How can I ensure that intellectual property and other valuable company information stays where it belongs in my company, safe from attacks and tampering?

Anti-Malware- How do I create a multi-layered defense model that keeps malware from my infrastructure and endpoints? How do I detect and eliminate malware so my users can confidently go about their business?

Resiliency- Recognizing that some failures and problems are inevitable, how can we dramatically decrease downtime for security issues? How can we keep systems patched with the latest security updates to minimize risk of exposure to known security issues?

Breaking these problems down a bit, we might begin to identify new approaches and innovations that could help users like you sleep better at night.

Intel experts are working for you to reduce this complex reality through hard security research, to scrutinize and to drive toward thoughtful solutions by asking "what if?" In subsequent blogs, I'll examine and explore each of these pain points in more detail and ask the questions, "What if we could do something to lessen or even eliminate this worry? How would that solution look? How would it work? How could it become sustainable?"

Tom is responsible for identifying and addressing Intel product security risks as well as planning products that solve tomorrow's security challenges and also manages Intel's policy positions on security and privacy. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
11/13/2013 | 1:36:12 PM
re: There is No Security Silver Bullet, but What if...
Tom,--
You've got some really good thinking out here,--
One of the concerns that has been discussed here and elsewhere on the Net is Embedded Malware.

Embedded Malware is malware that is included in a software or firmware product and then distributed through the manufacturing channel.

This will need a Zero Defects type of quality control approach,-- and as Bruce Schneier mentioned in one of his essays -- a change in product liability law. Bruce notes this is necessary in order to make proper quality control less expensive than neglect.

Remember: Zero Defects is something we do -- not someting we get. For example, if I purchase a C compiler -- it is incumbent on me to verify the vendor and check the signature on his distribution before installing it or using it. This needs to be done by every builder along the development system lines.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5700
Published: 2014-09-22
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some o...

CVE-2014-0484
Published: 2014-09-22
The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment."

CVE-2014-2942
Published: 2014-09-22
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.

CVE-2014-3595
Published: 2014-09-22
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

CVE-2014-3635
Published: 2014-09-22
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows remote attackers to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one m...

Best of the Web
Dark Reading Radio