Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Guest Blog // Selected Security Content Provided By Intel
What's This?
10/22/2013
04:47 PM
Tom Quillin
Tom Quillin
Guest Blogs
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

There is No Security Silver Bullet, but What if...

Breaking security challenges down to identify new approaches and innovations.

You know it: there is no silver bullet for today's IT security challenges. I mean no disrespect for industry security vendors. The security industry is working fast and furious to keep pace with a wild environment and ever-changing threat landscape. But ultimately, it's fundamentally impossible to have a single monolithic security solution that does it all, all the time.

Intel knows the environment you protect has never been tougher:

• 128 Million and growing quickly: No, it's not the population of Los Angeles (whatever your friends stuck in the I-5 commute tell you). It's the number of total malware samples reportedly in McAfee's database, according to the firm's Q1 Threats Report. And the last two quarters have seen major accelerations in growth of that number.

• Your user's got an app for that! Recent research from market analyst firm Canalys found that in Q1 2013, the top four app stores hit 13.4 billion downloads. New apps downloaded by users can increase risk of malicious code making its way into the network, as well as increase vulnerabilities that can expose data.

• Every user wants to bring their favorite device from home and get it connected to your network. The combination of PCs from different vendors along with Macs once seemed challenging; today your users insist on connecting their tablets and smartphones.

• If that's not enough, how about the higher expectations for compliance and challenges keeping up with an evolving regulatory environment?

It's enough to induce a cold sweat in the bravest of us. So, how do you manage in situations that seem to be spiraling out of control?

We at Intel are working with customers and partners to help make sense of it all. Through our research and collaboration with information security experts, we've identified four common pain points and problems that plague technology users - from the average technology user all the way to the IT administrator trying to get good news out of the next month's indicators. Those pain points include:

Identity / Privacy Protection- How can I ensure that the user trying to get access to sensitive corporate resources is who they say? How do I best protect login credentials from compromise, theft and hijacking?

Data Protection- How can I ensure that intellectual property and other valuable company information stays where it belongs in my company, safe from attacks and tampering?

Anti-Malware- How do I create a multi-layered defense model that keeps malware from my infrastructure and endpoints? How do I detect and eliminate malware so my users can confidently go about their business?

Resiliency- Recognizing that some failures and problems are inevitable, how can we dramatically decrease downtime for security issues? How can we keep systems patched with the latest security updates to minimize risk of exposure to known security issues?

Breaking these problems down a bit, we might begin to identify new approaches and innovations that could help users like you sleep better at night.

Intel experts are working for you to reduce this complex reality through hard security research, to scrutinize and to drive toward thoughtful solutions by asking "what if?" In subsequent blogs, I'll examine and explore each of these pain points in more detail and ask the questions, "What if we could do something to lessen or even eliminate this worry? How would that solution look? How would it work? How could it become sustainable?"

Tom Quillin is the Director of Cyber Security for Technologies and Initiatives at Intel Corp. He is responsible for identifying security risks, as well as contributing to product planning that addresses future security challenges. He also manages Intel's policy positions on ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
11/13/2013 | 1:36:12 PM
re: There is No Security Silver Bullet, but What if...
Tom,--
You've got some really good thinking out here,--
One of the concerns that has been discussed here and elsewhere on the Net is Embedded Malware.

Embedded Malware is malware that is included in a software or firmware product and then distributed through the manufacturing channel.

This will need a Zero Defects type of quality control approach,-- and as Bruce Schneier mentioned in one of his essays -- a change in product liability law. Bruce notes this is necessary in order to make proper quality control less expensive than neglect.

Remember: Zero Defects is something we do -- not someting we get. For example, if I purchase a C compiler -- it is incumbent on me to verify the vendor and check the signature on his distribution before installing it or using it. This needs to be done by every builder along the development system lines.
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31819
PUBLISHED: 2021-09-22
In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification.
CVE-2021-38112
PUBLISHED: 2021-09-22
In the Amazon AWS WorkSpaces client before 3.1.9 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument.
CVE-2021-41382
PUBLISHED: 2021-09-22
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.
CVE-2020-23266
PUBLISHED: 2021-09-22
An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file.
CVE-2020-23267
PUBLISHED: 2021-09-22
An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file