Protecting the perimeter is not enough. Seems a simple enough premise. With new technologies and mobility, our data is scattered everywhere, creating new exposures. And that's something that HP Enterprise CTO and Executive Vice President Martin Fink feels passionately about. During his keynote address at RSA 2016 in San Francisco, Fink summarized the difficulty an enterprise faces in protecting its assets.
"This battle we're facing is asymmetric. That means it's one-sided. We, everybody here, we have to protect everything in our enterprise. From laptops and tablets at the edge to large data center clusters of infrastructure," stressed Fink. "The bad actor, on the other hand, only has to find one, single way to get in."
So if a bad guy can take down your business with just a simple laptop, what is the secret to protecting our companies?
Fink believes threat detection must evolve. And not only evolve, but evolve enough to turn this asymmetry in the enterprise's favor. Fink's presentation called for security to be built into every element of the IT stack, not just the perimeter. And, he noted, detection must go beyond having humans look through 2.5 billion events each day. Instead, we must leverage technology to detect and respond at machine speeds.
HP Enterprise is in the middle of a multi-year research project to do just that. The company is working on a new technology system based on memory and data. Why is this so important? Because based on the math lesson seen in Fink's presentation: current technology generates too many false-positives in intrusion detection. Fink said the new system can store more data, analyze it faster, and operate at a huge scale, which will make it invaluable to large enterprises.
But is it really possible to monitor systems in real-time for malicious changes and recover them immediately? Fink thinks so.
"This starts at supply-chain level. How do you verify the integrity of all the components you buy all the way down to the raw silicon? And the key is to build transparency and traceability into every step of the product life cycle process. To build this holistic assurance framework that exposes and seals the seams between people, processes, and technology," explained Fink.
The presentation stressed that this transparency and traceability is part of the job at the infrastructure level. Fink explained that HP Enterprise embeds key pieces of information into hardware to establish a base root of trust. Then, that trust is extended by successfully authenticating the firmware and operating systems, inspecting for alterations, and maintaining a recovery image in a secure part of the machine that can be used to bring the system back up to a known-good state.
"This is what allows us to think about recovery at scale in a short period of time," said Fink.
Fink and his team are still working on it. They've put years of time, effort, and money into using analytics and baked-in security to develop effective threat detection for the largest volumes of big data.
So for now, the only thing that is certain is change. But that's exactly the point Fink was making. If we don't change the way we approach cybersecurity, things will certainly go from bad to worse. And in a hurry.
