Brian Contos on detecting rootkits with hardware-based security

Brian Contos on detecting rootkits with hardware-based security

Date: Jul 09, 2012

In this video interview, Brian Contos, senior director of emerging markets at Santa Clara, Calif.-based  McAfee Inc., discusses a variety of important information security issues with SearchSecurity.com News Director Rob Westervelt.

Looking at next generation SIEM systems, Contos foresees more intelligence SIEM products that pull data in from endpoint controls and data controls. This will enable security pros to delve into an individual user’s activity when investigating a security incident. Contos believes SIEM products will essentially serve as feeds into a higher level of security management.

On the subject of hardware-based security, Contos describes the DeepSAFE framework, co-developed by McAfee and its parent company Intel Corp., which all vendors can utilize via an API. Contos notes that many attacks use rootkits to get below the operating system and hide malware, so most security products can’t see the malware. The DeepSAFE API, Contos says, can be loaded before the operating system and drivers, detecting rootkits so the security team can remove them.

Finally, Contos describes his view of the evolution of security. Years ago, many enterprise security investments were reactionary, as organizations bought security control products following an attack or breach. Later, compliance regulations drove organizations to make security investments in order to appease auditors. Now, Contos believes organizations are in an optimization stage, looking to optimize the investments they’ve already made to embrace new trends. As an example, Contos points to organizations that already have virtual desktop infrastructure (VDI) environments or network access control (NAC) products in place and are now using these tools to support BYOD (bring your own device) policies.

More on Malware, Viruses, Trojans and Spyware

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: