Key Information Security Capabilities
Information security (InfoSec) is an organization that depends on people, processes, and technology. InfoSec capabilities include hardware- and software-enabled protections, detection and remediation tools, risk management policies, and human interactions. They all work together to protect your business, data, and users.
InfoSec teams focus on protecting business systems from unauthorized access and malicious code. Over the years, threats have become far more sophisticated, with attacks that can originate from a wide variety of bad actors. Additionally, the growing number of endpoint devices, such as IoT and bring your own devices (BYOD), have increased the overall attack surface.
Modern IT services and devices afford businesses new ways to be agile and innovative, but they require comprehensive security and risk management strategies to deliver their full benefits. The ultimate goal of InfoSec is to make it safe for businesses to move fast, while understanding and mitigating security risks.
Information Security Trends
The latest InfoSec strategies employ both hardware-based technologies and software solutions. They also focus on prevention, detection, and response at every point in the network, from endpoint to cloud.
- Hardware-based security helps protect the stack and is a critical part of endpoint security for business PCs and other PC-based devices.
- Hybrid, multi-cloud models are empowering businesses with the best of private and public cloud services. The key is shaping risk management policy to work in a data-safe manner.
- Patch management keeps servers and endpoint devices up to date, helping to eliminate vulnerabilities and speed response to cyber threats.
- Data intelligence requires aggregating many different types of data sources and threat intelligence, so InfoSec analysts and incident responders can operate on the data. Effectively managing data intelligence can help automate mundane tasks while equipping threat-hunting teams at large enterprises to focus on the 1 percent of advanced persistent threats (APTs) attempting to penetrate your environment.
Endpoints include any device that connects to the corporate network—from servers, worker PCs, contingent worker PCs, visitor PCs, printers, and smartphones, to userless devices, such as kiosks and digital signage. This includes the full gamut of IoT devices used in manufacturing, utilities, smart buildings, and other environments. All devices are potential attack points, especially those with human operators. Hackers can trick employees into accessing infected email attachments, websites, and social media links. They will then attempt to move laterally across networks, access more systems, and gain higher privileges.
Hardware-based security technologies help protect endpoint devices against malware and privilege-based attacks to the software layer. Intel® Hardware Shield, part of the Intel vPro® platform, is one such hardware-based security technology. It locks down memory in the BIOS, helping to prevent malware from injecting into the operating system (OS) during boot-up or runtime.
The latest remote management tools give IT departments the ability to access and remediate devices if an attack does occur. Intel® Active Management Technology (Intel® AMT), also part of the Intel vPro® platform, empowers IT admins to boot a device remotely with full keyboard, video, and mouse (KVM) control, or boot from a mounted image disk through storage redirection. Intel® Endpoint Management Assistant (Intel® EMA) extends manageability by allowing remote connection to Intel vPro® platform-enabled devices outside the corporate firewall via the cloud.
Identity protection features can also help limit the scope of damage should a hacker infiltrate a single device. Credential Guard in Windows* 10 stores passwords in a virtualized environment that does not grant access even to authorized users. The system accesses passwords through a proxy, helping to thwart hackers from using privileges to gain more passwords.
Hardware-based security technologies help protect endpoint devices against malware and privilege-based attacks to the software layer.
A hybrid, multi-cloud strategy lets businesses place workloads where they make the most sense given cost considerations, data locality requirements, service-level agreements (SLAs), and other needs. Whether applications run on your private cloud or in a public cloud, security technologies such as hardware-enabled data encryption and trusted boot states are working to protect data and workloads. Robust internal policies can augment security by governing how users access data or allocate workloads.
Intel IT sets a comprehensive business policy that governs hybrid, multi-cloud security, with guardrails to help prevent incidents. The following steps enable Intel IT to maintain a high level of security while supporting a multi-cloud strategy:
- Approach security holistically and understand that not all clouds are the same.
- Utilize existing investments and new technologies to drive security operational excellence and key performance indicators.
- Establish distributed accountability.
- Secure sensitive workloads.
- Encourage collaboration between the application development community, business units, and IT groups.
For more information, see “Securing the Cloud for Enterprise Workloads: The Journey Continues.”
These points can serve as a baseline when setting your own organization’s policies for accessing cloud resources. Establishing a strong business relationship with your cloud service provider (CSP) is important since many of these policies will require cooperation from the CSP to implement.
Keeping your hardware-to-software security up to date is essential to defending against hackers. Patch management plays a key role here. For business PC security, Intel® Active Management Technology (Intel® AMT) allows IT administrators to remotely access and patch devices, even when devices are powered down. Administrators can remotely deploy or verify a patch installation when employees are away from their devices, helping minimize downtime and lost productivity.
Data center patch management follows a similar process in that OEMs and software vendors provide firmware and software updates, and IT departments are responsible for deploying them. However, OEMs sometimes deliver server racks with different firmware versions across the same model. Tools like Intel® Data Center Manager provide a real-time monitoring and analytics console. IT administrators can easily verify the firmware version of each rack in a configuration and schedule updates around workload spikes to help minimize downtime.
Transforming Security with Data Intelligence
Data intelligence can further advance an enterprise security strategy, especially as the amount of data flowing through an organization increases. For example, Intel IT developed a Cyber Intelligence Platform (CIP) based on Splunk and Confluent’s Kafka Platform, with servers based on Intel® Xeon® Platinum processors and Intel® Optane™ solid-state drives (SSDs). CIP ingests data from hundreds of data sources and security tools, providing context-rich visibility and a common work surface. This improves efficiency across Intel’s InfoSec organization. Access to real-time data, streams processing, machine-learning tools, and consistent data models decreases the time it takes to detect and respond to sophisticated threats.
Intel’s initial deployment of CIP focused on replacing an older-generation security information and event management (SIEM) and log management system, primarily used by the incident response team. Additional teams, including vulnerability management, patching/compliance, risk management, and governance, are now also using CIP. The organization continues to identify opportunities to add more capability and value to CIP, including migration of legacy applications, which reduces technical debt.
The Human Perimeter
Endpoint management, cloud security, and data-driven threat detection all play a role in developing an enterprise security strategy. But one often-overlooked layer is educating your workforce to create a human perimeter. This involves training personnel to identify suspicious emails, phone calls, and websites, as well as securing their personal information on social media. Any compromised device can serve as a point of infiltration for hackers, and advanced threats will seek to leverage multiple points of infiltration. With all of your information security elements in play, you can help drive toward a secure foundation where business innovation can thrive.