We manage security through either leadership or crisis. In the absence of leadership, we are left with crisis. The document discusses trends in cyber security threats, challenges faced by organizations, and the need for strategic leadership in cyber security. It outlines a defense in depth approach using layered security technologies and controls. Key risks like increasing attacks and data aggregation are addressed. Innovation on both sides of attacks and protections is also covered.

1. Intel® Cyber Security Briefing:
Trends, Challenges, and Leadership Opportunities
Matthew Rosenquist, Cyber Security Strategist, Intel Corp
January 2014

2. Legal Notices and Disclaimers
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY
ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN
INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS
ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL ® PRODUCTS INCLUDING LIABILITY OR WARRANTIES
RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER
INTELLECTUAL PROPERTY RIGHT. INTEL PRODUCTS ARE NOT INTENDED FOR USE IN MEDICAL, LIFE SAVING, OR LIFE SUSTAINING
APPLICATIONS.
Intel may make changes to specifications and product descriptions at any time, without notice.
All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.
Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from
published specifications. Current characterized errata are available on request.
Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such
as SYSmark* and MobileMark*, are measured using specific computer systems, components, software, operations and functions. Any change to any
of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your
contemplated purchases, including the performance of that product when combined with other products. For more information go to
http://www.intel.com/performance
Intel, Intel Inside, the Intel logo, Intel Core, and Xeon are trademarks of Intel Corporation in the United States and other countries.
Security features enabled by Intel® AMT require an enabled chipset, network hardware and software and a corporate network connection. Intel AMT
may not be available or certain capabilities may be limited over a host OS-based VPN or when connecting wirelessly, on battery power, sleeping,
hibernating or powered off. Setup requires configuration and may require scripting with the management console or further integration into existing
security frameworks, and modifications or implementation of new business processes. For more information, see
http://www.intel.com/technology/manage/iamt.
No system can provide absolute security under all conditions. Requires an enabled chipset, BIOS, firmware and software and a subscription with a
capable Service Provider. Consult your system manufacturer and Service Provider for availability and functionality. Intel assumes no liability for lost or
stolen data and/or systems or any other damages resulting thereof. For more information, visit http://www.intel.com/go/anti-theft
Intel® vPro™ Technology is sophisticated and requires setup and activation. Availability of features and results will depend upon the setup and
configuration of your hardware, software and IT environment. To learn more visit: http://www.intel.com/technology/vpro
The original equipment manufacturer must provide TPM functionality, which requires a TPM-supported BIOS. TPM functionality must be initialized and
may not be available in all countries.
Intel® AES-NI requires a computer system with an AES-NI enabled processor, as well as non-Intel software to execute the instructions in the correct
sequence. AES-NI is available on select Intel® processors. For availability, consult your reseller or system manufacturer. For more information,
see http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/
*Other names and brands may be claimed as the property of others.
Copyright © 2011 Intel Corporation, All Rights Reserved

3. We manage securitythrough
We manage security through
either leadershipor crisis.
either leadership or crisis.
In the absence of leadership,
of leadership,
In the absence
we are left with crisis.
we are left with crisis.

4. Discussion
• Trends and Landscape
• Challenges of Cyber Security
• Strategic Leadership
• 3 Eminent Risks and Controls
• Summary, Questions, Discussion

5. Industry Trends and Landscape Drives
Security
The risks-of-loss continues to rise as the cyber security
industry grows in size, intensity, and complexity

6. Leading Metrics & Trends
~50%
Increase of
‘signed’ malware
Source: McAfee Threat Report Q3 2013
Source: McAfee Threat Report Q3 2013
Source: F-Secure Mobile Threat Report Jul-Sept 2013
200k New Malware/day
172m+ Total
1.5m Total
‘signed’ Samples
Android Malware
Growth
~32%
50%
93%
Worldwide
computers infected
in 2012
Online adults victims
of cybercrime or
negative situations
Organizations
suffering a data
breach in 2013
Source: Panda Labs
Global Infection Rates
Source: Symantec 2013 Norton Report
1M+ Adults Victims each day
(12 per second)
Source: UK Government BIS Survey
40% Increase
in Data Breaches

7. 2013 H1 Sampling of Security Incidents
Source: IBM X-Force 2013 Mid-Year Trend and Risk Report
Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
 High percentage of ‘Unknowns’. Shows the difficulty in identifying attack methods
 Broad range of different targets. No segment is immune
 Only includes reported data. Not the complete picture, which is much larger

8. Industry Impacts & Trends
“Cyberrisk has moved
from position 12
(malicious) and 19
(non-malicious) in 2011
to the worlds number
three risk.”
“Malicious cyberactivity
may cost the US
economy $100 billion
and as many as
508,000 US jobs
annually.”
Cybersecurity should
be seen as an
occupation and not a
profession because the
rate of change is too
great to consider
professionalization”
Lloyds Risk Index 2013
Center for Strategic and International Studies (CSIS)
US National Academy of Sciences
Risks Increase
Costs and Jobs are Impacted
Highly Variable Industry
Worldwide concerns
grow for privacy,
surveillance, cyber
warfare, regulations,
and the rise in
offensive security
Cybercrime costs
~$500 billion globally.
Driving growth of dark
economies, IP loss,
service downtime,
reputation impacts,
fraud, and theft
April 2013 a fake Tweet
caused a temporary
market flash-crash of
140 points, equivalent
to ~$200 billion
Center for Strategic and International Studies (CSIS)
Advanced Actors Rise
Money Fuels Innovation
IBM X-Force 2013 Risk Report
Unpredictable Extreme
Impacts

9. Challenges – Business Value Aspects
Businesses must
find a balance
through tradeoffs.
Optimal security is
the right balance
of cost, user
experience, and
risk.

10. Challenges – Operational Aspects
 Security technology, people, data, and services are
intertwined in complex ways
 Achieving security objectives requires comprehensive and
well thought out solutions
Infrastructure
& Business
Processes
Threats
Trusted
Users
Data

11. We manage security through
Leadership is key in organizing
either leadership or crisis.
resources to achieve and
In the absence of leadership,
maintain an optimal level of
we are left with crisis.
security value

12. Strategic Leadership: Defense in Depth
A strong process strategy will enable operational flexibility, while driving cost
efficiency, and effectiveness

13. Tactical Security Technology
Integration: Layered Defense
Multiple layers are necessary for comprehensiveness
• Firewalls, demilitarized zones, data loss prevention,
ID management, traffic & content filters
NETWORK
PLATFORM
APPLICATION
FILE
AND
DATA
• Antivirus software, patching, minimum
security specifications for systems
• Secure coding, testing,
security specifications
• File and data
encryption,
enterprise rights
management

14. 3 Eminent Risks and Controls
Risks:
1. Scale and adaptation of attacks, enlargement of the attack
surface
2. Increase and complexity of attackers, technology/behaviors,
organized and funded threat agents
3. Massive data aggregation, leveraged for targeting and attacks
Controls:
1. Better threat modeling, greater financial investment, secure
product designs, evolving IT security controls/solutions
2. Improved platform and network based preventative security
3. Stronger response (ex. DDOS), investigations (ex. forensics),
interdiction (ex. bounties & arrests)

15. Innovations to Attack:
End-Points Example
Attackers are adapting by moving down the stack:
Attacks disable
security products,
steal and control
applications
Less
Difficulty
Attacks against
hardware and
firmware affect
the root-of-trust
Operating System
Virtual Machine
More
Compromise
virtual
machine
Applications
Hardware
(Optional)
Traditional attacks:
Focused primarily on
the application layer
OS infected:
Threats are hidden
from security
products
New stealth
attacks:
Embed themselves
below the OS and
Virtual Machine, so
they can evade
current solutions

16. Innovations to Protect:
Security below the OS
•
•
Sensors under the OS to detect stealth malware
Passes data to Anti-Malware software to block, and remove
End-Points Example
Faster and Stronger Encryption
• Hardware acceleration of encryption algorithms (up to 4x faster)
improves user experience and productivity, while protecting data
Whole-disk
Encryption
Internet
Security
File Storage Encryption
Whole-disk
Encryption
Strengthening Data-Center Security & Control Hardware Enhanced Authentication
•
•
Attestation of VM and cloud security
Out-of-Band security monitoring, management, and recovery
•
•
Eliminating the need for separate hardware tokens
Faster software VPN login, for improved user experience and
productivity
Stronger user ID
and Authentication
Software VPN tokens
instead of user
passwords
VPN Client SW
Traditional hardware
token integrated
into PC
Defenders respond to attackers and develop capabilities to mitigate impactful exploits,
make security more user-friendly, and improve the cost structure.

17. Two types of victims exist: those
We manage security through
with something of or crisis.
either leadershipvalue and
those who are easy targets
In the absence of leadership,
we are left with an easy
Therefore: Don’t be crisis.
target, and protect your valuables

18. Summary
 A well thought out cyber strategy is necessary
to secure assets, operations, reputation, and
competiveness
 Strive to achieve and maintain the optimal
balance of security for your organization
 Executive commitment and support is a
prerequisite to success