disrupt hackers with robust user authentication
TRANSCRIPT
DISRUPT THE HACKERS With Robust User Authentication
Yasser Rasheed Global Director of Endpoint Security Products, Intel Corporation
November 2017
2
SECURITY IS A GROWING CONCERN; ARE YOU PREPARED FOR NEW REGULATIONS? “There are only two types of companies: those that have been hacked, and those that do not know they’ve been hacked.” ~ Robert Mueller, ex-FBI Director
1,378,509,261Number of data records compromised in 20163
$141 PER RECORDThe average cost per lost or stolen data record in 20172
31,000,000Of hacking-related breaches involved stolen and/or weak passwords1
81%
4.2% Encryption used in only 4.2% and the stolen data was rendered useless.3
Of incidents result from exploits in software490%
SHAREPRICE
Data breaches have caused an average fall in share prices, on a permanent basis6
New malware counts grew from 24M in Q4’16 to 31M in Q1’175
1: Verizon 2017 Data Breach Investigations Report2: Security Intelligence, Cost per record
3: 2016 Gemalto Breach Statistics
4: CSO, Application Security Research, US Department of Homeland Security5: McAfee, June 2017 Quarterly Threat Report
6: Fortune, Cyber Breach Shareholder Damage
THE ANATOMY OF A BREACH …
3
CIO/CISO priorities:• Identity protection
• Data protection
• Threat detection/prevention
• Recovery from breaches
Is Software-Based Security Sufficient?Can Hardware-Based Security CHANGE THE GAME?
4
WHY HARDWARE-BASED SECURITY?
T H E F I R M WA R E L AY E R
T H E S O F T WA R E L AY E R
T H E S I L I CO N L AY E R
• Creative and open by design• A more visible surface for tampering
• Tightly closed by design• Farther from sight, further from reach
• Talks to software, but hides things• Makes tampering far more difficult
5
ELEMENTS OF A COMPREHENSIVE SECURITY STACK
Secure Platform Foundation(Rooted in the Hardware for best protection)
Thre
at Behavioral Threat Detection and Prevention
Dat
a HW-based, IT-policy managed, File & folder encryption
Iden
tity
HW-based, IT-policy managed, Multi-factor Authentication (MFA)
Rec
over
y
Quick reset to known configuration Remote recovery automation
Comprehensive End-Point Security
Best when rooted in Hardware(Goal: Designing out Software Attacks)
6
MULTI-FACTOR AUTHENTICATION
Something you Know
Bluetooth Devices
Something you Have
Something you Are
ATTACKS ON SINGLE FACTOR/BIOMETRICS SYSTEMS
Fake Biometric
Replay old data
Modify theTemplate
Intercept the channel
Sensor FeatureExtractor
Access to resourcesMatcher
Stored template
Override feature extractor
Override matcher
Override Decision/token
Source: http://perso.telecom-paristech.fr/~chollet/Biblio/Articles/Domaines/BIOMET/ratha.pdf
MULTI-FACTOR AUTHENTICATION SYSTEMS
Sensor FeatureExtractor Matcher
Stored template
Sensor FeatureExtractor Matcher
Stored template
Sensor FeatureExtractor
Access to resources
Matcher
Stored template
Policy Decision
Point
IT/InfoSecPolicy
9
COMPREHENSIVE IDENTITY AND ACCESS PROTECTION
MANAGED ENTERPRISE
“HARDENED”Data & Certificate
Management
“HARDENED”Authentication &
Factors
“HARDENED”IT Policy
Management
10
CASE STUDY: INTEL® AUTHENTICATEHardware-based, IT policy-managed, multifactor authentication solution
IO MEMORY NETWORK DISPLAY
HARDWARE
OPERATING SYSTEM
APPLICATIONS
Network Devices
Console
IT ConsoleOS & Domain login VPN login
Clie
nt
Intel® Authenticate
BiometricsLocationBluetooth ProximityPIN
- SCCM- Active Dir.
McAfee ePO
Walk-Away Lock
User Presence
IT Policy(plugins)
• Critical security processes performed below the OS
• IT policies securely provisioned, stored and enforced in HW
• Virtual smart card authentication for end-to-end protection
Intel® Authenticate protects factors, credentials, policies, and decisions in hardware
LEARN MORE:
WWW.INTEL.COM/ENDPOINTSECURITY