The pace of innovation in computer security continues unabated and, with the ever-increasing number of data security breaches, sovereign espionage a la Advanced Persistent Threats, and efforts to track and prevent terrorism, the need for innovation in security has never been greater.
Traditionally, security was deployed and enforced at the perimeter of an enterprise data center and on endpoint devices. Perimeter security is primarily comprised of firewalls, intrusion prevention and detection systems, or the all-encompassing Unified Threat Management systems (UTMs). Endpoint security generally includes malware detection/prevention software using signature-based approaches.
In analyzing the recent threat landscape though, it’s clear that traditional perimeter security is failing. Most security issues resulting from data breaches are due to either compromised credentials or insiders gone rogue. While legacy perimeter security solutions may have been effective at detecting and preventing legacy security threats, the bad guys are inside the network now, so the new security battleground is around the data itself. Moreover, endpoints — which include laptops and desktop computers — are rapidly being supplanted by mobile devices, and organizations are also embracing cloud technologies in record numbers. Given all these changes, protecting sensitive data with encryption and “firewalling” it with access control policies have become critical elements of a comprehensive security strategy. That said, there are no silver bullets; it takes an ecosystem.
Recent innovations in the security ecosystem (driven largely by venture-funded companies), broadly fall into the following categories:
- Data security: Preventing unauthorized access to data through database and file activity monitoring. Protecting access to all data accessed by enterprise servers or in the cloud through a combination of access controls, encryption and key management (the data firewall).
- Perimeter security: A new generation of firewalls that can tie in applications and users with policies to detect and prevent known/unknown threats.
- Endpoint security: New malware detection/prevention approaches that detect and prevent malware. One approach leverages the pervasiveness of the virtualization, CPU chip-level security features and hypervisors to isolate and quarantine malware and enforce policies through the secure hypervisor. Another approach uses a signature-less approach to detect malware from multiple threat vectors also using hypervisors to isolate the malware into a secure virtual machine that let the malware execute to completion in a harmless way while gathering intelligence on its tactics.
- Security Intelligence: The innovation in this area is actionable security intelligence where intelligence inferred from analytics is used to dynamically create a policy to firewall the data or network access or prevent a user from accessing to any data. There is new investment in providing data analytics as a cloud service and in network analytics that constantly monitor and analyze network traffic for threats and anomalies.
- Processor-level innovations: Given the growing importance of encryption, all of the processors (with significant or dominant market share) now offer instructions or crypto offload engines for efficiently computing the ciphers for the NIST standard AES algorithms and SHA signatures. Intel was the first to introduce AES NI instructions in its X86 processors, followed by Oracle’s SPARC cryptographic offload engines and, more recently, IBM’s P7+ processors offering HW cryptographic services. Intel also announced plans for a random number generator instruction that uses a much better source of entropy than traditional random number generators. Many security software subsystems that generate keys and certificates do so using random number generators and using these generators with a better and strong source of entropy results in inherently more secure keys and certificates that are harder to break.
There are even more security innovations in the works, some I know of and some I probably haven’t heard of yet. Investments in innovation in the security ecosystem point to a growing need to continuously battle the bad guys and thwart their ingenuity through sophisticated technology, products, and collaboration across the entire ecosystem, including security vendors, enterprises and end customers.