Intel® Cyber Security Briefing:Trends, Challenges, and Leadership Opportunities

Matthew Rosenquist, Cyber Security Strategist, Intel Corp

January 2014

INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL® PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. INTEL PRODUCTS ARE NOT INTENDED FOR USE IN MEDICAL, LIFE SAVING, OR LIFE SUSTAINING APPLICATIONS. Intel may make changes to specifications and product descriptions at any time, without notice.All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark* and MobileMark*, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more information go tohttp://www.intel.com/performanceIntel, Intel Inside, the Intel logo, Intel Core, and Xeon are trademarks of Intel Corporation in the United States and other countries.Security features enabled by Intel® AMT require an enabled chipset, network hardware and software and a corporate network connection. Intel AMT may not be available or certain capabilities may be limited over a host OS-based VPN or when connecting wirelessly, on battery power, sleeping, hibernating or powered off. Setup requires configuration and may require scripting with the management console or further integration into existing security frameworks, and modifications or implementation of new business processes. For more information, see http://www.intel.com/technology/manage/iamt.No system can provide absolute security under all conditions. Requires an enabled chipset, BIOS, firmware and software and a subscription with a capable Service Provider. Consult your system manufacturer and Service Provider for availability and functionality. Intel assumes no liability for lost or stolen data and/or systems or any other damages resulting thereof. For more information, visit http://www.intel.com/go/anti-theftIntel® vPro™ Technology is sophisticated and requires setup and activation. Availability of features and results will depend upon the setup and configuration of your hardware, software and IT environment. To learn more visit: http://www.intel.com/technology/vproThe original equipment manufacturer must provide TPM functionality, which requires a TPM-supported BIOS. TPM functionality must be initialized and may not be available in all countries.Intel® AES-NI requires a computer system with an AES-NI enabled processor, as well as non-Intel software to execute the instructions in the correct sequence. AES-NI is available on select Intel® processors. For availability, consult your reseller or system manufacturer. For more information, see http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/*Other names and brands may be claimed as the property of others.Copyright © 2011 Intel Corporation, All Rights Reserved

Legal Notices and Disclaimers

We manage security through either leadership or crisis.

In the absence of leadership, we are left with crisis.

We manage security through either leadership or crisis.

In the absence of leadership, we are left with crisis.

Discussion

• Trends and Landscape

• Challenges of Cyber Security

• Strategic Leadership

• 3 Eminent Risks and Controls

• Summary, Questions, Discussion

Industry Trends and Landscape Drives Security

The risks-of-loss continues to rise as the cyber security industry grows in size, intensity, and complexity

Leading Metrics & Trends

200k New Malware/day 172m+ Total

1.5m Total‘signed’ Samples

Increase of ‘signed’ malware

~50%

40% Increasein Data Breaches

Organizations suffering a data breach in 2013

93%

1M+ Adults Victims each day (12 per second)

Online adults victims of cybercrime or

negative situations

50%

Android MalwareGrowth

Source: F-Secure Mobile Threat Report Jul-Sept 2013Source: McAfee Threat Report Q3 2013 Source: McAfee Threat Report Q3 2013

Global Infection Rates

Worldwide computers infected

in 2012

~32%

Source: Panda Labs Source: UK Government BIS SurveySource: Symantec 2013 Norton Report

2013 H1 Sampling of Security Incidents

Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses

High percentage of ‘Unknowns’. Shows the difficulty in identifying attack methods Broad range of different targets. No segment is immune Only includes reported data. Not the complete picture, which is much larger

Source: IBM X-Force 2013 Mid-Year Trend and Risk Report

Industry Impacts & Trends

Risks Increase Costs and Jobs are Impacted Highly Variable Industry

Lloyds Risk Index 2013 Center for Strategic and International Studies (CSIS) US National Academy of Sciences

“Cyberrisk has moved from position 12

(malicious) and 19 (non-malicious) in 2011 to the worlds number

three risk.”

“Malicious cyberactivitymay cost the US

economy $100 billion and as many as 508,000 US jobs

annually.”

Cybersecurity should be seen as an

occupation and not a profession because the rate of change is too

great to consider professionalization”

Advanced Actors Rise Money Fuels InnovationUnpredictable Extreme

Impacts

IBM X-Force 2013 Risk Report

Worldwide concerns grow for privacy,

surveillance, cyber warfare, regulations,

and the rise in offensive security

Cybercrime costs ~$500 billion globally. Driving growth of dark

economies, IP loss, service downtime, reputation impacts,

fraud, and theft

April 2013 a fake Tweet caused a temporary

market flash-crash of 140 points, equivalent

to ~$200 billion

Center for Strategic and International Studies (CSIS)

Challenges – Business Value Aspects

Businesses must find a balance through tradeoffs.

Optimal security is the right balance of cost, user experience, and risk.

Challenges – Operational Aspects

Security technology, people, data, and services are intertwined in complex ways

Achieving security objectives requires comprehensive and well thought out solutions

Threats

Infrastructure& Business Processes

TrustedUsers Data

We manage security through either leadership or crisis.

In the absence of leadership, we are left with crisis.

Leadership is key in organizing resources to achieve and

maintain an optimal level of security value

Strategic Leadership: Defense in DepthA strong process strategy will enable operational flexibility, while driving cost

efficiency, and effectiveness

Tactical Security Technology Integration: Layered DefenseMultiple layers are necessary for comprehensiveness

NETWORK

• Firewalls, demilitarized zones, data loss prevention, ID management, traffic & content filters

PLATFORM

• Antivirus software, patching, minimum security specifications for systems

APPLICATION

• Secure coding, testing,security specifications

FILE AND DATA

• File and data encryption,

enterprise rights management

3 Eminent Risks and Controls

Risks:

1. Scale and adaptation of attacks, enlargement of the attack surface

2. Increase and complexity of attackers, technology/behaviors, organized and funded threat agents

3. Massive data aggregation, leveraged for targeting and attacks

Controls:

1. Better threat modeling, greater financial investment, secure product designs, evolving IT security controls/solutions

2. Improved platform and network based preventative security

3. Stronger response (ex. DDOS), investigations (ex. forensics), interdiction (ex. bounties & arrests)

Innovations to Attack: End-Points Example

Attackers are adapting by moving down the stack:

Hardware

Applications

Operating System

Virtual Machine(Optional)

Attacks disable security products, steal and control applications

OS infected:Threats are hidden from security products

Traditional attacks: Focused primarily on the application layer

Attacks against hardware and firmware affect the root-of-trust

Compromise virtual machine

New stealth attacks:Embed themselves below the OS and Virtual Machine, so they can evade current solutions

Mo

re

Dif

ficu

lty

L

ess

Innovations to Protect: End-Points Example

Security below the OS• Sensors under the OS to detect stealth malware

• Passes data to Anti-Malware software to block, and remove

Faster and Stronger Encryption

Strengthening Data-Center Security & Control• Attestation of VM and cloud security

• Out-of-Band security monitoring, management, and recovery

Hardware Enhanced Authentication• Eliminating the need for separate hardware tokens

• Faster software VPN login, for improved user experience and

productivity

Software VPN tokens instead of user passwords

Traditional hardware token integrated into PC

Whole-disk Encryption File Storage Encryption

InternetSecurity

VPN Client SW

• Hardware acceleration of encryption algorithms (up to 4x faster)

improves user experience and productivity, while protecting data

Whole-disk Encryption

Stronger user IDand Authentication

Defenders respond to attackers and develop capabilities to mitigate impactful exploits, make security more user-friendly, and improve the cost structure.

We manage security through either leadership or crisis.

In the absence of leadership, we are left with crisis.

Two types of victims exist: those with something of value and those who are easy targets

Therefore: Don’t be an easy target, and protect your valuables

Summary

A well thought out cyber strategy is necessary to secure assets, operations, reputation, and competiveness

Strive to achieve and maintain the optimal balance of security for your organization

Executive commitment and support is a prerequisite to success