87Chapter7ANewSecurityArchitecturetoImproveBusinessAgilityRealityandRhetoricAnorganization'sabilitytolearn,andtranslatethatlearningintoactionrapidly,istheultimatecompetitiveadvantage.
—JackWelchSomeStarTrekepisodesfeaturesuspense-filledbattlesinwhichadversariesusesophisticatedphase-shiftingweaponsthatcanberapidlyadjusteduntiltheyfindawaytopenetratestaticforce-fielddefenses.
Forabeleagueredstarship,theonlyeffectiveresponseistousesimilarlyadaptableandfast-changingshields.
Asinformationsecurityprofessionals,wealsoneedextremelyagiledefensesthatcanbequicklyadaptedtomeetnewdemands.
Attackersarecontinuallyadapting,anddefendersalsoneedtocontinuallyadapt.
Butrapidlyevolvingthreatsareonlypartofthechallenge.
ThetechnologylandscapeischangingjustasfastduetotrendslikeITconsumerization.
AsIntel'sinformationriskandsecuritygroupconsidersthefuture,werealizethatweneedtoradicallychangeourapproachinordertofacethechallengesaheadandsupporttheProtecttoEnablemission.
Weneedamoreagilesecurityarchitecturethatcanquicklylearnandadapttonewchallengesastheyemerge.
Becausetheenvironmentischangingsoquickly,inwayswecannotcontrol,it'simpossibletopredictallthefuturechallengeswe'llneedtoface.
Weneedanarchitecturethatcanlearntomanagewhatwedon'tknow.
Thisflexibilitywillhelpthebusinessmovemorequickly,byenablingustorapidlyadoptnewtechnologiesandemergingusagemodelswhilecontinuingtoprovidesecurityintheever-evolvingthreatlandscape.
Alearningsystemishardertodefeatbecauseitcanmorequicklyadaptinresponsetonewattacks.
Afterintensebrainstormingsessions,ourinformationriskandsecurityteamdevisedanewsecurityarchitecture.
ThisarchitectureisourimplementationoftheProtecttoEnablestrategy.
Inthischapter,I'llprovideahigh-leveloverviewofthearchitectureanddescribehowitmeetssomekeysecuritychallenges.
ThoughtheoverviewisbasedonourworkatIntel,IbelievethatthisisanovelapproachtoenterprisesecuritythatmaybevaluableChapter7ANewSecurityArchitecturetoImproveBusinessAgility88tomanyotherorganizationsfacingtheseuniversalchallenges.
Myconversationswithpeersatothercompanieshavevalidatedthisview.
Manyofthemareconsideringsimilarstrategiesandinsomecaseshavebegunimplementingthem.
WeareimplementingthisarchitectureacrossIntel'sITenvironmentinaradicalfive-yearredesignofourinformationsecuritytechnology.
Evenwhiletheimplementationisinprogress,thenewarchitecturehasalreadydeliveredresultsbyhelpingusprovideinnovativesolutionstochallengingusecaseswhileactuallyreducingrisk.
IntelIThaspublishedmoredetaileddescriptionscoveringseveralaspectsofthearchitecture(Ben-Shalometal.
2011,SunderlandandChandramouly2011,Gutierrezetal.
2012),andweexpecttocontinuetopublishinformationinthefuture.
Akeyaspectofthearchitectureisthatitprovidesmoreflexible,dynamic,andgranularsecuritycontrolsthantraditionalenterprisesecuritymodels.
Thishelpsusaccommodateusagemodelssuchasbring-your-own-device(BYOD).
Wecanprovideuserswithdifferentlevelsofaccessdependingonfactorssuchasthedevicestheyareusingandtheirlocation.
Toachievethis,thetechnologydynamicallyadjustsauser'saccessprivilegesasthelevelofriskchanges.
Forexample,anemployeeshouldhavemorelimitedaccesstooursystemswhenusingaless-securedevicethanwhenusingahardened,fullymanagedenterprise-classsystem.
Thenewarchitecturegreatlyimprovesthreatmanagement.
Asnewrisksappear,weneedtobeabletoquicklyrecognizewhichoneswecanmitigate,learnasmuchaswecan,andtakeactionasquicklyaspossible.
AtIntel,weusemanyinformationsourcestogainanunderstandingoftherisks.
Collectively,thesesourcesprovideacontinuousfeedofcollectiveintelligencethatwecanusetolearn,adapt,andevolve.
AsIdescribedinChapter6,weuseemergingthreatanalysistohelpusanticipatefuturerisks.
Butourarchitecturealsoassumesthatcompromiseisinevitableandfocusesheavilyonsurvivability.
Weareapplyingsecuritymonitoringandbusinessintelligencetoanalyzepatternsofbehavioranddetectanomaliesthataresymptomsofattacks.
Withthisknowledge,wecanfurtherinvestigateandapplymitigationwherenecessary.
Inthefuture,thisapproachcouldbeextendedbyautomaticallytakingcorrectiveactionwhereitmakessensetodoso.
BusinessTrendsandArchitectureRequirementsBeforedivingintothespecificsofthearchitecture,I'llrecapsomeofthekeybusinessandtechnologytrends,focusingonhowtheydrivetheneedforspecificcapabilitiesinsecuritytechnology.
ITConsumerizationAsIdiscussedinChapter5,consumerizationisamajorITthemewithever-broadeningimpact.
Itincludesseveraltrends,includingtheadoptionofnewapplicationsandsupportforconsumerdevices.
ManyofIntel'shighlymobileemployeeswanttousetheirownconsumerdevices,suchassmartphonesandtablets,forwork.
Thisincreasesproductivitybyenablingemployeestocollaborateandaccessinformationfromanywhere,atanytime.
TosupportChapter7ANewSecurityArchitecturetoImproveBusinessAgility89this,weprovideaccesstocorporatee-mailandotherapplicationsfromemployee-ownedsmartphonesandtablets.
Somepeoplebelievethatinthefuture,alldeviceswillbeconsumer-owned,andthatenterpriseswillnolongerpurchasedevicesfortheirusers.
Ibelievethismightbethecaseinsomeworkenvironments,butIdoubtthatitwillsuitallorganizations.
Foracompanyprovidingcallcenterservices,withmostemployeesworkingfromhome,itmightmakesensethatemployeesexclusivelyusetheirownpersonalsystemsforwork.
Butthisstrategywouldbemoreriskyforafinancialservicescompanywhoseemployeeshandlehighlysensitiveinformationthat'ssubjecttoextensiveregulatoryrequirements.
Nevertheless,theconsumerizationtrendcontinuestogrowatIntelandotherorganizations.
Accordingly,we'llneedtoprovideemployeeswithalevelofaccesstoIntelresourcesfromanexpandingcontinuumofclientdevices,someofwhichhavemuchweakersecuritycontrolsthantoday'senterpriseclients(seesidebar).
CONSUMERIZINGENTERPRISEITAND"ENTERPRISING"THECONSUMERDiscussionsofITconsumerizationtendtodrawaclearlinebetweenbusinessdevicesthatcanbemanagedandtrusted,andpersonalconsumerdevicesthatareessentiallyunmanagedanduntrusted.
However,notallconsumerdevicesarecreatedequal.
Fromasecuritystandpoint,itmaybemorevaluabletothinkaboutadevice'scapabilitiesthantocategorizeitbasedsolelyonwhetherit'smarketedasanenterprisedeviceorapersonaldevice.
Thesecurityofadevicedependsontheinherentfeaturesofthehardware,operatingsystem,andapplications,andonwhetheritenablesustoaddfurthersecurityandmanageabilitycapabilitiesthatmitigatetherisksofenterpriseuse.
Asthevarietyofconsumerdevices,suchassmartphones,continuestoexpand,usersmaychoosefromdozensofmodelswithdifferentlevelsofsecuritycapabilities.
GreatersecurityandmanageabilitymeansthatITcanplacegreatertrustinthedeviceandprovideacorrespondinglygreaterlevelofaccesstoenterpriseresources.
Extendingthisideafurther,theinformationsecuritygroupcouldevaluatethesecurityofavailableconsumerdevicesandprovideguidanceaboutthelevelofenterpriseaccessthatuserswillbeallowedwitheachdevice.
Usersmayprefertobuyamoresecuredevicebecauseitwillprovidethemmoreaccess.
Withgreateraccess,theycanusethedeviceformoreoftheirdailyworkactivities.
Thisabilityinturnenablesthemtobemoreproductive.
Atthesametime,employeesincreasinglyexpecttohaveavailabletothematworkthetypesofconsumerservicesandcloudapplicationsthattheyuseintheirpersonallives.
Theseincludesocialcomputingapplicationssuchasblogsandwikis,video-sharingsites,andfile-sharingservices.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility90Weneedasecurityarchitecturethatenablesustomorequicklysupportnewdevicesandprovideaccesstoagreaterrangeofapplicationsanddata,withoutincreasingrisk.
Weneedtobeabletodynamicallyadjustthelevelsofaccessweprovideandthemonitoringweperform,dependingonthesecuritycontrolsoftheclientdevice.
NewBusinessNeedsNearlyallcompaniesnowrelyonagrowingnetworkofbusinesspartners,andconductmanyoftheirinteractionswiththosepartnersonline.
Intelisnoexception—wearedevelopinganincreasingnumberofsystemsforonlinecollaborationwithbusinesspartners.
Also,likemanycompanies,Intelisexpandingintonewmarketsthroughbothorganicgrowthandacquisitions.
Becauseofthesebusinesstrends,mostorganizationsneedtoprovideaccesstoabroaderrangeofusers,manyofwhomarenotemployees.
Manyalsoneedtobeabletosmoothlyintegrateacquiredcompaniesandprovidethemwithaccesstoresources.
Ingeneral,weneedtoquicklyprovidenewusersaccesswhileminimizingriskandprovidingselective,controlledaccessonlytotheresourcestheyneed.
CloudComputingMostorganizationsarealreadyusingcloudservicesinsomeformtoachievebenefitssuchasgreateragilityandlowercost.
Likemanycompanies,IntelITisimplementingaprivatecloudbasedonvirtualizedinfrastructure,andwearealsousingexternalcloudservicesfornoncriticalapplications.
Inthefuture,weexpectgreateruseofhybridcloudsthatusebothinternalandexternalresources.
ThistrendmeansthatITservicesatmanyorganizationswillbeprovidedbyamixtureoftraditionalandcloud-basedinternalandexternalservices.
Duringatypicalday,employeesmayaccessavarietyofdifferentservices,someofwhichareinternalandsomeexternal.
Ultimately,theyshouldbeabletoeasilymovebetweentheseserviceswithoutneedingtologinmultipletimesorevenknowwheretheservicesarelocated.
Securingaccesstocloud-basedservicespresentschallengesthataren'teasilyaddressedusingconventionalsecuritycontrols.
Incloudenvironments,systemsandtheirdataarevirtualizedandmaymigratedynamicallytodifferentnetworklocations.
Thismakesitdifficulttoeffectivelyrestrictaccessusingtraditionalsecuritycontrolssuchasfirewalls,whichrelyonfixedlocationsofsystemsandamorestaticnatureofthedata.
Weneedmuchmoregranularanddynamiccontrolsthatarelinkedtotheresourcesthemselvesratherthanjusttheirnetworklocation.
ChangingThreatLandscapeThethreatlandscapeisevolvingrapidly.
Increasingly,attackersaretakingastealthyapproach,creatingmalwarethatquietlygainsaccessandattemptstoremainundetectedinordertomaintainaccessovertime.
Asthenumberofthreatsincreasesandnewtypesofmalwareemerge,weneedtoassumethatcompromiseisinevitable.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility91Traditionalenterprisesecurityarchitectureshavereliedlargelyonpreventativecontrolssuchasfirewallslocatedatthenetworkperimeter.
However,ourprimaryfocushasshiftedtoprovidingcontrolledaccesstoabroaderrangeofusersanddevices,ratherthansimplypreventingaccess.
Inaddition,thecontinuallychangingthreatlandscapemakesitnecessarytoassumethatcompromisewilloccur.
Onceattackershavegainedaccesstotheenvironment,thepreventativecontrolstheyhavebypassedareworthless.
Althoughtheseperimetercontrolswillcontinuetohavesomevalue,weneedtoolsthatincreasetheabilitytosurviveandrecoveronceattackershavegainedaccesstotheenvironment.
PrivacyandRegulatoryRequirementsThegrowingemphasisonprivacyrequirementsandtheincreasinglycomplexregulatoryenvironmenthavemanyimplicationsforthewaywemanageinformation.
Someregulationscreatetheneedformorecontroloverwhereinformationisstoredandrequirespecificlevelsofprotectionandtracking.
Ourarchitecturemustprovidethisassurance,allowingustobuildahigh-securityenvironmentandaccesscontrolsappropriatefortheprotectionofhighlyregulatedinformation.
NewArchitectureTomeettheserapidlychangingrequirements,weneedahighlyflexibleanddynamicarchitecture.
Thearchitectureshouldenableustomorequicklyadoptnewdevices,usemodels,andcapabilities;providesecurityacrossanincreasinglycomplexenvironment;andadapttoachangingthreatlandscape.
AtIntel,weformedateamcharteredwithdesigningthisarchitecturefromscratch,takingafreshapproachtoenterprisesecurity,thendetermininghowtoimplementthisnewarchitectureacrossourexistingITenvironment.
Keygoalsincludehelpingincreaseemployeeproductivitywhilesupportingnewbusinessrequirementsandtechnologytrends,includingITconsumerization,cloudcomputing,andaccessbyabroaderrangeofusers.
Atthesametime,thearchitectureisdesignedtoreduceourattacksurfaceandimprovesurvivability—evenasthethreatlandscapegrowsincomplexityandmaliciousness.
Thearchitecturemovesawayfromthetraditionalenterprisetrustmodel,whichisbinaryandstatic.
Withthistraditionalmodel,auserisingeneraleithergrantedordeniedaccesstoallresources;oncegranted,thelevelofaccessremainsconstant.
Thenewarchitecturereplacesthiswithadynamic,multitieredtrustmodelthatexercisesmorefine-grainedcontroloveridentityandaccesscontrol,includingaccesstospecificresources.
Thismeansthatforanindividualuser,thelevelofaccessprovidedmayvarydynamicallyovertime,dependingonavarietyoffactors—suchaswhethertheuserisaccessingthenetworkfromahighlysecuremanageddeviceoranuntrustedunmanageddevice.
Thearchitecture'sflexibilityallowsustotakeadvantageoftrustthat'sbuiltintodevicesatahardwarelevel,aswellastrustinapplicationsandservices.
Increasingly,deviceswillincludehardware-enforcedsecuritydesignedtoensuretheintegrityoftheapplicationsanddataonthedevice.
ThearchitecturetakesthisintoaccountwhenChapter7ANewSecurityArchitecturetoImproveBusinessAgility92determiningwhethertoallowaccesstospecificresources—amore-trustedplatformcanbeallowedgreateraccessthanaless-trustedone.
Thearchitectureisbasedonfourcornerstones:TrustCalculation.
Thisuniqueelementofthearchitecturehandlesuseridentityandaccessmanagement,dynamicallydeterminingwhetherausershouldbegrantedaccesstospecificresourcesand,ifso,whattypeofaccessshouldbegranted.
Thecalculationisbasedonfactorssuchastheuser'sclientdeviceandlocation,thetypeofresourcesrequested,andthesecuritycontrolsthatareavailable.
SecurityZones.
Theinfrastructureisdividedintomultiplesecurityzonesthatprovidedifferentlevelsofprotection.
Theserangefromtrustednetworkzonescontainingcriticaldata,withtightlycontrolledaccess,tountrustedzonescontainingless-valuabledataandallowingbroaderaccess.
Communicationbetweenzonesiscontrolledandmonitored;thishelpsensureuserscanonlyaccesstheresourcesforwhichtheyhavebeenauthorizedandpreventscompromisesfromspreadingacrossmultiplezones.
BalancedControls.
Toincreaseflexibilityandtheabilitytorecoverfromasuccessfulattack,themodelemphasizestheneedforabalanceofdetectiveandcorrectivecontrolsinadditiontopreventativecontrolssuchasfirewalls.
Thisincludesafocusonbusinessintelligenceanalyticaltoolstodetectanomalouspatternsthatmayindicateattemptstocompromisetheenvironment.
UserandDataPerimeters.
Recognizingthatprotectingtheenterprisenetworkboundaryisnolongeradequate,weneedtotreatusersanddataasadditionalsecurityperimetersandprotectthemaccordingly.
Thismeansanincreasedfocusonuserawarenessaswellasdataprotectionbuiltintotheinformationassets.
I'lldescribeeachofthefourcornerstonesinmoredetail.
TrustCalculationThetrustcalculationplaysanessentialroleinprovidingtheflexibilityrequiredtosupportarapidlyexpandingnumberofdevicesandusagemodels.
Thecalculationenablesustodynamicallyadjustusers'levelsofaccess,dependingonfactorssuchasthedevicesandnetworkstheyarecurrentlyusing.
Itcalculatestrustintheinteractionbetweenthepersonordevicerequestingaccess(source)andtheinformationrequested(destination).
Thecalculationconsistsofasourcescoreandadestinationscore,takingintoaccountthecontrolsavailabletomitigaterisk.
AsshowninFigure7-1,theresultofthiscalculationdetermineswhethertheuserisallowedaccessandthetypeofaccessprovided.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility93Figure7-1.
Trustcalculation.
Source:IntelCorporation,2012SourceScoreTrustinthesource,orrequestor,iscalculatedbasedonthefollowingfactors:Who.
Theidentityoftheuserorservicerequestingaccessandourconfidencelevelintheauthenticationmechanismused—howconfidentarewethatusersarewhotheysaytheyareWhat.
Thedevicetype,itscontrolcapabilities,ourabilitytovalidatethosecontrols,andtheextenttowhichIntelITmanagesthedevice.
Where.
Theuser'sorservice'slocation.
Forexample,auserwhoisinsidetheIntelenterprisenetworkismoretrustedthanthesameuserconnectingthroughapublicnetwork.
Theremayalsobeotherconsiderations,suchasthegeographicalregionwheretheuserislocated.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility94DestinationScoreThisiscalculatedbasedonthesamethreefactors,buttheseareconsideredfromtheperspectiveofthedestination—theinformationthesourceistryingtoaccess:Who.
Theapplicationthatstorestherequesteddata.
Someapplicationscanenforcegreatercontrols,suchasenterpriserightsmanagement(ERM),andthereforeprovideahigherleveloftrust.
What.
Thesensitivityoftheinformationbeingrequestedandotherconsiderations,suchasourabilitytorecoveritifcompromiseoccurs.
Where.
Thesecurityzoneinwhichthedataresides.
AvailableControlsThetrustcalculationalsotakesintoaccountthesecuritycontrolsavailableforthezone.
Iftheonlycontrolsavailablearecontrolsthatsimplyblockorallowaccess,wemightdenyaccessduetolackofotheroptions.
However,ifwehaveextensivepreventativecontrolswithhighlygranularlevelsofaccess,detailedlogs,andhighlytunedsecuritymonitoring—aswellastheabilitytorecoverfromorcorrectproblems—thenwecanallowaccesswithoutcreatingadditionalrisk.
CalculatingTrustThetrustcalculationaddsthesourcescoreandthedestinationscoretoarriveataninitialtrustlevel.
Theavailablecontrolsarethenconsideredtomakeafinaldecisionaboutwhetheraccessisallowedand,ifso,how.
Thiscalculationisperformedbyalogicalentitycalledapolicydecisionpoint(PDP),whichispartoftheauthenticationinfrastructureandmakesaccesscontroldecisionsbasedonasetofpolicies.
Basedontheresultsofthiscalculation,thePDPmakesadecision,allocatingatrustlevelthatdetermineswhethertheusercanaccesstherequestedresourceandthetypeofaccessthatisallowed.
Broadly,thedecisionwillfallintooneofthefollowingcategories:AllowaccessDenyaccessAllowaccesswithlimitationsormitigationThistrustcalculationthereforeallowsustodynamicallyapplygranularcontroloveraccesstospecificresources.
Forexample,employeesusingIT-manageddeviceswithadditionalhardwarefeaturessuchasatrustedplatformmodule(TPM),globalpositioningsystem(GPS),andfulldiskencryptionwouldbeallowedaccesstomoreresourcesthanwhenusingdevicesthatlackthosefeatures.
EmployeesdirectlyconnectedtotheIntelnetworktypicallygetgreateraccessthanwhenusingapublicnetwork.
Ifweareunabletoverifythelocationofahigh-securitydevicesuchasamanagedPC,wewouldallowlessaccess.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility95Thetrustcalculationalsocanbeusedformorefine-graineddistinctionsbetweendifferentdevicemodels.
Forexample,wecouldprovidedifferentlevelsofaccessbasedonsmartphonemanageability,hardware-enabledauthenticationandencryption,andinstalledapplications.
Weanticipatesituationsinwhichthetrustlevelisnotadequatetoallowanyaccess,butthereisstillabusinessrequirementtoallowaconnectionortransactiontooccur.
Intheseconditions,theresultofthetrustcalculationcouldbeadecisiontoallowaccesswithlimitationsorwithcompensatingcontrolsthatmitigatetherisk.
Forexample,ausermightbeallowedread-onlyaccessormightbepermittedaccessonlyifadditionalmonitoringcontrolsareinplace.
We'reimplementingthistrustcalculationacrossIntel'senvironment.
Today,thetrustcalculationmakesdecisionsbasedoninformationgatheredfromcomponentsatmultiplelevelsoftheinfrastructure,suchasnetworkgateways,accesspoints,anduserdevices.
Oncethetrustcalculationmechanismisinplace,wecanextendittoincludeinformationfromabroaderrangeofsources.
Forexample,thecalculationmighttakeintoaccountthelevelofhardware-enforcedsecurityfeaturesbuiltintotheuser'sdevice.
Thiswouldallowustoprovidegreateraccesstouserswhohavemore-trusteddevices.
Thetrustcalculationcanbeusedtodetermineaccesstointernalsystemsbybusinesspartnersaswellasemployees.
Let'ssaywe'recollaboratingwithanothercompanyonthedesignofanewproduct.
Anengineeratthatcompanywantsaccesstoaspecificdocument.
Wecanaddavarietyofcriteriatothetrustcalculationfordecidingwhethertograntaccess.
Didtheengineer'srequestoriginatewithinthebusinesspartner'senterprisenetworkIsitconsistentwiththetypeofrequestthatwe'dexpectfromanengineerIfso,wehaveahigherleveloftrustintherequestor.
Ifwecannotestablishanadequateleveloftrustintheuser'sdevice,butotherfactorsprovideenoughconfidencetograntaccess,wemightprovideone-timeaccessforaspecificjob.
Wecoulddothisbyallowingadocumenttobedownloaded,butonlywithinacontainerthatensuresthedocumentiscompletelyremovedfromtheuser'sdeviceoncethejobiscompleted.
Longerterm,thetrustcalculationcouldbecomeamechanismthatisusedtodetermineaccesstobothinternalandexternalresources.
IntelIT,likemanycompanies,isusingsomeexternalcloud-basedapplications,whiledevelopinganinternalprivatecloudformostapplications.
Inthefuture,weanticipategreateruseofahybrid-cloudapproach.
Thetrustcalculationcouldbeusedtomanageidentityandaccessforboth.
SecurityZonesThearchitecturedividestheITenvironmentintomultiplesecurityzones.
Theserangefromuntrustedzonesthatprovideaccesstolessvaluabledataandlessimportantsystemstotrustedzonescontainingcriticaldataandresources.
Becausethehigher-trustzonescontainmorevaluableassets,theyareprotectedwithagreaterdepthandrangeofcontrols,andwerestrictaccesstofewertypesofdevicesandapplications,asshowninFigure7-2.
However,devicesallowedaccesstohigher-trustzonesalsohavemorepower—theymaybeabletoperformactionsthatarenotallowedwithinlower-trustzones,suchascreatingormodifyingenterprisedata.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility96Aligningtheinfrastructureinthisfashionprovidesanexcellentwaytoright-sizesecuritycontrolssothatsecurityresourcesareutilizedeffectively.
Italsohelpsimprovetheuserexperiencebyenablingemployeestochoosefromawiderrangeofdevices,suchassmartphones,forlower-riskactivities.
Accesstozonesisdeterminedbytheresultsofthetrustcalculationandiscontrolledbypolicyenforcementpoints(PEPs).
PEPsmayincludearangeofcontrols,includingfirewalls,applicationproxies,intrusiondetectionandpreventionsystems,authenticationsystems,andloggingsystems.
Communicationbetweenzonesistightlyrestricted,monitored,andcontrolled.
WeseparatezonesbylocatingthemondifferentphysicalorvirtualLANs;PEPscontrolcommunicationbetweenzones.
Thismeansthatifonezoneiscompromised,wecanpreventtheproblemfromspreadingtootherzonesorincreaseourchancesofdetectionifitdoesspread.
Inaddition,wecanusePEPcontrols,suchasapplicationproxies,toprovidedevicesandapplicationsinlower-trustzoneswithlimited,controlledaccesstospecificresourcesinhigher-trustzoneswhenrequired.
Thearchitectureincludesthreeprimarycategoriesofsecurityzone:untrusted,selective,andtrusted.
Withinthezones,therearemultiplesubzones.
UntrustedZonesThesezoneshostdataandservices(ortheinterfacestothem)thatcanbeexposedtountrustedentities.
Thisallowsustoprovidewidespreadaccesstoalimitedsetofresourcesfromnon-managedconsumerdevices,withoutincreasingtherisktohigher-valueresourceslocatedinotherzones.
Untrustedzonesmightprovideaccesstoenterpriseresources,suchascorporatee-mailandcalendars,ortheymightsimplyprovideInternetaccess.
Figure7-2.
Asthevalueofanassetincreases,thedepthandspanofcontrolsincrease,whilethenumberofalloweddevices,applications,andlocationsdecrease.
Source:IntelCorporation,2012Chapter7ANewSecurityArchitecturetoImproveBusinessAgility97Thesezonesareregardedas"sharktanks,"withahighriskofattackandcompromise.
Therefore,detectiveandcorrectivecontrolsareneededtomitigatethisrisk.
Thesecontrolsmightincludeahighlevelofmonitoringtodetectsuspectactivityandcorrectioncapabilitiessuchasdynamicremovalofuserprivilege.
Weanticipateaneedtoprovidecontrolledaccessfromthesezonestoresourcesinhigher-trustzones.
Forexample,anemployeeusinganuntrusteddevicemightbeallowedlimited,read-onlyaccesstocustomerdatalocatedinatrustedzone;ortheirdevicemightneedaccesstoadirectoryserverinatrustedzonetosende-mail.
Weexpecttoprovidethiscontrolledaccessusingapplicationproxies.
Theseproxiesactassecureintermediaries—evaluatingtherequestfromthedevice,gatheringtheinformationfromtheresourceinatrustedzone,andpassingittothedevice.
SelectiveZonesSelectivezonesprovidemoreprotectionthanuntrustedzones.
Examplesofservicesinthesezonesincludeapplicationsanddataaccessedbycontractors,businesspartners,andemployees,usingclientdevicesthataremanagedorotherwiseprovidealeveloftrust.
Selectivezonesdonotcontaincriticaldataorhigh-valueIntelintellectualproperty.
Severalselectivesubzonesprovideaccesstodifferentservicesorusers.
TrustedZonesTrustedzoneshostcriticalservices,data,andinfrastructure.
Theyarehighlysecuredandlockeddown.
Examplesofserviceswithinthesezonesareadministrativeaccesstodatacenterserversandnetworkinfrastructure,factorynetworksanddevices,enterpriseresourceplanning(ERP)applications,anddesignengineeringsystemscontainingintellectualproperty.
Accordingly,wemightonlyallowdirectaccesstotheseresourcesfromtrustedsystemslocatedwithintheenterprisenetwork,andallaccesswouldbemonitoredcloselytodetectanomalousbehavior.
AtIntel,wehaveimplementedsecurehigh-trustzonesaspartofourtransitiontoanenterpriseprivatecloud.
Implementingthesezoneswasakeystepinallowingustomoveseveralcategoriesofapplicationontovirtualizedcloudinfrastructure,includinginternalapplicationsrequiringhighsecurity,aswellasexternallyfacingapplicationsusedtocommunicatewithbusinesspartners.
Thesecurityfeaturesinthesetrustedzonesincludeapplicationhardeningandincreasedmonitoring.
Wecontinuetoaddfurthersecuritycapabilitiesovertime.
NEWSECURITYARCHITECTUREINACTION:ADAYINTHELIFEOFANEMPLOYEEThisexample(illustratedinFigure7-3)describeshowthenewsecurityarchitectureenablestheIntelsalesforcetoaccesstheinformationtheyneedinthecourseofaday.
Atthesametime,thearchitectureprotectsIntel'ssecuritybydynamicallyadjustingthelevelofaccessprovided,basedontheuser'sdeviceandlocation,andbymonitoringforanomalousbehavior.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility98Theemployeetravelstoacustomersite.
Theemployeeisusingapersonalsmartphonewithlimitedsecurityfeaturesandsoisallowedaccessonlytoservicesinuntrustedzones.
Fromhere,theemployeecanviewlimitedcustomerinformation,includingrecentorders,extractedfromanenterpriseresourceplanning(ERP)systeminatrustedzone—butonlythroughanapplicationproxyserver,whichprotectsthetrustedzonebyactingasanintermediary,evaluatinginformationrequests,accessingtheERPsystem,andrelayingtheinformationtotheuser.
Ifasmartphonerequestsanabnormallylargenumberofcustomerrecords—anindicationthatitmayhavebeenstolen—furtheraccessfromthesmartphoneisblocked.
Tohelpunderstandthereasonfortheanomalousaccess,thereisincreasedmonitoringoftheemployee'sattemptstoaccessthesystemfromanydevice.
Theemployeereachesthecustomersiteandlogsintotheenterprisenetworkfromacompany-ownedmobilebusinessPC.
Becausethisdeviceismoretrusted,theemployeenowhasaccesstoadditionalcapabilitiesavailableinselectivezones,suchastheabilitytoviewpricingandcreateordersthatarerelayedbyanapplicationproxytotheERPsysteminatrustedzone.
Figure7-3.
Thenewsecurityarchitecturedynamicallyadjuststheuser'saccesstoinformation,basedonfactorssuchastheuser'sdeviceandlocation.
Source:IntelCorporation,2012Chapter7ANewSecurityArchitecturetoImproveBusinessAgility99Theemployeereturnstothecompany'sofficeandconnectstothecorporatenetwork.
NowtheemployeeisusingatrusteddevicefromatrustedlocationandhasdirectaccesstotheERPsysteminatrustedzone.
BalancedControlsOverthepastdecade,enterprisesecurityhasfocusedheavilyonpreventativecontrolssuchasfirewallsandintrusionpreventionsystems.
Thisapproachoffersclearbenefits:itislessexpensivetopreventanattackthantocorrectproblemsafteronehasoccurred,anditiseasytoseewhenfirewallshavesuccessfullypreventedanattemptedcompromise.
However,thenewsecuritymodelrequiresthatwebalancepreventativecontrolswithdetective(monitoring)andcorrectivecontrols,forseveralreasons.
First,thefocusofthenewmodelisonenablingandcontrollingaccessfromawiderrangeofusersanddevices,ratherthanonpreventingaccess.
Second,thecontinuallychangingthreatlandscapemakesitnecessarytoassumethatcompromisewilloccur;allpreventativecontrolswilleventuallyfail.
Onceattackershavegainedaccesstotheenvironment,thepreventativecontrolstheyhavebypassedareworthless.
Byincreasingtheuseofdetectivecontrolsandimplementingmoreaggressivecorrectivecontrols,wecanmitigatetheriskofallowingbroaderaccess.
Thesecontrolsalsoincreaseourabilitytosurviveandrecoverfromasuccessfulattack.
USINGSECURITYBUSINESSINTELLIGENCETODETECTSUSPICIOUSBEHAVIORLikeanylargeorganization,Intelhasexperiencedsecurityissuesinvolvingbothexternalattackersandinsiders,includingattemptstostealintellectualproperty.
Aswe'veinvestigated,wehaveidentifiedmarkersandindicatorsthatarefrequentlyassociatedwiththeseevents.
Werealizedthatifwehadbeenabletospottheseindicatorssooner,wecouldhaverespondedandmitigatedthethreatsmorequickly.
Securitybusinessintelligenceisakeytechnologythatwecanusetodetectsuspiciousbehaviorastheenvironmentbecomesmorecomplexandattackersbecomemoreadeptatconcealingcompromises.
Analyticaltoolsautomatetheprocessofanalyzinglargevolumesofdatatodetectandmonitoranomalousactivity,allowingustodetectproblemsthatwemightotherwisemiss.
Thesecapabilitiesaresimilartothosealreadyimplementedbyfinancialinstitutionstopreventfraudulentcredit-cardtransactions,andbyonlineconsumerservicestopreventtheftofuserdata.
Banksmonitoraccessattemptsandonlinetransactionstodeterminewhethertotrusttheuser'sidentityandwhethertoallowtheuser'sactivity.
Iftheuseristryingtotransferalargesumtoanexternalaccount,thebank'ssystemsmaycomparethetransactionwiththeuser'spreviousbehaviortoseeifitappearstobeabnormal.
Tomitigaterisk,thebankmaydelaylargetransferssoitcanperformadditionalanalysisandinformtheaccountownerbye-mail.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility100Inasimilarway,wecanusesecuritybusinessintelligence—analysisandcorrelationofdatagatheredbymonitoring—toanalyzepatternsofbehavior.
Thiscandetectandthwartpossibleattacks.
Onalargescale,loggingdatageneratedbyserversandsensorsacrossthenetworkcanbecollectedintoadatabaseforanalysis.
AtIntel,weareusinganalytictoolstocorrelatethisaggregateddataandflaganomaliesforfurtherinvestigation.
Forexample,iftrafficwithinaserverclusterbecomesabnormallyhigh,itmightindicatethatabotnetisexploitingoneoftheserverstobroadcasttrafficacrosstheWeb.
Securitybusinessintelligencecanalsobeappliedatthelevelofindividualusersanddevices.
AtIntel,we'reimplementingmonitoringtechnologythattracksusers'loginsandaccessattempts,asIdescribedinChapter5.
Ourstrategyistomakelogininformationavailabletouserssothattheycanhelptospotunauthorizedaccessattempts.
Inthefuture,Ienvisagethatthesystemcouldanalyzeusers'historicalbehaviorpatternstodeterminehowtorespondwhenusersrequestaccesstoresources.
Thesystemcouldcomparetherequestwiththeuser'spreviousactions:whathaveyoudonebefore,andisthisrequestconsistentwiththosebehaviorsorisitananomalyandthereforesuspiciousIftherequestappearsconsistentwithpreviousbehavior,thesystemwouldpasstherequesttothetrustcalculation;ifitappearsanomalous,thesystemmightdenytherequestandalertthesecurityteam.
WithinIntel,wehavealsodeployedadashboardthatprovidesgranularinformationaboutinfectedclientsandservers,boostingourabilitytointervenequicklyandaccurately.
Duetooureffortstodetectandremovemalwarebeforeinfectionsoccur,weachieveda33percentreductioninmalwareimpactsin2011,despiteexperiencinga50percentincreaseinthenumberofvariants(Intel2012a).
Wealsoplantoaddapredictiveenginethatenablesproactiveprotectionandsimulationsthatcanimproveourabilitytorespondtothreats.
Thebalancebetweenpreventative,detective,andcorrectivecontrolswillvary,dependingonthesecurityzone.
Inhigh-trustzones,weimplementextensivemonitoringtodetectpossibleattemptstostealdataorcompromisecriticalsystems.
Redundancywithineachtypeofcontrolcanbeusedtoprovideadditionalprotection.
Thefollowingincludespossibleexamplesofusingdetectiveandpreventativecontrols:AnIntelemployeeattemptstosendaconfidentialdocumenttoanon-Intele-mailaddress.
Monitoringsoftwaredetectstheattempt,preventsthedocumentfrombeingsentoutsidethefirewall,andaskstheIntelemployeeifheorshereallyintendedtodothis.
Iftheemployeeconfirmsthatthiswasintended,thedocumentmaybetransmitted—orifthedocumentishighlysensitive,aredactedversionmaybesent.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility101Inappropriateuseofadocumentprotectedwithenterpriserightsmanagementtechnologyresultsinrevocationofaccesstothedocument.
Thesystemallowsaccesstospecificdocumentsbuttrackstheactivity.
Ausercandownloadafewdocumentswithoutcausingconcerns.
However,iftheuserattemptstodownloadhundredsofdocuments,thesystemslowsdownthespeedofdelivery(forinstance,onlyallowingtentobecheckedoutatatime)andalertstheuser'smanager.
Ifthemanagerapproves,theuserisgivenfasteraccess.
Thedetectionofaninfectedsystemplacesthesystemonaremediationnetwork,isolatingthesystemandrestrictingaccesstoenterpriseinformationandapplications.
Thesystemmayretainsomeabilitytoaccesscorporateassets,butallactivityiscloselyloggedtoenableincidentresponseifnecessary.
Whenasystemisfoundtobecompromised,weexamineallitsrecentactivitiesandinteractionswithothersystems.
Additionalmonitoringofthosesystemsisautomaticallyenabled.
UsersandData:TheNewPerimetersTheconceptofbalancedcontrolsalsoextendstotheprotectionofusersanddata.
Traditionalnetworksecurityboundariesaredissolvingwiththeproliferationofnewdevicesandusers'expectationsthattheyshouldbeabletoaccessinformationfromanywhereatanytime.
Usersareunderdirectassaultfromabarrageofattacksdesignedtotrickthemintotakingactionsthatcancompromisetheinformationontheirdevicesoronenterprisesystems.
Thesetrendsmeanthatweneedtothinkmorebroadlyabouthowweprotectinformation,aswellastheusersofthisinformation.
Whilewecontinuetoimplemententerprisenetworkcontrols,suchasperimeterdefensesandthedetectivecontrolsdescribedearlier,weneedtosupplementthesecontrolswithafocusontheusersandontheprimaryassetswearetryingtoprotectsuchasintellectualproperty.
Thenewarchitecturethereforeexpandsourdefensestotwoadditionalperimeters:thedataitselfandtheuserswhohaveaccesstothedata.
DataPerimeterImportantdatashouldbeprotectedatalltimes—whenitiscreated,stored,andtransmitted.
Thisbecomesincreasinglychallengingaswemovedatatomoreandmoredevicesandletmorepeopleaccessit.
Howdoweprotectinformationwhenit'slocatedoutsidethephysicalperimeteronapersonaldeviceAtIntelIT,we'reimplementingtechnologiesthatcloselyintegrateprotectionwithhigh-valuedatasothatthedataremainsprotectedasitmovestodifferentdevicesandlocations.
Technologies,suchasenterpriserightsmanagementanddataleakprevention,canbeusedtowatermarkandtaginformationsothatwecantrackandmanageitsuse.
Withenterpriserightsmanagement,thecreatorofadocumentcandefineexactlywhoChapter7ANewSecurityArchitecturetoImproveBusinessAgility102hasaccessrightsthroughoutthelifeofthedocumentandcanrevokeaccessatanypoint.
Datalosspreventionisusedtotagdocuments,tracktheirmovements,andpreventtransferoutsidetheorganizationifnecessary.
UserPerimeterAsIdescribedinChapter5,peoplearepartofthesecurityperimeter,andweneedtotreatthemassuch.
Userscanbecomesecurityrisksforavarietyofreasons.
Theyaretargetedmorefrequentlyinsocialengineeringattacks,andtheyaremorevulnerabletotheseattacksbecausetheirpersonalinformationisoftenreadilyavailableonsocialnetworkingsites.
Theymayalsoclickmaliciouslinksine-mail,downloadmalware,orstoredataonportabledevicesthatthenarelost.
AtIntel,we'vefoundthatacombinationoftraining,incentives,andotheractivitiescanhelpinstillinformationsecurityandprivacyprotectionintothecorporatecultureandsuccessfullyencouragesemployeestoownresponsibilityforprotectingenterpriseandpersonalinformation.
We'veseenoureffortspayoff,withemployeescallingthehelpdeskorsendinge-mailalertswhentheynoticesomethingthatdoesn'tseemright.
Asdiscussedinthesidebar("UsingSecurityBusinessIntelligencetoDetectSuspiciousBehavior"),ourstrategyalsoincludesmakingaccountaccesslogsavailabletouserssothattheycanhelpspotunauthorizedaccessattempts.
ConclusionThischapterdescribesanewarchitecturedesignedtosupporttheProtecttoEnablemission.
Itsgoalistoallowfasteradoptionofnewservicesandcapabilitieswhileimprovingsurvivability.
AtIntel,webelievethatthisarchitecturecanbeusedtomeetabroadrangeofevolvingrequirements,includingnewusagemodelsandthreats.
Becauseofthis,weareworkingtoingrainthismodelintoallaspectsofIntelIT,fromdevelopmenttooperations.
We'vealreadyusedaspectsofthearchitecturetoprovidesolutionstochallengingusecases,whileactuallyreducingrisk.
Forexample,we'vebeenabletomoveimportantinternalandInternet-facingapplicationstoaprivatecloudbyutilizinghigh-trustzones.
We'vesuccessfullyusedvariousapproachestoprotecttheuseranddataperimeters.
Wealsousedbalancedcontrolsandtrustzonestoenablenetworkaccessfromemployee-owneddevices.
Insomecases,projectshaveseentheirsecurityoverheaddecreasebyadoptingthismodel.
Ibelievethatthearchitecturecouldprovidesimilarvaluetootherorganizationsfacingsimilarchallenges.
Bypublishinginformationaboutthearchitecture,wehopetoencourageotherstotakeadvantageofthisarchitecturewhereveritmeetstheirneeds.
Wealsohopethatmakingthisinformationavailablewillstimulatemorediscussionandideas,andthatotherswillbuildontheseconceptstocreatefurtherinnovationsthatbenefitallofus.
大硬盘服务器、存储服务器、Chia矿机。RackNerd,2019年末成立的商家,主要提供各类KVM VPS主机、独立服务器和站群服务器等。当前RackNerd正在促销旗下几款美国大硬盘服务器,位于洛杉矶multacom数据中心,亚洲优化线路,非常适合存储、数据备份等应用场景,双路e5-2640v2,64G内存,56G SSD系统盘,160T SAS数据盘,流量是每月200T,1Gbps带宽,配5...
达州创梦网络怎么样,达州创梦网络公司位于四川省达州市,属于四川本地企业,资质齐全,IDC/ISP均有,从创梦网络这边租的服务器均可以备案,属于一手资源,高防机柜、大带宽、高防IP业务,一手整C IP段,四川电信,一手四川托管服务商,成都优化线路,机柜租用、服务器云服务器租用,适合建站做游戏,不须要在套CDN,全国访问快,直连省骨干,大网封UDP,无视UDP攻击,机房集群高达1.2TB,单机可提供1...
WordPress经典外贸企业建站主题,经典配色扁平化简约设计+跨屏自适应移动端设备,特色外贸企业建站功能模块+在线Inquiry询单功能,更有利于Google等英文搜索优化和站点收录。采用标准的HTML5+CSS3语言开发,兼容当下的各种主流浏览器: IE 6+(以及类似360、遨游等基于IE内核的)、Firefox、Google Chrome、Safari、Opera等;同时支持移动终端的常用...
partnersonline为你推荐
硬盘工作原理数据存储的原理是什么蓝色骨头手机谁有崔健执导的电影《蓝色的骨头》。原代码求数字代码大全?rawtoolsU盘显示是RAW格式怎么办罗伦佐娜维洛娜毛周角化修复液治疗毛周角化有用吗?谁用过?能告诉我吗?javmoo.comjavbus上不去.怎么办bbs2.99nets.com让(bbs www)*****.cn进入同一个站ww.66bobo.com谁知道11qqq com被换成哪个网站ww.66bobo.com这个WWW ̄7222hh ̄com是不是真的不太易开了,换了吗?66smsm.comffff66com手机可以观看视频吗?
万网域名注册 日本私人vps 香港加速器 t牌 私服服务器 debian6 52测评网 福建天翼加速 权嘉云 dux 日本bb瘦 微软服务器操作系统 linux使用教程 根服务器 1美元 阿里云邮箱怎么注册 reboot ddos攻击 国内免备案cdn qq空间登陆首页 更多