The increasingly open nature of corporate networks and the commensurate increase in cyberattack vectors require improved collaboration and threat intelligence sharing, as well as broad, automated security systems that can winkle out and neutralise smaller threats and malware to enable security experts to priori- tise more significant threats, says Intel Security South Africa Trevor Coetzee.
No single analysis or intelligence source can detect sophisticated attacks, and advanced monitoring and tiered analysis help to identify anomalous behaviour and low-threshold attacks.
Conversely, a host of unintegrated single solutions is also ineffective and typically do not share intelligence. This not only prevents infrastructurewide visibility for real-time detection of threats but also increases the time and manual processes needed from discovery to remediation, leading to gaps in protection.
The shortage and costs of and demand for skilled cybersecurity experts make automation of detection and treatment of various low-risk threats crucial so that these experts can focus on more significant threats, explains Coetzee.
“A problem arises when the systems are not integrated, and the correlation of security events becomes impossible, opening a massive hole in what is otherwise well-secured systems.”
An integrated cybersecurity system, similar to Intel’s Threat Intelligence Exchange (TIE), allows for the correlation of low-risk security events, which can be assessed to determine whether they constitute a more significant threat or sustained attack.
The TIE also exchanges threat intelligence across global platforms, and Coetzee notes that Intel has entered into many partnerships with small and large cybersecurity companies to boost threat intelligence sharing and speed, named Security Innovation Alliance. The company has implemented a cloud-first management system to enable broad visibility and an integrated management environment.
Centralisation and exchange of threat intelligence also support and improve automated threat detection and remediation systems. Intel Security has launched its TIE and the related Data Exchange Layer systems to allow for centralised and automated cyber- security systems.
Meanwhile, Intel is continuing with hardware manufacturing – it is renowned for processing chips – hardened against cyberattacks by deliver- ing hardware-assisted security capabilities, such as Intel’s Trusted Platform Module (TPM). This protects systems at start-up to ensure that they are tamper-free before releasing control to the operating system.
“The TPM module also provides secure storage for security keys and passwords. Another good example is IntelAdvanced Encryption Standard New Instructions. The purpose of this instruction set is to improve the speed of applications performing encryption and decryption using theAdvanced Encryption Standard.”
Further, the company is also continuing the development of its in-memory processing techniques and with the release of Intel’s Skylake processors launched in August, Intel’s Software Guard Extensions is a set of extensions to the Intel architecture that aims to provide integrity and confidentiality guarantees to secure sensitive computation performed on a computer where all the privileged software (such as the kernel or the hypervisor) is potentially malicious.
Dedicated standards must also be further developed, as this will provide the framework to which manufacturers and service providers must conform to provide the secure environment required in a more open digital ecosystem and secure the communications of billions of Internet-enabled devices, concludes Coetzee.