Intel security redefines protection
With security requirements expanding to include millions of smart devices and billions of connected end points in the Internet of Things, Intel Security is developing solutions which will allow the power of intelligent analytics to be extended to all devices.
Fundamental changes are underway in the security industry, to reinvent security models for better protection, according to Michael Fey, executive vice president, chief technology officer and general manager of corporate products, Intel Security Group (formerly McAfee).
Fey was speaking at a round table held in Dubai with Arabian Computer News, in which he highlighted some of the important changes which are being made to address new threats and overhaul outdated models of working.
One of the most important areas of change is embedding security into solutions, he said, which since the 2011 acquisition of McAfee by Intel, is something the company has been uniquely positioned to develop.
“For years we have been putting [security] in after the entire setup gets built, and then we go and layer in security, we wonder why our users don’t like, we wonder why it is not as safe as it could be, because we didn’t think about it from the start.
“This trust model, one that was built with passwords, and tokens, transport layers, network layers, hardware and compliance, for most purposes was built in 1980s, it hasn’t changed that much. But if you think of the businesses that have been built on top of this, the amount of data out there, this was not built with the concept of this massive set of businesses on top of it. The trust model is breaking. Every layer of this has recently been shown to be faulty. It is our goal to reinvent and augment these layers,” he added.
With Intel, the company is working on making passwords safer and easier, through developing embedded security approaches such as multifactor authentication using geolocation, voice, audio, and behaviour.
One of the most fundamental changes in security will be protecting all end points, regardless of scale, and being able to use large scale analytics capabilities to analyse activities on devices without the need for large applications on the end points. This approach will be particularly important for protecting the Internet of things, Fey said, with millions of connected devices. The new approach will be game changing, he said.
“When we first engaged with Intel, I would say we made a lot of our products five percent better. If anybody is running our encryption on their endpoints running one of the newer Intel processors, it is 400% faster. My own laptop now, you can’t tell it is encrypted, it is that quick. We did things like that, we made things faster, but nothing that was game changing.
Fey explained that these latest Intel Security solutions will look for ‘indicators of attack’. Instead of relying on old style hashfiles to fingerprint and block known threats, Devices will be able to pick up on unexpected or unusual activity, and then block or allow on the device, while a separate Threat Intelligence Engine (TIE) will analyse the unique behaviour, report back, and then react accordingly.
He gave the example of a recent experiment by Intel Security, which set up a web presence for a bogus defence contractor. The web presence soon attracted the attention of malicious actors, who scanned the bogus environment, and then launched an attack from the same IP address. As part of the attack, the hackers downloaded a browser in a specific language, which was then used to download tools. The browser itself was not malicious, he pointed out, but it had no legitimate reason to be in that environment.
“Does it make sense for your environment? Is it the first time you have ever seen this before in your environment, and why, and what do you want to do about it? I catch an indicator of attack here, something isn’t right, it is the first time I saw it, or it is messing with the registry key. If something isn’t right, I can react off that, I don’t have to wait.”
The key to extending this level of protection to even limited devices is a data exchange layer which Intel Security has developed. Fey said that this layer is far more responsive and flexible than a standard API or other means of interchange, and will eventually allow for the development of a zero footprint end client protection.
By handing off the data to a separate TIE server, the server will be able to carry out a level of analysis that would not otherwise be feasible at the endpoint. The TIE can use threat intelligence from a range of external sources, such as McAfee’s own Global Threat Intelligence (GTI) and third-party feeds, with local threat intelligence, so that companies can select which services they wish to use and only deploy one instance on the TIE instead of across all endpoints, servers and so on.
The data exchange layer, along with other new solutions, will be open architecture, to allow integration across the industry, Fey said. The company is also developing its ePolicy Orchestrator (ePO) management console, which is intended to provide an open platform to manage across the architecture. The ePO has been deployed by a number of leading organisations, including the four largest militaries worldwide, and Intel intends to extend it as far as possible so that companies can avoid the extra expense and extra training for other solutions.
“The accuracy rates we are getting from this are better than anything we’ve ever done by far,” Fey said.“This is one of the most exciting thing we’ve been able to release for years.”