Once again, I’ve attended the CERIAS Security Symposium held on the campus of Purdue University. This is the first of several posts summarizing the talks I attended.
The opening keynote was delivered by Todd Gebhart, the co-president of McAfee, Inc. Mr. Gebhart opened by reminding the audience that a “certain individual” who happens to share a name with the company is no longer involved with the McAfee corporation. Gebhart set the stage by addressing why McAfee employees go to work every day. The company focuses on protecting four areas: personal, business, government, and critical infrastructure.
The nature of security has changed over the years. In 1997, updates to antivirus subscriptions were physically mailed on disk to McAfee customers every three months. 17,000 known pieces of malware had been identified. Today, a growth in the number of connected devices has spurred a growth in malware. McAfee estimates one billion devices are connected to the Internet today, a number which is forecast to grow to 50 billion by 2020. Despite improvements in security procedures and products, the rate of growth in malware does not appear to be slowing.
The growth rate is greatest for mobile devices, where “only” 36,000 unique pieces of malware are known to exist (according to a preliminary study, 4% of all mobile apps are designed with mal intent). Consolidation of mobile operating systems into two main players (iOS and Android) has made it easier for malware writers. The nature of the threat on mobile has changed as well. Whereas desktop and server-based attacks were often about gaining control of or denying service to a machine, mobile threats are more focused on the loss of data and devices. The addition of WiFi, while of considerable benefit to users, has opened up a whole new realm of attack vectors that did not exist a few years ago.
Gebhart gave a brief survey of current malware threats in the four sectors listed above. He noted that attacks are no longer about machines; they’re about people and organizations. Accordingly, spam and botnets are becoming less of a concern in favor of malicious URLs. Behavior- and pattern-based attacks allow bad actors to focus their efforts more efficiently, and the development of Hacker-as-a-Service (HaaS) offerings allows for attackers with little-to-no technical knowledge.
The evolving threat has lead to greater awareness among non-technical business leaders. Security companies are now having discussions not only with technical leadership in organizations, but also with high level business and government leaders.
The industry is evolving to face the new and emerging threats. The use of real-time data to make real-time decisions can improve the response to attacks, or perhaps prevent them. Multi-organization cooperation can help defend against so-called “trial-and-error” attacks. Cloud-based threat intelligence allows McAfee to analyze malware traffic across 120 million devices worldwide. Hardware and software vendors are working together (or in the case of Intel, buying McAfee) to develop systems that can detect malware at the hardware interaction layer.
Gebhart closed by saying “it’s an exciting time to be in security” and noting that his company is always looking for talented security researchers and practitioners.
Other posts from this event:
Pingback: CERIAS Recap: Panel #1 « Blog Fiasco
Pingback: CERIAS Recap: Thursday keynote « Blog Fiasco
Pingback: CERIAS Recap: Panel #3 « Blog Fiasco
Pingback: CERIAS Recap: Featured Commentary and Tech Talk #3 « Blog Fiasco
Pingback: CERIAS Recap: Fireside Chat « Blog Fiasco