Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Safety dance

Safety dance 

 Without the proper security measures in place, enterprises will be singing a sad tune if their network becomes compromised, or their data falls into the wrong hands. Thankfully, there are several means of ensuring that sensitive info remains under lock and key.

In the safety dance that is digital security, McAfee and Intel Security, along with product analysis specialists Miercom, are the dance partners for the business world.

IT in Canada sat down with Jennifer Geisler, senior director of product marketing for McAfee Network Security and Miercom CEO Robert Smithers at the FOCUS 14 security conference in Las Vegas to discuss security issues, the “dance steps” businesses should use to ensure their sensitive information is safe, and what the future holds for McAfee and its security products.

IT in Canada: What are the two biggest security threats affecting enterprises today?
Geisler: One is the volume of the threats. It might not be one specific type of threat, but there are certainly are several out there that people should be aware of. The second threat is the evasion techniques that advanced persistent threats use. The fact that products do not typically identify them gives people a false sense of security that they don’t exist.

What we have been able to identify is that advanced persistent threats often use advanced evasion techniques to gain access to a company’s internal network. They masquerade as legitimate users, and that’s how they get by. The fact that this method is invisible is what makes it attractive to bad actors, and it’s what you don’t know that can threaten more than what you do know.

ITIC: What are the best methods of defending against these threats?
JG: If you look at threats in general and their volume, we’re not looking at a point product. Point products provide you with instant gratification, but it’s a short-term (solution). What we need is an improve ability to share information to make us stronger.

We did this from a 9/11 standpoint, where the NSA, Army and Air Force all had valuable information, but didn’t talk to each other. Once they pulled together, they were better prepared for what lay ahead. The same scenario is applicable to enterprises. Sharing information in real time is very important because information is power.

It’s important to get educated on the advanced evasion techniques and have a security device in place that will identify them, and therefore stop them. Until you have that product, you won’t be able to see these threats, nor will you be able to control them.

ITIC: As cloud computing increases in popularity, so does the need for proper security measures for it. What can enterprises do to ensure the security of their cloud?
Smithers: It’s a matter of data at risk or 100 per cent encryption. There is a lot of the data being stored in the cloud now that is quite readily available. It might be relaying on some encryption for sending the data back and forth, but the data at rest is not encrypted. That’s one of the biggest problems I’m seeing with the cloud. Don’t trust that whatever you’re placing in the cloud won’t get hacked; always assume that it will.

What you want to do is render what you do have out there liable to everyone. The worst that a hacker could do is limit access to the data, and even if they gain access to it, there’s nothing they’re going to be able to do with that data. That’s been a big push for us with cloud computing.

JG: I think the other thing we can do is learn a lesson. When the Internet first came out, we were so busy laying out the roads, the networks and the wide area connections. Those roads did not have police control, stoplights, or any form of control. A lot of people go after John Chambers and say, “John, you created this network and this problem; now fix it.”

The main lesson we’ve learned is that (implementing) security as part of your planning process and not as an afterthought is the way to go. That’s a change of thought that we have to look at. We sometimes get so excited about deploying the new things that we forget about security and add it after the fact. If we don’t learn from that lesson, we’re going to repeat the same mistake with the cloud. We need to get people excited about going to the secure cloud, as opposed to the regular cloud.

ITIC: If significant data loss occurs, what are the best practices for data recovery?
RS: You’re not going to re-create anything that makes the vulnerability worse or persistently recovering to the point where your data stores have recovered. You’re not going to recover network assets if you don’t know where the breach occurred or where the problem was, you first job is to figure out how that happened. You might make matters worse by trying to recover the data yourself.

The best recovery method involves determining whether you have forensic counter measures and better tracking in place. McAfee has some nice, complete solutions for doing that. But whatever recovery mechanism you’re using, make sure that you don’t destroy those tracks or that you don’t potentially make it worse. You could be restoring the very same security hole that you just patched.

ITIC: McAfee recently announced the launch of the Threat Intelligence Exchange (TIE). How can enterprises benefit from implementing it?
JG: We’ve announced that we’re part of this large organization of shared global threat intelligence, which concerns the global reputation. I think we also need to be concerned about our own reputation within the business, and that’s what we mean by the local threat intelligence. That’s just as valuable because we know we have threats internally. So now, we’re taking what we learned both globally and locally, and combining it.

The other thing we’ve heard is the fact that we can share (the information) across the data exchange layer. This allows us not only to share that information with the TIE product itself, but also across all of our McAfee offerings, plus integration with our SII partners. It boils down to information, not data, so we now have a conglomerate of global threat intelligence and local threat intelligence being shared across every single security device to help make smarter decisions.

Mike Fey mentioned the indicators of attack, and the ability to piece together the information that says, “These are indicators of attack, which will help to increase our intelligence on preventing an attack, or stopping it in its tracks before it does real damage.” It’s all about the power of information sharing, and that’s going to make a big difference.

ITIC: Why are more enterprises demanding better integration across security technologies?
JG: From the – study, we’ve learned that point products might give you instant gratification, but then they also give us long-term management, support, vendor management and integration problems because there is no integration there. That’s not to say that we expect anyone to use a single source or vendor. I can’t imagine anyone having a single vendor. I do think that they need to scale and spend less time on all those issue so that they can spend more time on actually trying to practically address the problem or the innovation, because they’re not spending any time on innovation. They’re just trying to do all of this manual labour because of point products.

RS: There is a huge vector of attacks and vulnerabilities coming in by virtue of things being misconfigured or not working properly with one another, leading the customers to a false sense of security. Some may think they have DPI enabled, but in reality, they don’t. Unless they’re doing a full proxy, their DPI is on, but it’s not doing any inspection. The integration and understanding of how it works is important. I wouldn’t say it’s about having a single vendor, but look at McAfee with their acquisitions. They’re picking products and acquiring them. It’s not necessarily the same as a single vendor solution.

ITIC: What are McAfee’s future plans for security solutions?
JG: One thing is ubiquity, and this starts at the chipset and goes all the way across the line to high-end systems. I think what we need to do first and foremost is take the legacy Intel and the legacy McAfee and converge it under (new Intel Security SVP and GM) Chris Young.

I’ve been dealing with Intel for quite a while, especially on their data centre, Intel Security Control, the chipset, and various other projects. Our primary focus will be on leading the market to realize the vision of pervasive security so that we can help lead other vendors to follow that path. It’s okay if other security vendors start following our lead, but I think we have the responsibility to be the first to demonstrate pervasiveness across the entire (industry).

RS: From a third-party perspective, what I’ve seen at McAfee with their growth and their future impresses me. They are a company willing to learn and improve their products, and not just sit there and dispute the methodology. Instead of (arguing) about it, what they did is say “Hey, can you please share with us some of the samples that we missed so that we can figure out what we have to tune? Can you explain things better? Would you afford us the opportunity to challenge that again once it’s corrected?” And they did. Those are companies that are winners, in my eyes. McAfee is definitely here for enterprise security for the long haul, and we’re quite impressed with that trend.

Related posts