View
914
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Intel® Cyber Security Briefing:Trends, Challenges, and Leadership Opportunities. Matthew Rosenquist, Cyber Security Strategist, Intel Corp In the digital world, the opportunities and risks coexist. To achieve and maintain a balanced Cyber Strategy by implementing a model of "connected security" has become a new imperative in business and society. Management can drive "cyber" leadership to create value and gain a competitive advantage in the digital world.
Citation preview
Intel® Cyber Security Briefing:Trends, Challenges, and Leadership Opportunities
Matthew Rosenquist, Cyber Security Strategist, Intel Corp
January 2014
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL® PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. INTEL PRODUCTS ARE NOT INTENDED FOR USE IN MEDICAL, LIFE SAVING, OR LIFE SUSTAINING APPLICATIONS. Intel may make changes to specifications and product descriptions at any time, without notice.All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark* and MobileMark*, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more information go tohttp://www.intel.com/performanceIntel, Intel Inside, the Intel logo, Intel Core, and Xeon are trademarks of Intel Corporation in the United States and other countries.Security features enabled by Intel® AMT require an enabled chipset, network hardware and software and a corporate network connection. Intel AMT may not be available or certain capabilities may be limited over a host OS-based VPN or when connecting wirelessly, on battery power, sleeping, hibernating or powered off. Setup requires configuration and may require scripting with the management console or further integration into existing security frameworks, and modifications or implementation of new business processes. For more information, see http://www.intel.com/technology/manage/iamt.No system can provide absolute security under all conditions. Requires an enabled chipset, BIOS, firmware and software and a subscription with a capable Service Provider. Consult your system manufacturer and Service Provider for availability and functionality. Intel assumes no liability for lost or stolen data and/or systems or any other damages resulting thereof. For more information, visit http://www.intel.com/go/anti-theftIntel® vPro™ Technology is sophisticated and requires setup and activation. Availability of features and results will depend upon the setup and configuration of your hardware, software and IT environment. To learn more visit: http://www.intel.com/technology/vproThe original equipment manufacturer must provide TPM functionality, which requires a TPM-supported BIOS. TPM functionality must be initialized and may not be available in all countries.Intel® AES-NI requires a computer system with an AES-NI enabled processor, as well as non-Intel software to execute the instructions in the correct sequence. AES-NI is available on select Intel® processors. For availability, consult your reseller or system manufacturer. For more information, see http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/*Other names and brands may be claimed as the property of others.Copyright © 2011 Intel Corporation, All Rights Reserved
Legal Notices and Disclaimers
We manage security through either leadership or crisis.
In the absence of leadership, we are left with crisis.
We manage security through either leadership or crisis.
In the absence of leadership, we are left with crisis.
Discussion
• Trends and Landscape
• Challenges of Cyber Security
• Strategic Leadership
• 3 Eminent Risks and Controls
• Summary, Questions, Discussion
Industry Trends and Landscape Drives Security
The risks-of-loss continues to rise as the cyber security industry grows in size, intensity, and complexity
Leading Metrics & Trends
200k New Malware/day 172m+ Total
1.5m Total‘signed’ Samples
Increase of ‘signed’ malware
~50%
40% Increasein Data Breaches
Organizations suffering a data breach in 2013
93%
1M+ Adults Victims each day (12 per second)
Online adults victims of cybercrime or
negative situations
50%
Android MalwareGrowth
Source: F-Secure Mobile Threat Report Jul-Sept 2013Source: McAfee Threat Report Q3 2013 Source: McAfee Threat Report Q3 2013
Global Infection Rates
Worldwide computers infected
in 2012
~32%
Source: Panda Labs Source: UK Government BIS SurveySource: Symantec 2013 Norton Report
2013 H1 Sampling of Security Incidents
Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
High percentage of ‘Unknowns’. Shows the difficulty in identifying attack methods Broad range of different targets. No segment is immune Only includes reported data. Not the complete picture, which is much larger
Source: IBM X-Force 2013 Mid-Year Trend and Risk Report
Industry Impacts & Trends
Risks Increase Costs and Jobs are Impacted Highly Variable Industry
Lloyds Risk Index 2013 Center for Strategic and International Studies (CSIS) US National Academy of Sciences
“Cyberrisk has moved from position 12
(malicious) and 19 (non-malicious) in 2011 to the worlds number
three risk.”
“Malicious cyberactivitymay cost the US
economy $100 billion and as many as 508,000 US jobs
annually.”
Cybersecurity should be seen as an
occupation and not a profession because the rate of change is too
great to consider professionalization”
Advanced Actors Rise Money Fuels InnovationUnpredictable Extreme
Impacts
IBM X-Force 2013 Risk Report
Worldwide concerns grow for privacy,
surveillance, cyber warfare, regulations,
and the rise in offensive security
Cybercrime costs ~$500 billion globally. Driving growth of dark
economies, IP loss, service downtime, reputation impacts,
fraud, and theft
April 2013 a fake Tweet caused a temporary
market flash-crash of 140 points, equivalent
to ~$200 billion
Center for Strategic and International Studies (CSIS)
Challenges – Business Value Aspects
Businesses must find a balance through tradeoffs.
Optimal security is the right balance of cost, user experience, and risk.
Challenges – Operational Aspects
Security technology, people, data, and services are intertwined in complex ways
Achieving security objectives requires comprehensive and well thought out solutions
Threats
Infrastructure& Business Processes
TrustedUsers Data
We manage security through either leadership or crisis.
In the absence of leadership, we are left with crisis.
Leadership is key in organizing resources to achieve and
maintain an optimal level of security value
Strategic Leadership: Defense in DepthA strong process strategy will enable operational flexibility, while driving cost
efficiency, and effectiveness
Tactical Security Technology Integration: Layered DefenseMultiple layers are necessary for comprehensiveness
NETWORK
• Firewalls, demilitarized zones, data loss prevention, ID management, traffic & content filters
PLATFORM
• Antivirus software, patching, minimum security specifications for systems
APPLICATION
• Secure coding, testing,security specifications
FILE AND DATA
• File and data encryption,
enterprise rights management
3 Eminent Risks and Controls
Risks:
1. Scale and adaptation of attacks, enlargement of the attack surface
2. Increase and complexity of attackers, technology/behaviors, organized and funded threat agents
3. Massive data aggregation, leveraged for targeting and attacks
Controls:
1. Better threat modeling, greater financial investment, secure product designs, evolving IT security controls/solutions
2. Improved platform and network based preventative security
3. Stronger response (ex. DDOS), investigations (ex. forensics), interdiction (ex. bounties & arrests)
Innovations to Attack: End-Points Example
Attackers are adapting by moving down the stack:
Hardware
Applications
Operating System
Virtual Machine(Optional)
Attacks disable security products, steal and control applications
OS infected:Threats are hidden from security products
Traditional attacks: Focused primarily on the application layer
Attacks against hardware and firmware affect the root-of-trust
Compromise virtual machine
New stealth attacks:Embed themselves below the OS and Virtual Machine, so they can evade current solutions
Mo
re
Dif
ficu
lty
L
ess
Innovations to Protect: End-Points Example
Security below the OS• Sensors under the OS to detect stealth malware
• Passes data to Anti-Malware software to block, and remove
Faster and Stronger Encryption
Strengthening Data-Center Security & Control• Attestation of VM and cloud security
• Out-of-Band security monitoring, management, and recovery
Hardware Enhanced Authentication• Eliminating the need for separate hardware tokens
• Faster software VPN login, for improved user experience and
productivity
Software VPN tokens instead of user passwords
Traditional hardware token integrated into PC
Whole-disk Encryption File Storage Encryption
InternetSecurity
VPN Client SW
• Hardware acceleration of encryption algorithms (up to 4x faster)
improves user experience and productivity, while protecting data
Whole-disk Encryption
Stronger user IDand Authentication
Defenders respond to attackers and develop capabilities to mitigate impactful exploits, make security more user-friendly, and improve the cost structure.
We manage security through either leadership or crisis.
In the absence of leadership, we are left with crisis.
Two types of victims exist: those with something of value and those who are easy targets
Therefore: Don’t be an easy target, and protect your valuables
Summary
A well thought out cyber strategy is necessary to secure assets, operations, reputation, and competiveness
Strive to achieve and maintain the optimal balance of security for your organization
Executive commitment and support is a prerequisite to success