87Chapter7ANewSecurityArchitecturetoImproveBusinessAgilityRealityandRhetoricAnorganization'sabilitytolearn,andtranslatethatlearningintoactionrapidly,istheultimatecompetitiveadvantage.
—JackWelchSomeStarTrekepisodesfeaturesuspense-filledbattlesinwhichadversariesusesophisticatedphase-shiftingweaponsthatcanberapidlyadjusteduntiltheyfindawaytopenetratestaticforce-fielddefenses.
Forabeleagueredstarship,theonlyeffectiveresponseistousesimilarlyadaptableandfast-changingshields.
Asinformationsecurityprofessionals,wealsoneedextremelyagiledefensesthatcanbequicklyadaptedtomeetnewdemands.
Attackersarecontinuallyadapting,anddefendersalsoneedtocontinuallyadapt.
Butrapidlyevolvingthreatsareonlypartofthechallenge.
ThetechnologylandscapeischangingjustasfastduetotrendslikeITconsumerization.
AsIntel'sinformationriskandsecuritygroupconsidersthefuture,werealizethatweneedtoradicallychangeourapproachinordertofacethechallengesaheadandsupporttheProtecttoEnablemission.
Weneedamoreagilesecurityarchitecturethatcanquicklylearnandadapttonewchallengesastheyemerge.
Becausetheenvironmentischangingsoquickly,inwayswecannotcontrol,it'simpossibletopredictallthefuturechallengeswe'llneedtoface.
Weneedanarchitecturethatcanlearntomanagewhatwedon'tknow.
Thisflexibilitywillhelpthebusinessmovemorequickly,byenablingustorapidlyadoptnewtechnologiesandemergingusagemodelswhilecontinuingtoprovidesecurityintheever-evolvingthreatlandscape.
Alearningsystemishardertodefeatbecauseitcanmorequicklyadaptinresponsetonewattacks.
Afterintensebrainstormingsessions,ourinformationriskandsecurityteamdevisedanewsecurityarchitecture.
ThisarchitectureisourimplementationoftheProtecttoEnablestrategy.
Inthischapter,I'llprovideahigh-leveloverviewofthearchitectureanddescribehowitmeetssomekeysecuritychallenges.
ThoughtheoverviewisbasedonourworkatIntel,IbelievethatthisisanovelapproachtoenterprisesecuritythatmaybevaluableChapter7ANewSecurityArchitecturetoImproveBusinessAgility88tomanyotherorganizationsfacingtheseuniversalchallenges.
Myconversationswithpeersatothercompanieshavevalidatedthisview.
Manyofthemareconsideringsimilarstrategiesandinsomecaseshavebegunimplementingthem.
WeareimplementingthisarchitectureacrossIntel'sITenvironmentinaradicalfive-yearredesignofourinformationsecuritytechnology.
Evenwhiletheimplementationisinprogress,thenewarchitecturehasalreadydeliveredresultsbyhelpingusprovideinnovativesolutionstochallengingusecaseswhileactuallyreducingrisk.
IntelIThaspublishedmoredetaileddescriptionscoveringseveralaspectsofthearchitecture(Ben-Shalometal.
2011,SunderlandandChandramouly2011,Gutierrezetal.
2012),andweexpecttocontinuetopublishinformationinthefuture.
Akeyaspectofthearchitectureisthatitprovidesmoreflexible,dynamic,andgranularsecuritycontrolsthantraditionalenterprisesecuritymodels.
Thishelpsusaccommodateusagemodelssuchasbring-your-own-device(BYOD).
Wecanprovideuserswithdifferentlevelsofaccessdependingonfactorssuchasthedevicestheyareusingandtheirlocation.
Toachievethis,thetechnologydynamicallyadjustsauser'saccessprivilegesasthelevelofriskchanges.
Forexample,anemployeeshouldhavemorelimitedaccesstooursystemswhenusingaless-securedevicethanwhenusingahardened,fullymanagedenterprise-classsystem.
Thenewarchitecturegreatlyimprovesthreatmanagement.
Asnewrisksappear,weneedtobeabletoquicklyrecognizewhichoneswecanmitigate,learnasmuchaswecan,andtakeactionasquicklyaspossible.
AtIntel,weusemanyinformationsourcestogainanunderstandingoftherisks.
Collectively,thesesourcesprovideacontinuousfeedofcollectiveintelligencethatwecanusetolearn,adapt,andevolve.
AsIdescribedinChapter6,weuseemergingthreatanalysistohelpusanticipatefuturerisks.
Butourarchitecturealsoassumesthatcompromiseisinevitableandfocusesheavilyonsurvivability.
Weareapplyingsecuritymonitoringandbusinessintelligencetoanalyzepatternsofbehavioranddetectanomaliesthataresymptomsofattacks.
Withthisknowledge,wecanfurtherinvestigateandapplymitigationwherenecessary.
Inthefuture,thisapproachcouldbeextendedbyautomaticallytakingcorrectiveactionwhereitmakessensetodoso.
BusinessTrendsandArchitectureRequirementsBeforedivingintothespecificsofthearchitecture,I'llrecapsomeofthekeybusinessandtechnologytrends,focusingonhowtheydrivetheneedforspecificcapabilitiesinsecuritytechnology.
ITConsumerizationAsIdiscussedinChapter5,consumerizationisamajorITthemewithever-broadeningimpact.
Itincludesseveraltrends,includingtheadoptionofnewapplicationsandsupportforconsumerdevices.
ManyofIntel'shighlymobileemployeeswanttousetheirownconsumerdevices,suchassmartphonesandtablets,forwork.
Thisincreasesproductivitybyenablingemployeestocollaborateandaccessinformationfromanywhere,atanytime.
TosupportChapter7ANewSecurityArchitecturetoImproveBusinessAgility89this,weprovideaccesstocorporatee-mailandotherapplicationsfromemployee-ownedsmartphonesandtablets.
Somepeoplebelievethatinthefuture,alldeviceswillbeconsumer-owned,andthatenterpriseswillnolongerpurchasedevicesfortheirusers.
Ibelievethismightbethecaseinsomeworkenvironments,butIdoubtthatitwillsuitallorganizations.
Foracompanyprovidingcallcenterservices,withmostemployeesworkingfromhome,itmightmakesensethatemployeesexclusivelyusetheirownpersonalsystemsforwork.
Butthisstrategywouldbemoreriskyforafinancialservicescompanywhoseemployeeshandlehighlysensitiveinformationthat'ssubjecttoextensiveregulatoryrequirements.
Nevertheless,theconsumerizationtrendcontinuestogrowatIntelandotherorganizations.
Accordingly,we'llneedtoprovideemployeeswithalevelofaccesstoIntelresourcesfromanexpandingcontinuumofclientdevices,someofwhichhavemuchweakersecuritycontrolsthantoday'senterpriseclients(seesidebar).
CONSUMERIZINGENTERPRISEITAND"ENTERPRISING"THECONSUMERDiscussionsofITconsumerizationtendtodrawaclearlinebetweenbusinessdevicesthatcanbemanagedandtrusted,andpersonalconsumerdevicesthatareessentiallyunmanagedanduntrusted.
However,notallconsumerdevicesarecreatedequal.
Fromasecuritystandpoint,itmaybemorevaluabletothinkaboutadevice'scapabilitiesthantocategorizeitbasedsolelyonwhetherit'smarketedasanenterprisedeviceorapersonaldevice.
Thesecurityofadevicedependsontheinherentfeaturesofthehardware,operatingsystem,andapplications,andonwhetheritenablesustoaddfurthersecurityandmanageabilitycapabilitiesthatmitigatetherisksofenterpriseuse.
Asthevarietyofconsumerdevices,suchassmartphones,continuestoexpand,usersmaychoosefromdozensofmodelswithdifferentlevelsofsecuritycapabilities.
GreatersecurityandmanageabilitymeansthatITcanplacegreatertrustinthedeviceandprovideacorrespondinglygreaterlevelofaccesstoenterpriseresources.
Extendingthisideafurther,theinformationsecuritygroupcouldevaluatethesecurityofavailableconsumerdevicesandprovideguidanceaboutthelevelofenterpriseaccessthatuserswillbeallowedwitheachdevice.
Usersmayprefertobuyamoresecuredevicebecauseitwillprovidethemmoreaccess.
Withgreateraccess,theycanusethedeviceformoreoftheirdailyworkactivities.
Thisabilityinturnenablesthemtobemoreproductive.
Atthesametime,employeesincreasinglyexpecttohaveavailabletothematworkthetypesofconsumerservicesandcloudapplicationsthattheyuseintheirpersonallives.
Theseincludesocialcomputingapplicationssuchasblogsandwikis,video-sharingsites,andfile-sharingservices.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility90Weneedasecurityarchitecturethatenablesustomorequicklysupportnewdevicesandprovideaccesstoagreaterrangeofapplicationsanddata,withoutincreasingrisk.
Weneedtobeabletodynamicallyadjustthelevelsofaccessweprovideandthemonitoringweperform,dependingonthesecuritycontrolsoftheclientdevice.
NewBusinessNeedsNearlyallcompaniesnowrelyonagrowingnetworkofbusinesspartners,andconductmanyoftheirinteractionswiththosepartnersonline.
Intelisnoexception—wearedevelopinganincreasingnumberofsystemsforonlinecollaborationwithbusinesspartners.
Also,likemanycompanies,Intelisexpandingintonewmarketsthroughbothorganicgrowthandacquisitions.
Becauseofthesebusinesstrends,mostorganizationsneedtoprovideaccesstoabroaderrangeofusers,manyofwhomarenotemployees.
Manyalsoneedtobeabletosmoothlyintegrateacquiredcompaniesandprovidethemwithaccesstoresources.
Ingeneral,weneedtoquicklyprovidenewusersaccesswhileminimizingriskandprovidingselective,controlledaccessonlytotheresourcestheyneed.
CloudComputingMostorganizationsarealreadyusingcloudservicesinsomeformtoachievebenefitssuchasgreateragilityandlowercost.
Likemanycompanies,IntelITisimplementingaprivatecloudbasedonvirtualizedinfrastructure,andwearealsousingexternalcloudservicesfornoncriticalapplications.
Inthefuture,weexpectgreateruseofhybridcloudsthatusebothinternalandexternalresources.
ThistrendmeansthatITservicesatmanyorganizationswillbeprovidedbyamixtureoftraditionalandcloud-basedinternalandexternalservices.
Duringatypicalday,employeesmayaccessavarietyofdifferentservices,someofwhichareinternalandsomeexternal.
Ultimately,theyshouldbeabletoeasilymovebetweentheseserviceswithoutneedingtologinmultipletimesorevenknowwheretheservicesarelocated.
Securingaccesstocloud-basedservicespresentschallengesthataren'teasilyaddressedusingconventionalsecuritycontrols.
Incloudenvironments,systemsandtheirdataarevirtualizedandmaymigratedynamicallytodifferentnetworklocations.
Thismakesitdifficulttoeffectivelyrestrictaccessusingtraditionalsecuritycontrolssuchasfirewalls,whichrelyonfixedlocationsofsystemsandamorestaticnatureofthedata.
Weneedmuchmoregranularanddynamiccontrolsthatarelinkedtotheresourcesthemselvesratherthanjusttheirnetworklocation.
ChangingThreatLandscapeThethreatlandscapeisevolvingrapidly.
Increasingly,attackersaretakingastealthyapproach,creatingmalwarethatquietlygainsaccessandattemptstoremainundetectedinordertomaintainaccessovertime.
Asthenumberofthreatsincreasesandnewtypesofmalwareemerge,weneedtoassumethatcompromiseisinevitable.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility91Traditionalenterprisesecurityarchitectureshavereliedlargelyonpreventativecontrolssuchasfirewallslocatedatthenetworkperimeter.
However,ourprimaryfocushasshiftedtoprovidingcontrolledaccesstoabroaderrangeofusersanddevices,ratherthansimplypreventingaccess.
Inaddition,thecontinuallychangingthreatlandscapemakesitnecessarytoassumethatcompromisewilloccur.
Onceattackershavegainedaccesstotheenvironment,thepreventativecontrolstheyhavebypassedareworthless.
Althoughtheseperimetercontrolswillcontinuetohavesomevalue,weneedtoolsthatincreasetheabilitytosurviveandrecoveronceattackershavegainedaccesstotheenvironment.
PrivacyandRegulatoryRequirementsThegrowingemphasisonprivacyrequirementsandtheincreasinglycomplexregulatoryenvironmenthavemanyimplicationsforthewaywemanageinformation.
Someregulationscreatetheneedformorecontroloverwhereinformationisstoredandrequirespecificlevelsofprotectionandtracking.
Ourarchitecturemustprovidethisassurance,allowingustobuildahigh-securityenvironmentandaccesscontrolsappropriatefortheprotectionofhighlyregulatedinformation.
NewArchitectureTomeettheserapidlychangingrequirements,weneedahighlyflexibleanddynamicarchitecture.
Thearchitectureshouldenableustomorequicklyadoptnewdevices,usemodels,andcapabilities;providesecurityacrossanincreasinglycomplexenvironment;andadapttoachangingthreatlandscape.
AtIntel,weformedateamcharteredwithdesigningthisarchitecturefromscratch,takingafreshapproachtoenterprisesecurity,thendetermininghowtoimplementthisnewarchitectureacrossourexistingITenvironment.
Keygoalsincludehelpingincreaseemployeeproductivitywhilesupportingnewbusinessrequirementsandtechnologytrends,includingITconsumerization,cloudcomputing,andaccessbyabroaderrangeofusers.
Atthesametime,thearchitectureisdesignedtoreduceourattacksurfaceandimprovesurvivability—evenasthethreatlandscapegrowsincomplexityandmaliciousness.
Thearchitecturemovesawayfromthetraditionalenterprisetrustmodel,whichisbinaryandstatic.
Withthistraditionalmodel,auserisingeneraleithergrantedordeniedaccesstoallresources;oncegranted,thelevelofaccessremainsconstant.
Thenewarchitecturereplacesthiswithadynamic,multitieredtrustmodelthatexercisesmorefine-grainedcontroloveridentityandaccesscontrol,includingaccesstospecificresources.
Thismeansthatforanindividualuser,thelevelofaccessprovidedmayvarydynamicallyovertime,dependingonavarietyoffactors—suchaswhethertheuserisaccessingthenetworkfromahighlysecuremanageddeviceoranuntrustedunmanageddevice.
Thearchitecture'sflexibilityallowsustotakeadvantageoftrustthat'sbuiltintodevicesatahardwarelevel,aswellastrustinapplicationsandservices.
Increasingly,deviceswillincludehardware-enforcedsecuritydesignedtoensuretheintegrityoftheapplicationsanddataonthedevice.
ThearchitecturetakesthisintoaccountwhenChapter7ANewSecurityArchitecturetoImproveBusinessAgility92determiningwhethertoallowaccesstospecificresources—amore-trustedplatformcanbeallowedgreateraccessthanaless-trustedone.
Thearchitectureisbasedonfourcornerstones:TrustCalculation.
Thisuniqueelementofthearchitecturehandlesuseridentityandaccessmanagement,dynamicallydeterminingwhetherausershouldbegrantedaccesstospecificresourcesand,ifso,whattypeofaccessshouldbegranted.
Thecalculationisbasedonfactorssuchastheuser'sclientdeviceandlocation,thetypeofresourcesrequested,andthesecuritycontrolsthatareavailable.
SecurityZones.
Theinfrastructureisdividedintomultiplesecurityzonesthatprovidedifferentlevelsofprotection.
Theserangefromtrustednetworkzonescontainingcriticaldata,withtightlycontrolledaccess,tountrustedzonescontainingless-valuabledataandallowingbroaderaccess.
Communicationbetweenzonesiscontrolledandmonitored;thishelpsensureuserscanonlyaccesstheresourcesforwhichtheyhavebeenauthorizedandpreventscompromisesfromspreadingacrossmultiplezones.
BalancedControls.
Toincreaseflexibilityandtheabilitytorecoverfromasuccessfulattack,themodelemphasizestheneedforabalanceofdetectiveandcorrectivecontrolsinadditiontopreventativecontrolssuchasfirewalls.
Thisincludesafocusonbusinessintelligenceanalyticaltoolstodetectanomalouspatternsthatmayindicateattemptstocompromisetheenvironment.
UserandDataPerimeters.
Recognizingthatprotectingtheenterprisenetworkboundaryisnolongeradequate,weneedtotreatusersanddataasadditionalsecurityperimetersandprotectthemaccordingly.
Thismeansanincreasedfocusonuserawarenessaswellasdataprotectionbuiltintotheinformationassets.
I'lldescribeeachofthefourcornerstonesinmoredetail.
TrustCalculationThetrustcalculationplaysanessentialroleinprovidingtheflexibilityrequiredtosupportarapidlyexpandingnumberofdevicesandusagemodels.
Thecalculationenablesustodynamicallyadjustusers'levelsofaccess,dependingonfactorssuchasthedevicesandnetworkstheyarecurrentlyusing.
Itcalculatestrustintheinteractionbetweenthepersonordevicerequestingaccess(source)andtheinformationrequested(destination).
Thecalculationconsistsofasourcescoreandadestinationscore,takingintoaccountthecontrolsavailabletomitigaterisk.
AsshowninFigure7-1,theresultofthiscalculationdetermineswhethertheuserisallowedaccessandthetypeofaccessprovided.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility93Figure7-1.
Trustcalculation.
Source:IntelCorporation,2012SourceScoreTrustinthesource,orrequestor,iscalculatedbasedonthefollowingfactors:Who.
Theidentityoftheuserorservicerequestingaccessandourconfidencelevelintheauthenticationmechanismused—howconfidentarewethatusersarewhotheysaytheyareWhat.
Thedevicetype,itscontrolcapabilities,ourabilitytovalidatethosecontrols,andtheextenttowhichIntelITmanagesthedevice.
Where.
Theuser'sorservice'slocation.
Forexample,auserwhoisinsidetheIntelenterprisenetworkismoretrustedthanthesameuserconnectingthroughapublicnetwork.
Theremayalsobeotherconsiderations,suchasthegeographicalregionwheretheuserislocated.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility94DestinationScoreThisiscalculatedbasedonthesamethreefactors,buttheseareconsideredfromtheperspectiveofthedestination—theinformationthesourceistryingtoaccess:Who.
Theapplicationthatstorestherequesteddata.
Someapplicationscanenforcegreatercontrols,suchasenterpriserightsmanagement(ERM),andthereforeprovideahigherleveloftrust.
What.
Thesensitivityoftheinformationbeingrequestedandotherconsiderations,suchasourabilitytorecoveritifcompromiseoccurs.
Where.
Thesecurityzoneinwhichthedataresides.
AvailableControlsThetrustcalculationalsotakesintoaccountthesecuritycontrolsavailableforthezone.
Iftheonlycontrolsavailablearecontrolsthatsimplyblockorallowaccess,wemightdenyaccessduetolackofotheroptions.
However,ifwehaveextensivepreventativecontrolswithhighlygranularlevelsofaccess,detailedlogs,andhighlytunedsecuritymonitoring—aswellastheabilitytorecoverfromorcorrectproblems—thenwecanallowaccesswithoutcreatingadditionalrisk.
CalculatingTrustThetrustcalculationaddsthesourcescoreandthedestinationscoretoarriveataninitialtrustlevel.
Theavailablecontrolsarethenconsideredtomakeafinaldecisionaboutwhetheraccessisallowedand,ifso,how.
Thiscalculationisperformedbyalogicalentitycalledapolicydecisionpoint(PDP),whichispartoftheauthenticationinfrastructureandmakesaccesscontroldecisionsbasedonasetofpolicies.
Basedontheresultsofthiscalculation,thePDPmakesadecision,allocatingatrustlevelthatdetermineswhethertheusercanaccesstherequestedresourceandthetypeofaccessthatisallowed.
Broadly,thedecisionwillfallintooneofthefollowingcategories:AllowaccessDenyaccessAllowaccesswithlimitationsormitigationThistrustcalculationthereforeallowsustodynamicallyapplygranularcontroloveraccesstospecificresources.
Forexample,employeesusingIT-manageddeviceswithadditionalhardwarefeaturessuchasatrustedplatformmodule(TPM),globalpositioningsystem(GPS),andfulldiskencryptionwouldbeallowedaccesstomoreresourcesthanwhenusingdevicesthatlackthosefeatures.
EmployeesdirectlyconnectedtotheIntelnetworktypicallygetgreateraccessthanwhenusingapublicnetwork.
Ifweareunabletoverifythelocationofahigh-securitydevicesuchasamanagedPC,wewouldallowlessaccess.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility95Thetrustcalculationalsocanbeusedformorefine-graineddistinctionsbetweendifferentdevicemodels.
Forexample,wecouldprovidedifferentlevelsofaccessbasedonsmartphonemanageability,hardware-enabledauthenticationandencryption,andinstalledapplications.
Weanticipatesituationsinwhichthetrustlevelisnotadequatetoallowanyaccess,butthereisstillabusinessrequirementtoallowaconnectionortransactiontooccur.
Intheseconditions,theresultofthetrustcalculationcouldbeadecisiontoallowaccesswithlimitationsorwithcompensatingcontrolsthatmitigatetherisk.
Forexample,ausermightbeallowedread-onlyaccessormightbepermittedaccessonlyifadditionalmonitoringcontrolsareinplace.
We'reimplementingthistrustcalculationacrossIntel'senvironment.
Today,thetrustcalculationmakesdecisionsbasedoninformationgatheredfromcomponentsatmultiplelevelsoftheinfrastructure,suchasnetworkgateways,accesspoints,anduserdevices.
Oncethetrustcalculationmechanismisinplace,wecanextendittoincludeinformationfromabroaderrangeofsources.
Forexample,thecalculationmighttakeintoaccountthelevelofhardware-enforcedsecurityfeaturesbuiltintotheuser'sdevice.
Thiswouldallowustoprovidegreateraccesstouserswhohavemore-trusteddevices.
Thetrustcalculationcanbeusedtodetermineaccesstointernalsystemsbybusinesspartnersaswellasemployees.
Let'ssaywe'recollaboratingwithanothercompanyonthedesignofanewproduct.
Anengineeratthatcompanywantsaccesstoaspecificdocument.
Wecanaddavarietyofcriteriatothetrustcalculationfordecidingwhethertograntaccess.
Didtheengineer'srequestoriginatewithinthebusinesspartner'senterprisenetworkIsitconsistentwiththetypeofrequestthatwe'dexpectfromanengineerIfso,wehaveahigherleveloftrustintherequestor.
Ifwecannotestablishanadequateleveloftrustintheuser'sdevice,butotherfactorsprovideenoughconfidencetograntaccess,wemightprovideone-timeaccessforaspecificjob.
Wecoulddothisbyallowingadocumenttobedownloaded,butonlywithinacontainerthatensuresthedocumentiscompletelyremovedfromtheuser'sdeviceoncethejobiscompleted.
Longerterm,thetrustcalculationcouldbecomeamechanismthatisusedtodetermineaccesstobothinternalandexternalresources.
IntelIT,likemanycompanies,isusingsomeexternalcloud-basedapplications,whiledevelopinganinternalprivatecloudformostapplications.
Inthefuture,weanticipategreateruseofahybrid-cloudapproach.
Thetrustcalculationcouldbeusedtomanageidentityandaccessforboth.
SecurityZonesThearchitecturedividestheITenvironmentintomultiplesecurityzones.
Theserangefromuntrustedzonesthatprovideaccesstolessvaluabledataandlessimportantsystemstotrustedzonescontainingcriticaldataandresources.
Becausethehigher-trustzonescontainmorevaluableassets,theyareprotectedwithagreaterdepthandrangeofcontrols,andwerestrictaccesstofewertypesofdevicesandapplications,asshowninFigure7-2.
However,devicesallowedaccesstohigher-trustzonesalsohavemorepower—theymaybeabletoperformactionsthatarenotallowedwithinlower-trustzones,suchascreatingormodifyingenterprisedata.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility96Aligningtheinfrastructureinthisfashionprovidesanexcellentwaytoright-sizesecuritycontrolssothatsecurityresourcesareutilizedeffectively.
Italsohelpsimprovetheuserexperiencebyenablingemployeestochoosefromawiderrangeofdevices,suchassmartphones,forlower-riskactivities.
Accesstozonesisdeterminedbytheresultsofthetrustcalculationandiscontrolledbypolicyenforcementpoints(PEPs).
PEPsmayincludearangeofcontrols,includingfirewalls,applicationproxies,intrusiondetectionandpreventionsystems,authenticationsystems,andloggingsystems.
Communicationbetweenzonesistightlyrestricted,monitored,andcontrolled.
WeseparatezonesbylocatingthemondifferentphysicalorvirtualLANs;PEPscontrolcommunicationbetweenzones.
Thismeansthatifonezoneiscompromised,wecanpreventtheproblemfromspreadingtootherzonesorincreaseourchancesofdetectionifitdoesspread.
Inaddition,wecanusePEPcontrols,suchasapplicationproxies,toprovidedevicesandapplicationsinlower-trustzoneswithlimited,controlledaccesstospecificresourcesinhigher-trustzoneswhenrequired.
Thearchitectureincludesthreeprimarycategoriesofsecurityzone:untrusted,selective,andtrusted.
Withinthezones,therearemultiplesubzones.
UntrustedZonesThesezoneshostdataandservices(ortheinterfacestothem)thatcanbeexposedtountrustedentities.
Thisallowsustoprovidewidespreadaccesstoalimitedsetofresourcesfromnon-managedconsumerdevices,withoutincreasingtherisktohigher-valueresourceslocatedinotherzones.
Untrustedzonesmightprovideaccesstoenterpriseresources,suchascorporatee-mailandcalendars,ortheymightsimplyprovideInternetaccess.
Figure7-2.
Asthevalueofanassetincreases,thedepthandspanofcontrolsincrease,whilethenumberofalloweddevices,applications,andlocationsdecrease.
Source:IntelCorporation,2012Chapter7ANewSecurityArchitecturetoImproveBusinessAgility97Thesezonesareregardedas"sharktanks,"withahighriskofattackandcompromise.
Therefore,detectiveandcorrectivecontrolsareneededtomitigatethisrisk.
Thesecontrolsmightincludeahighlevelofmonitoringtodetectsuspectactivityandcorrectioncapabilitiessuchasdynamicremovalofuserprivilege.
Weanticipateaneedtoprovidecontrolledaccessfromthesezonestoresourcesinhigher-trustzones.
Forexample,anemployeeusinganuntrusteddevicemightbeallowedlimited,read-onlyaccesstocustomerdatalocatedinatrustedzone;ortheirdevicemightneedaccesstoadirectoryserverinatrustedzonetosende-mail.
Weexpecttoprovidethiscontrolledaccessusingapplicationproxies.
Theseproxiesactassecureintermediaries—evaluatingtherequestfromthedevice,gatheringtheinformationfromtheresourceinatrustedzone,andpassingittothedevice.
SelectiveZonesSelectivezonesprovidemoreprotectionthanuntrustedzones.
Examplesofservicesinthesezonesincludeapplicationsanddataaccessedbycontractors,businesspartners,andemployees,usingclientdevicesthataremanagedorotherwiseprovidealeveloftrust.
Selectivezonesdonotcontaincriticaldataorhigh-valueIntelintellectualproperty.
Severalselectivesubzonesprovideaccesstodifferentservicesorusers.
TrustedZonesTrustedzoneshostcriticalservices,data,andinfrastructure.
Theyarehighlysecuredandlockeddown.
Examplesofserviceswithinthesezonesareadministrativeaccesstodatacenterserversandnetworkinfrastructure,factorynetworksanddevices,enterpriseresourceplanning(ERP)applications,anddesignengineeringsystemscontainingintellectualproperty.
Accordingly,wemightonlyallowdirectaccesstotheseresourcesfromtrustedsystemslocatedwithintheenterprisenetwork,andallaccesswouldbemonitoredcloselytodetectanomalousbehavior.
AtIntel,wehaveimplementedsecurehigh-trustzonesaspartofourtransitiontoanenterpriseprivatecloud.
Implementingthesezoneswasakeystepinallowingustomoveseveralcategoriesofapplicationontovirtualizedcloudinfrastructure,includinginternalapplicationsrequiringhighsecurity,aswellasexternallyfacingapplicationsusedtocommunicatewithbusinesspartners.
Thesecurityfeaturesinthesetrustedzonesincludeapplicationhardeningandincreasedmonitoring.
Wecontinuetoaddfurthersecuritycapabilitiesovertime.
NEWSECURITYARCHITECTUREINACTION:ADAYINTHELIFEOFANEMPLOYEEThisexample(illustratedinFigure7-3)describeshowthenewsecurityarchitectureenablestheIntelsalesforcetoaccesstheinformationtheyneedinthecourseofaday.
Atthesametime,thearchitectureprotectsIntel'ssecuritybydynamicallyadjustingthelevelofaccessprovided,basedontheuser'sdeviceandlocation,andbymonitoringforanomalousbehavior.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility98Theemployeetravelstoacustomersite.
Theemployeeisusingapersonalsmartphonewithlimitedsecurityfeaturesandsoisallowedaccessonlytoservicesinuntrustedzones.
Fromhere,theemployeecanviewlimitedcustomerinformation,includingrecentorders,extractedfromanenterpriseresourceplanning(ERP)systeminatrustedzone—butonlythroughanapplicationproxyserver,whichprotectsthetrustedzonebyactingasanintermediary,evaluatinginformationrequests,accessingtheERPsystem,andrelayingtheinformationtotheuser.
Ifasmartphonerequestsanabnormallylargenumberofcustomerrecords—anindicationthatitmayhavebeenstolen—furtheraccessfromthesmartphoneisblocked.
Tohelpunderstandthereasonfortheanomalousaccess,thereisincreasedmonitoringoftheemployee'sattemptstoaccessthesystemfromanydevice.
Theemployeereachesthecustomersiteandlogsintotheenterprisenetworkfromacompany-ownedmobilebusinessPC.
Becausethisdeviceismoretrusted,theemployeenowhasaccesstoadditionalcapabilitiesavailableinselectivezones,suchastheabilitytoviewpricingandcreateordersthatarerelayedbyanapplicationproxytotheERPsysteminatrustedzone.
Figure7-3.
Thenewsecurityarchitecturedynamicallyadjuststheuser'saccesstoinformation,basedonfactorssuchastheuser'sdeviceandlocation.
Source:IntelCorporation,2012Chapter7ANewSecurityArchitecturetoImproveBusinessAgility99Theemployeereturnstothecompany'sofficeandconnectstothecorporatenetwork.
NowtheemployeeisusingatrusteddevicefromatrustedlocationandhasdirectaccesstotheERPsysteminatrustedzone.
BalancedControlsOverthepastdecade,enterprisesecurityhasfocusedheavilyonpreventativecontrolssuchasfirewallsandintrusionpreventionsystems.
Thisapproachoffersclearbenefits:itislessexpensivetopreventanattackthantocorrectproblemsafteronehasoccurred,anditiseasytoseewhenfirewallshavesuccessfullypreventedanattemptedcompromise.
However,thenewsecuritymodelrequiresthatwebalancepreventativecontrolswithdetective(monitoring)andcorrectivecontrols,forseveralreasons.
First,thefocusofthenewmodelisonenablingandcontrollingaccessfromawiderrangeofusersanddevices,ratherthanonpreventingaccess.
Second,thecontinuallychangingthreatlandscapemakesitnecessarytoassumethatcompromisewilloccur;allpreventativecontrolswilleventuallyfail.
Onceattackershavegainedaccesstotheenvironment,thepreventativecontrolstheyhavebypassedareworthless.
Byincreasingtheuseofdetectivecontrolsandimplementingmoreaggressivecorrectivecontrols,wecanmitigatetheriskofallowingbroaderaccess.
Thesecontrolsalsoincreaseourabilitytosurviveandrecoverfromasuccessfulattack.
USINGSECURITYBUSINESSINTELLIGENCETODETECTSUSPICIOUSBEHAVIORLikeanylargeorganization,Intelhasexperiencedsecurityissuesinvolvingbothexternalattackersandinsiders,includingattemptstostealintellectualproperty.
Aswe'veinvestigated,wehaveidentifiedmarkersandindicatorsthatarefrequentlyassociatedwiththeseevents.
Werealizedthatifwehadbeenabletospottheseindicatorssooner,wecouldhaverespondedandmitigatedthethreatsmorequickly.
Securitybusinessintelligenceisakeytechnologythatwecanusetodetectsuspiciousbehaviorastheenvironmentbecomesmorecomplexandattackersbecomemoreadeptatconcealingcompromises.
Analyticaltoolsautomatetheprocessofanalyzinglargevolumesofdatatodetectandmonitoranomalousactivity,allowingustodetectproblemsthatwemightotherwisemiss.
Thesecapabilitiesaresimilartothosealreadyimplementedbyfinancialinstitutionstopreventfraudulentcredit-cardtransactions,andbyonlineconsumerservicestopreventtheftofuserdata.
Banksmonitoraccessattemptsandonlinetransactionstodeterminewhethertotrusttheuser'sidentityandwhethertoallowtheuser'sactivity.
Iftheuseristryingtotransferalargesumtoanexternalaccount,thebank'ssystemsmaycomparethetransactionwiththeuser'spreviousbehaviortoseeifitappearstobeabnormal.
Tomitigaterisk,thebankmaydelaylargetransferssoitcanperformadditionalanalysisandinformtheaccountownerbye-mail.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility100Inasimilarway,wecanusesecuritybusinessintelligence—analysisandcorrelationofdatagatheredbymonitoring—toanalyzepatternsofbehavior.
Thiscandetectandthwartpossibleattacks.
Onalargescale,loggingdatageneratedbyserversandsensorsacrossthenetworkcanbecollectedintoadatabaseforanalysis.
AtIntel,weareusinganalytictoolstocorrelatethisaggregateddataandflaganomaliesforfurtherinvestigation.
Forexample,iftrafficwithinaserverclusterbecomesabnormallyhigh,itmightindicatethatabotnetisexploitingoneoftheserverstobroadcasttrafficacrosstheWeb.
Securitybusinessintelligencecanalsobeappliedatthelevelofindividualusersanddevices.
AtIntel,we'reimplementingmonitoringtechnologythattracksusers'loginsandaccessattempts,asIdescribedinChapter5.
Ourstrategyistomakelogininformationavailabletouserssothattheycanhelptospotunauthorizedaccessattempts.
Inthefuture,Ienvisagethatthesystemcouldanalyzeusers'historicalbehaviorpatternstodeterminehowtorespondwhenusersrequestaccesstoresources.
Thesystemcouldcomparetherequestwiththeuser'spreviousactions:whathaveyoudonebefore,andisthisrequestconsistentwiththosebehaviorsorisitananomalyandthereforesuspiciousIftherequestappearsconsistentwithpreviousbehavior,thesystemwouldpasstherequesttothetrustcalculation;ifitappearsanomalous,thesystemmightdenytherequestandalertthesecurityteam.
WithinIntel,wehavealsodeployedadashboardthatprovidesgranularinformationaboutinfectedclientsandservers,boostingourabilitytointervenequicklyandaccurately.
Duetooureffortstodetectandremovemalwarebeforeinfectionsoccur,weachieveda33percentreductioninmalwareimpactsin2011,despiteexperiencinga50percentincreaseinthenumberofvariants(Intel2012a).
Wealsoplantoaddapredictiveenginethatenablesproactiveprotectionandsimulationsthatcanimproveourabilitytorespondtothreats.
Thebalancebetweenpreventative,detective,andcorrectivecontrolswillvary,dependingonthesecurityzone.
Inhigh-trustzones,weimplementextensivemonitoringtodetectpossibleattemptstostealdataorcompromisecriticalsystems.
Redundancywithineachtypeofcontrolcanbeusedtoprovideadditionalprotection.
Thefollowingincludespossibleexamplesofusingdetectiveandpreventativecontrols:AnIntelemployeeattemptstosendaconfidentialdocumenttoanon-Intele-mailaddress.
Monitoringsoftwaredetectstheattempt,preventsthedocumentfrombeingsentoutsidethefirewall,andaskstheIntelemployeeifheorshereallyintendedtodothis.
Iftheemployeeconfirmsthatthiswasintended,thedocumentmaybetransmitted—orifthedocumentishighlysensitive,aredactedversionmaybesent.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility101Inappropriateuseofadocumentprotectedwithenterpriserightsmanagementtechnologyresultsinrevocationofaccesstothedocument.
Thesystemallowsaccesstospecificdocumentsbuttrackstheactivity.
Ausercandownloadafewdocumentswithoutcausingconcerns.
However,iftheuserattemptstodownloadhundredsofdocuments,thesystemslowsdownthespeedofdelivery(forinstance,onlyallowingtentobecheckedoutatatime)andalertstheuser'smanager.
Ifthemanagerapproves,theuserisgivenfasteraccess.
Thedetectionofaninfectedsystemplacesthesystemonaremediationnetwork,isolatingthesystemandrestrictingaccesstoenterpriseinformationandapplications.
Thesystemmayretainsomeabilitytoaccesscorporateassets,butallactivityiscloselyloggedtoenableincidentresponseifnecessary.
Whenasystemisfoundtobecompromised,weexamineallitsrecentactivitiesandinteractionswithothersystems.
Additionalmonitoringofthosesystemsisautomaticallyenabled.
UsersandData:TheNewPerimetersTheconceptofbalancedcontrolsalsoextendstotheprotectionofusersanddata.
Traditionalnetworksecurityboundariesaredissolvingwiththeproliferationofnewdevicesandusers'expectationsthattheyshouldbeabletoaccessinformationfromanywhereatanytime.
Usersareunderdirectassaultfromabarrageofattacksdesignedtotrickthemintotakingactionsthatcancompromisetheinformationontheirdevicesoronenterprisesystems.
Thesetrendsmeanthatweneedtothinkmorebroadlyabouthowweprotectinformation,aswellastheusersofthisinformation.
Whilewecontinuetoimplemententerprisenetworkcontrols,suchasperimeterdefensesandthedetectivecontrolsdescribedearlier,weneedtosupplementthesecontrolswithafocusontheusersandontheprimaryassetswearetryingtoprotectsuchasintellectualproperty.
Thenewarchitecturethereforeexpandsourdefensestotwoadditionalperimeters:thedataitselfandtheuserswhohaveaccesstothedata.
DataPerimeterImportantdatashouldbeprotectedatalltimes—whenitiscreated,stored,andtransmitted.
Thisbecomesincreasinglychallengingaswemovedatatomoreandmoredevicesandletmorepeopleaccessit.
Howdoweprotectinformationwhenit'slocatedoutsidethephysicalperimeteronapersonaldeviceAtIntelIT,we'reimplementingtechnologiesthatcloselyintegrateprotectionwithhigh-valuedatasothatthedataremainsprotectedasitmovestodifferentdevicesandlocations.
Technologies,suchasenterpriserightsmanagementanddataleakprevention,canbeusedtowatermarkandtaginformationsothatwecantrackandmanageitsuse.
Withenterpriserightsmanagement,thecreatorofadocumentcandefineexactlywhoChapter7ANewSecurityArchitecturetoImproveBusinessAgility102hasaccessrightsthroughoutthelifeofthedocumentandcanrevokeaccessatanypoint.
Datalosspreventionisusedtotagdocuments,tracktheirmovements,andpreventtransferoutsidetheorganizationifnecessary.
UserPerimeterAsIdescribedinChapter5,peoplearepartofthesecurityperimeter,andweneedtotreatthemassuch.
Userscanbecomesecurityrisksforavarietyofreasons.
Theyaretargetedmorefrequentlyinsocialengineeringattacks,andtheyaremorevulnerabletotheseattacksbecausetheirpersonalinformationisoftenreadilyavailableonsocialnetworkingsites.
Theymayalsoclickmaliciouslinksine-mail,downloadmalware,orstoredataonportabledevicesthatthenarelost.
AtIntel,we'vefoundthatacombinationoftraining,incentives,andotheractivitiescanhelpinstillinformationsecurityandprivacyprotectionintothecorporatecultureandsuccessfullyencouragesemployeestoownresponsibilityforprotectingenterpriseandpersonalinformation.
We'veseenoureffortspayoff,withemployeescallingthehelpdeskorsendinge-mailalertswhentheynoticesomethingthatdoesn'tseemright.
Asdiscussedinthesidebar("UsingSecurityBusinessIntelligencetoDetectSuspiciousBehavior"),ourstrategyalsoincludesmakingaccountaccesslogsavailabletouserssothattheycanhelpspotunauthorizedaccessattempts.
ConclusionThischapterdescribesanewarchitecturedesignedtosupporttheProtecttoEnablemission.
Itsgoalistoallowfasteradoptionofnewservicesandcapabilitieswhileimprovingsurvivability.
AtIntel,webelievethatthisarchitecturecanbeusedtomeetabroadrangeofevolvingrequirements,includingnewusagemodelsandthreats.
Becauseofthis,weareworkingtoingrainthismodelintoallaspectsofIntelIT,fromdevelopmenttooperations.
We'vealreadyusedaspectsofthearchitecturetoprovidesolutionstochallengingusecases,whileactuallyreducingrisk.
Forexample,we'vebeenabletomoveimportantinternalandInternet-facingapplicationstoaprivatecloudbyutilizinghigh-trustzones.
We'vesuccessfullyusedvariousapproachestoprotecttheuseranddataperimeters.
Wealsousedbalancedcontrolsandtrustzonestoenablenetworkaccessfromemployee-owneddevices.
Insomecases,projectshaveseentheirsecurityoverheaddecreasebyadoptingthismodel.
Ibelievethatthearchitecturecouldprovidesimilarvaluetootherorganizationsfacingsimilarchallenges.
Bypublishinginformationaboutthearchitecture,wehopetoencourageotherstotakeadvantageofthisarchitecturewhereveritmeetstheirneeds.
Wealsohopethatmakingthisinformationavailablewillstimulatemorediscussionandideas,andthatotherswillbuildontheseconceptstocreatefurtherinnovationsthatbenefitallofus.
目前国内云计算市场竞争异常激烈,尤其是国内的腾讯云、阿里云、景安等商家促销活动一波接一波的进行,对于有需要的用户确实得到不小的实惠。但是这样给予国内的主机商确实是比较大的打击,毕竟这些商家的背景和实例强劲,即便是贴本补贴优惠,也是不怕的。前两年阿里一家各种活动促销,确实在国内市场占据主要的市场地位,腾讯云开始两年没有较大的吸引用户,不过这两年的发展还是比较稳健的。我们很多网友在之前肯定也享受到一些...
RAKsmart 虽然是美国主机商,但是商家的主要客户群还是在我们国内,于是我们可以看到每次的国内节日促销活动期间商家也会发布促销。包括这次年中大促活动,RAKsmart商家也有发布为期两个月的年终活动,其中有商家擅长的独立服务器和便宜VPS主机。服务器包括站群服务器、特价服务器、高达10G带宽不限制流量的美国服务器。商家优惠活动,可以看到对应商品的优惠,同时也可以使用 优惠码 RAKBL9 同时...
Hostiger商家我们可能以前也是有见过的,以前他们的域名是Hostigger,后来进行微调后包装成现在的。而且推出Columbus Day哥伦布日优惠活动,提供全场的VPS主机首月7折月付2.79美元起的优惠。这里我们普及一下基础知识,Columbus Day ,即为每年10月12日,是一些美洲国家的节日,纪念克里斯托弗·哥伦布在北美登陆,为美国的联邦假日。Hostiger 商家是一个成立于2...
partnersonline为你推荐
安徽汽车网安徽汽车票查询杨紫别祝我生日快乐周杰伦的祝我生日快乐这首歌有什么寓意或者是在什么背景下写的www.kkk.comwww.kkk103.com网站产品质量有保证吗嘀动网手机一键通用来干嘛呢?www.qq530.com谁能给我一个听歌的网站?777k7.comwww 地址 777rv怎么打不开了,还有好看的吗>com51sese.comwww.51xuanh.com这是什么网站是骗人的吗?www.niuav.com在那能找到免费高清电影网站呢 ?www.niuav.com给我个看电影的网站www.javmoo.comJAV编程怎么做?
美国翻墙 12306抢票攻略 e蜗牛 qq数据库下载 anylink 699美元 泉州电信 厦门电信 lamp怎么读 空间服务器 江苏徐州移动 服务器防御 forwarder globalsign hosts文件 最年轻博士 魔兽世界服务器维护 web服务器下载 代理服务器是什么 防盗报警主机 更多