Intel security redefines protection

With security requirements expanding to include millions of smart devices and billions of connected end points in the Internet of Things, Intel Security is developing solutions which will allow the power of intelligent analytics to be extended to all devices.

Tags: Cyber crimeMcAfee Incorporation
  • E-Mail
Intel security redefines protection Intel Security is developing solutions to integrate security and provide high levels of protection across all end points, says Fey. (ITP Images)
By  Mark Sutton Published  January 8, 2015

In terms of security personnel and roles, Fey said that shortages of skilled C-level personnel was an issue for many organisations, but that there was a tendency to focus on job titles rather than capabilities. Compliance standards such as PCI had also helped some organisations which were not doing a good job of security, to put in place the expertise they needed, but for organisations that have a good grasp of security, compliance can be a distraction.

“If you don’t have somebody that is looking at your aggregate security posture, and understanding how the layers come together, you could build an embarrassing set of defences. You have got to be able to look at it holistically, and that is what a good CISO does. He concerns himself with two things, and not a third. The third built his job, but it should not be his job. The first two are the overall security posture, and the expense of running it.

“The third is compliance, he needs to get that off his plate, he needs to move to his compliance group or ops. There are compliance things that we have to do for different regions or different goals, but if you are already at a point where you fundamentally know have to check that box, don’t confuse that operational aspect of checking a box with the strategic nature of the CISO. It is a poor use of resources,” he said.

More important than compliance is the fundamental ‘Three R’ questions, which need to be answered by line of business personnel rather than IT or security specialists, to identify and understand where the real risks lie for the business.

“What will make somebody else Rich? What could Ruin us? What Regulations do we have to follow? Those three things should govern all security decisions,” he said. “It is amazing how few organisations can answer those questions, the best can answer them in great detail and track their security policies and procedures back to those questions.”

Fey also noted the advancements which have been made in protecting industrial control systems, which in part have been aided by initiatives undertaken in the Middle East. The Digital Oilfield project, which was in part carried out in the region, has influenced Intel Security forming an ongoing partnership with Siemens to develop security for industrial systems.

“We originally looked at this space and saw a massive gap in protection. We had solutions that fit, but the reality was that there is a big gap between making sure that we accomplish what we did on the enterprise side, which was ensure that not only could they protect, but that it could run sustainably,” he said.

“We have incredible work here with the digital oilfield, which led us to think about the space differently and embark on these bigger partnerships - this market just has more at stake in those automated controls than others.”

The partnership with Siemens has recently seen three solutions developed or ported for industrial controls, including McAfee Application Control and McAfee Change Control; Next Generation Firewall and Security Information and Event Management (SIEM), which are intended to work with greenfield or existing deployments.

Fey said that Intel Security is also looking at changing the way it charges for products, to shift to a model where a customer pays for protection, rather than solutions, where Intel Security would be financially accountable in the event of a breach. He compared the model with the way that aircraft engine manufacturers sell to the airline industry, with financial penalties for downtime of engines.

“When you are doing well, I am doing well, if you start to have low uptime, I care about that relationship, that is one of the things that is broken about security. We are exploring right now the concept of charging for protection and not tools. ‘Here is our methodology, follow it and we will cover for a amount of liability, we will charge for a protection state, and take on an SLA-based risk posture’,” he explained. “If there is a breach, I lose money.”

Such an approach would allow organisations to budget more effectively for a security service, while accessing all of McAfee’s leading solutions, he added.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code