There’s a war going on between IT security pros and hackers, so Toronto’s Royal Canadian Military Institute seemed a fitting place to meet the new man leading Intel Corp.’s charge.
Christopher Young is senior vice-president and general manager of Intel Security, the division that produces the chipmaker’s security software and hardware products and services, including the slowly-rebranding McAfee line.
In Toronto to meet customers and partners on Tuesday, he was interviewed in the institute’s masculine library surrounded by hundreds of volumes on war and military strategy, a display case of battalions of model soldiers and a row of menacing spears, clubs and swords.
Sharp instruments, of course, aren’t going to keep malware at bay, particularly as vendors regularly release gloomy reports on the state of the struggle.
As we talked, for example, McAfee Labs released its report for the month of May, noting that the amount of ransomware surged 165 per cent in Q1 over the previous quarter, new Adobe Flash malware grew 317 per cent and attempts by the Equation Group to exploit hard disk drive (HDD) and solid state drive (SSD) firmware.
Also on Tuesday RSA issued the results of a survey that suggests IT security pros don’t think very much of their own organization’s security. Seventy-five per cent think their organizations have significant cybersecurity risk exposure, while 66 per cent of respondents rated their firms as inadequate across all five important areas (including the ability to identify, protect and respond to attacks.
Sound like security pros have no faith that all the work and money they’ve spent is worthless, I suggested to Young. Not having read the RSA study, he deflected it. But, he suggested, the war isn’t hopeless.
“Look, the reality is a lot of organizations haven’t covered their foundational bases, right? There’s still issues with basic vulnerabilities: basic misconfigured equipment in their infrastructure, lack of ability to inventory hosts and understand users …
“And that would be my advice to security professionals who are feeling overwhelmed or undermanned or under-resourced: Go back to the fundamentals and see do you understand you’re environment, do you understand where your sensitive information is, have you prioritized what you want to protect and how do to it? There’s so much information available just in terms of basic tools and technologies that are already there.”
Then, he said, infosec pros can turn to more complex solutions.
He’s sympathetic to the pressures CSOs are under, the amount of log and event data staff have to wade through and their prayers for more security automation.
But, he adds, “organizations that are simply waiting to react to threats are probably making a mistake; they need to proactively understand attack campaigns that are coming at them and go look for those campaigns operating inside their environment, because that’s going to be where they’re going to get the most for their security investment.”
However, don’t hope that putting more boxes on the network alone will plug security holes and detect suspicious traffic, Young added. First, he noted, an increasing amount of corporate data will be encrypted. Second, an increasing amount of corporate data won’t be on the corporate network but on uncontrolled mobile networks.
“We’re really going to see innovation coming back to the hosts — all the way from tiny wearable devices to large scale servers in the data centre and everything in between. Hosts are where you’re going to understand what’s being attacked. I think relying only on network traffic is going to be limiting.”
Young knows about network security because headed Cisco Systems’ security business group before joining Intel [Nasdaq: INTC] last fall. He now heads a division that pulls in about US$3 billion a year in revenue. According to Intel’s latest annual report, the software and services group (which includes McAfee) accounted for four per cent of the chipmaker’s revenue.
Young says his goal is to “help customers by transforming ourselves to become their number one security partner… Most of the industry, including ourselves, have been a product provider to customers. However, “the security problems are so dynamic, so challenging in many cases if we’re going to solve this problem we’re really going to have to operate as an extension of our customers. That involves being more of a partner than a tool center.”
One way is by trimming the number of McAfee products enterprise, sometimes by merging capabilities and allowing data to more easily flow between them. Another is developing new ones, such as Threat Intelligence Exchange (TIE), introduced last year, that allows the gathering of internal and third party threat intelligence, then pushes remediation to network gateways.
“We’re trying to solve the (security) problem through connectivity and integration, as opposed to a different product for every purpose,” he said.
“I agree with you we’ve got too many different products … and we’re evolving from that to become more of a platform player to deliver more integration, to deliver more capabilities but in fewer discrete products.”