One of the basic problems confronting enterprise security is that malicious actors have more attack techniques available than defenders have detections for them.
This reality was confirmed earlier this year when a security industry report found that enterprise security information and event management tools or SIEMs had detections for only 38 out of over 200 MITRE-identified attack techniques.
Intel’s Rick Echevarria and Dell’s JR Balaji spoke with theCUBE about enterprise security.
“I always tell people, look at the MITRE attack framework,” said JR Balaji (pictured, right), director of product management, security and manageability, of the Client Solutions Group at Dell Technologies Inc. “They’re constantly adding new techniques and that’s what customers are up against. Organizations have to think about security a lot more holistically than they ever did, which means not just focusing on software defenses that they’re all used to, not looking at a ‘moat and castle’ approach, but really looking at the entire PC ecosystem and stack.”
Balaji spoke with theCUBE Research’s Dave Vellante and Rebecca Knight at Fal.Con, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. He was joined by Rick Echevarria (left), vice president of security sales at Intel Corp., as they discussed how Dell and Intel’s collaborative security work with CrowdStrike addresses current and emerging vulnerabilities in the compute stack. (* Disclosure below.)
Implementing enterprise security in depth
Being able to look at security throughout the stack is becoming more significant as the attack surface for many organizations has expanded. Wider adoption of artificial intelligence and growing device complexity have made a broader security approach paramount.
“I think people don’t understand the complexity of a device and how creative attackers are to find any possible gap that you have left,” Echevarria said. “The approach that we take, in collaboration with Dell and CrowdStrike, is security in depth and we do it by design. You have to look at all aspects and you have to realize there’s so many layers within the stack, if you leave a gap, they’re going to find it.”
The work between Dell, Intel and CrowdStrike is designed to stay a step ahead of adversaries while keeping up with emerging threats. One threat on the security horizon involves fileless malware, code that employs legitimate tools built into a system to execute a cyberattack.
“Fileless attacks were just starting to emerge, and you don’t want it to become mainstream, highly exploited by adversaries before you start acting on them,” Balaji explained. “We are always looking at how an adversary operates. We do threat modeling, we look at how some of these ecosystems within the PC design can be exploited, such as supply chain.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of Fal.Con:
(* Disclosure: Dell Technologies Inc. and Intel Corp. sponsored this segment of theCUBE.)