Brian Contos on detecting rootkits with hardware-based security

Brian Contos on detecting rootkits with hardware-based security

Date: Jul 09, 2012

In this video interview, Brian Contos, senior director of emerging markets at Santa Clara, Calif.-based  McAfee Inc., discusses a variety of important information security issues with SearchSecurity.com News Director Rob Westervelt.

Looking at next generation SIEM systems, Contos foresees more intelligence SIEM products that pull data in from endpoint controls and data controls. This will enable security pros to delve into an individual user’s activity when investigating a security incident. Contos believes SIEM products will essentially serve as feeds into a higher level of security management.

On the subject of hardware-based security, Contos describes the DeepSAFE framework, co-developed by McAfee and its parent company Intel Corp., which all vendors can utilize via an API. Contos notes that many attacks use rootkits to get below the operating system and hide malware, so most security products can’t see the malware. The DeepSAFE API, Contos says, can be loaded before the operating system and drivers, detecting rootkits so the security team can remove them.

Finally, Contos describes his view of the evolution of security. Years ago, many enterprise security investments were reactionary, as organizations bought security control products following an attack or breach. Later, compliance regulations drove organizations to make security investments in order to appease auditors. Now, Contos believes organizations are in an optimization stage, looking to optimize the investments they’ve already made to embrace new trends. As an example, Contos points to organizations that already have virtual desktop infrastructure (VDI) environments or network access control (NAC) products in place and are now using these tools to support BYOD (bring your own device) policies.

More on Malware, Viruses, Trojans and Spyware

  • canderson

    Point-of-sale security: Targeted malware, Windows XP cause problems

    VIDEO - Video: Sophos' Chester Wisniewski explains why targeted malware and the presence of Windows XP are the biggest threats to point-of-sale security.
  • canderson

    How to mitigate the risk of Web malware infections with separation

    VIDEO - Web malware is a significant threat to systems. This video explains how separation effectively reduces the risk of damage from Web-borne malware.
  • canderson

    How to analyze malware with REMnux's reverse-engineering malware tools

    VIDEO - Video: Keith Barker of CBT Nuggets demonstrates how to use the free reverse engineering malware tools in REMnux to analyze malware in apps and PDFs.
  • equipment destruction attack

    Definition - An equipment destruction attack, also known as a hardware destruction attack, is an exploit that destroys physical computer and electronic equipment. Equipment destruction attacks can be enabled simply as a result of physical access to the computer hardware, along with a tool for attack – which could also be as simple as a hammer or a cup of coffee. However, remotely-initiated malware can also be used to destroy computer equipment.
  • domain generation algorithm (DGA)

    Definition - A domain generation algorithm or DGA is a computer program used to create domain names, typically for the purpose of propagating remotely controlled Web-based malware.
  • pre-installed malware

    Definition - Pre-installed malware is malicious software that is put on a machine before it is delivered to the user. New devices are usually assumed to be uncompromised but there are numerous reports of malware existing on new hardware.
  • P2P malware detection techniques

    Answer - The amount of malware using peer-to-peer communications has increased dramatically. Enterprise threats expert Nick Lewis explains how to detect P2P malware.
  • Sandbox evasion: How to detect cloaked malware

    Answer - Cloaked malware, like DGA.Changer, can reportedly evade sandbox detection. Nick Lewis explains how to handle the risk.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: