Our key industrial infrastructure is becoming as vulnerable as our corporate data to attack, driving commercial organizations toward the defense IT world for solutions to protect it. With an overwhelming legacy base, it is unlikely that corporate and industrial IT will ever be as secure by design as military and aerospace systems are. So, how are the growing and increasingly unpredictable threats that these systems face to be contained and neutralized?
The Threat
While threats like the HBGary and Sony PSN breaches compromised data and exposed the organizations involved to financial losses, neither threatened national security. More alarming is the problem of key industrial infrastructure controlled by connected computers: the Stuxnet worm used Windows-based machines as a vector to attack embedded systems running on a Siemens microcontroller. In September, the Duqu Trojan was discovered, which tries to steal information from SCADA systems. Kaspersky Labs believes it originates from the same developers as Stuxnet.
It is a challenge for most organizations to know if, and when, they are under attack. IT organizations seek to empower their businesses by embracing cloud computing, but in so doing, open up their networks. Executives at all levels expect to access a range of applications to communicate effectively, but even experienced users can be caught out by malware that uses these applications as vehicles to bypass corporate firewalls.
Zero-day malware and single-target attacks are especially problematic. IT organizations and security incident managers now need to detect and analyze threats in real time to fully understand who is attacking them and how.
Containment
One thing that has become apparent in protecting against cyber attacks is that today’s network security protection is struggling to effectively contain new and emerging threats. The only complete (and complementary) solution is using platform security, either on network infrastructure or endpoints themselves. Securing the internet connection or adding security to a browser are traditional methods of endpoint protection, but a better approach is to use secure virtualization to properly isolate sensitive data and applications from the point of potential attack.
Virtualization can only provide real system security if the hypervisor has been built with security in mind (a hypervisor or its underlying operating system can be compromised). Defense-grade ‘bare metal’ hypervisors running directly on the hardware provide near-native performance. Separation kernels designed to operate in highly secure defense environments offer military-proven security for the operating systems and applications running on it. They allow data and applications with different security levels to co-reside on a single device without risk of contamination.
The best solutions offer near-native execution of fully virtualized guest operating systems and their applications, showing an execution speed within a few percentage points of running natively. German IT security specialist secunet Security Networks AG and LynuxWorks have demonstrated multiple network sessions at multiple levels of security on a single hardware platform. They did this by isolating applications and networks into separate partitions to prevent dangerous software interactions and to thwart any zero-day or unknown cyber attacks.
Neutralization
Confident that any threat is contained effectively, organizations still need to detect and analyze these threats in real time to fully understand who is attacking them and how. Once malware has been securely partitioned, suspect code can be subjected to fast and very deep analysis to make this determination.
The most effective analyzers provide real-time intelligence about the behavior of the suspect code to the IT organization without requiring any signatures or updates from the vendor. They will describe how the malware will attack the system, expose any logic bombs that may be hidden in the code – waiting for an eventual trigger – and create a repair tool for each specific malware that can be easily applied to an infected system.
A Proven Strategy
With defense, general IT and commercial embedded systems increasingly converging onto the same Intel processors, the process of transferring technology developed for one environment into another has become a great deal more straightforward.
The most sensitive parts of a system can be run within proven, defense-grade hypervisors, completely protecting them from attack. Such secure hypervisors can easily be retrofitted to existing platforms. These same partitions can be used to create a safe environment within which threats can be rapidly and completely analyzed.
The response window for attacks has shrunk from hours or days to minutes. The real-time data that can now be provided allows organizations to respond effectively within this very challenging timeframe.
ValidEdge, a subsidiary of LynuxWorks, is exhibiting at Infosecurity Europe 2012, the No. 1 industry event in Europe held on 24–26 April 2012 at Earl’s Court, London. The event provides an unrivalled free education program, exhibitors showcasing new and emerging technologies, and offers practical and professional expertise. Visit the Infosecurity Europe website for further information. |
Arun Subbarao is VP of Engineering at LynuxWorks, responsible for the development of security, virtualization and operating-system products, as well as consulting services. He has 20 years of experience in the software industry working on security, virtualization, operating systems and networking technologies. In this role, Subbarao spearheaded the development of the award-winning LynxSecure separation kernel and hypervisor product, as well as software innovation in the areas of security, safety and virtualization. Previously, he was director of Technology and Product Development, responsible for operating system products such as Linux and RTOS. Subbarao has also been a panelist and presenter at several industry conferences. Prior to that, he was director of Consulting Services, responsible for all custom software development and delivery. Subbarao started his career with Wipro Technologies, one of the largest IT-services companies in India. He holds a BS in computer science from India, an MS in computer science from SUNY Albany and an MBA from Santa Clara University.