Embed or Empower?

Now, I don’t want to mention any names, but a recent proposed acquisition in the security space has really opened up the debate about the “proper place” for security. Should security be moving closer to the silicon, should security be and ever more embedded, integrated function, or are the particular requirements of effective security best met by a specialist working in partnership with other vendors. If you are Intel CEO Paul Otellini, then clearly you believe the former. In the press conference after the announcement of the takeover bid he said “We believe that security will be most effective when enabled in hardware”. Another stated reason for this surprise marriage came from McAfee CEO Dave DeWalt, he said that the “current cybersecurity model isn’t extensible across the proliferating spectrum of devices”. So there we have it, ostensibly, the Intel acquisition of McAfee has come about because security technology will be more effective and more widespread when enabled in hardware. While I can see the logic in these statements, I think that it is dangerous to simply accept them at face value. Let’s consider Mr. Otellini’s statement first. There are certainly aspects of security which can be more effective in hardware than in a software allegory. Functions such as encryption and deep packet inspection have, for a number of years, already been ported to custom ASICs in intrusion prevention appliances for example and hardware cryptographic processors, the central benefit being one of speed and associated throughput. I wonder if this could apply to the more mainstream world of anti-malware, I rather suspect not. Most enterprises first and foremost will be unable to unwilling to standardise their hardware estate around a single processor manufacturer, and if that doesn’t happen, bang goes your centralised management and reporting capability. Secondly how will the much more frequent updates to the client end of any anti-malware solution be handled? It’s one thing to manage and distribute software updates on an enterprise scale (an onerous task at the best of times) but quite another to manage the reflashing of hardware. Given that McAfee still currently rely on pushing new signatures out to each and every endpoint it’s difficult to see how this could be avoided. Which leads me on very nicely to the second assertion, that that the “current cyber security model isn’t extensible across the proliferating spectrum of devices”. I don’t see this is a problem with the cybersecurity model (whatever that is), rather as a problem with many of the current implementations of security technology. The traditional means of keeping security solutions up to date, the provision and distribution of pattern files to each protected endpoint, is absolutely not scalable, there I would agree. However it isn’t the cybersecurity model that isn’t extensible, it’s the 20th century implementation of it. Intelligence has to move away from static file-based solutions to dynamic, real-time query-based. We need to remove the need to push updates to the proliferation of mobile devices and instead empower them to access the intelligence they need, exactly when they need it. The idea of embedding security in mobile devices may sound like a good idea in theory. When you consider though, that security can be resource intensive and battery power is a finite resource, then surely the right place for the lion’s share of mobile security processing is actually *off* device, into the cloud.