Brian Contos on detecting rootkits with hardware-based securityDate: Jul 09, 2012
In this video interview, Brian Contos, senior director of emerging markets at Santa Clara, Calif.-based McAfee Inc., discusses a variety of important information security issues with SearchSecurity.com News Director Rob Westervelt.
Looking at next generation SIEM systems, Contos foresees more intelligence SIEM products that pull data in from endpoint controls and data controls. This will enable security pros to delve into an individual user’s activity when investigating a security incident. Contos believes SIEM products will essentially serve as feeds into a higher level of security management.
On the subject of hardware-based security, Contos describes the DeepSAFE framework, co-developed by McAfee and its parent company Intel Corp., which all vendors can utilize via an API. Contos notes that many attacks use rootkits to get below the operating system and hide malware, so most security products can’t see the malware. The DeepSAFE API, Contos says, can be loaded before the operating system and drivers, detecting rootkits so the security team can remove them.
Finally, Contos describes his view of the evolution of security. Years ago, many enterprise security investments were reactionary, as organizations bought security control products following an attack or breach. Later, compliance regulations drove organizations to make security investments in order to appease auditors. Now, Contos believes organizations are in an optimization stage, looking to optimize the investments they’ve already made to embrace new trends. As an example, Contos points to organizations that already have virtual desktop infrastructure (VDI) environments or network access control (NAC) products in place and are now using these tools to support BYOD (bring your own device) policies.