New remote business reality pushes security teams to retool to protect expanding attack surface.
Remote workforce, hybrid-cloud and Zero-Trust trends are pushing security teams to focus on hardware-assisted security strategies to better secure an evolving attack surface changed significantly by COVID.
To address new challenges, hardware-assisted security is viewed as an effective and innovative way to gain IT ecosystem visibility, manage digital assets and reduce security team and compute costs. The findings are from a recent Ponemon Institute survey, sponsored by Intel.
“With very little advance warning, organizations were forced to make changes to their cybersecurity practices because of a remote workforce,” according to the study. Fifty-three percent of respondents said COVID-related shifts in their IT stack forced them to “refresh” their security strategy.
Central to that shift has been the search for innovative new approaches to managing infrastructure and endpoint sprawl. Recent vulnerabilities, Log4J, ProxyShell and ZeroLogon, each underscore this new dynamic. In each zero-day instance, security teams had to scramble to see what in their ecosystem might be vulnerable and needed to be patched first.
The study of 1,406 IT professionals set out to explore attitudes toward hardware-assisted security within firms that have adopted the technology and those considering adopting related solutions. The study also explored how hardware-assisted security helps organizations enhance security efforts.
What is Hardware Assisted Security?
Hardware-assisted security (HAS) addresses the business challenge of asset visibility within large network infrastructures, giving security teams the ability to spot and fix vulnerabilities faster. Hardware security enables this via device component firmware or software, which enables higher-level visibility through hypervisors and other network monitoring tools.
Key hardware-assisted security components include:
- Control-Flow Enforcement Technology (advanced malware protection)
- Hardware telemetry to inform malicious signals (threat reconnaissance)
- Cryptographic encryption and acceleration (secure device access)
- Endpoint authentication and a Trusted Platform Module chip (endpoint authentication)
Gaining the Upper Hand Against Threats with HAS
Visibility and mitigation response is key, as illustrated by emerging threats such as Log4J and unseen bugs tied to breaches. In both instances asset visibility and fast mitigation response times are key to prevent attacks.
Intel and Ponemon found respondents cited asset visibility as a vital component when it comes to responding to threats. Too often security teams are hamstrung by a lack of visibility into an organization’s entire network. HAS allows resource-stressed security teams to rely on the automation tools to enhance a security team’s network management capabilities.
“The rapid sophistication of the threat landscape requires organizations to be one step ahead of security updates,” the study found. About half (48 percent) said they had adequate visibility into newly disclosed vulnerabilities and patches.
This security approach dovetails with Ponemon’s findings that revealed companies are searching for innovative new approaches to address the modern IT stack. Forty-one percent of respondents ranked automation and 40 percent placed silicon-level security as top security innovations to tackle today’s visibility and management challenges.
“Without visibility and transparency, there is no trust,” said Tom Garrison, vice president and general manager of Client Security Strategy and Initiatives at Intel.
How Innovation Reduces Cost
New remote workforce and cloud trends have created a perfect storm for adversaries.
That reality consists of a sprawling attack surface spread across hybrid-cloud infrastructures and linking thousands of endpoints and digital assets together. The challenge for network administrators and security teams is tracking assets and mitigating vulnerabilities as that attack surface grows.
Forty-eight percent of respondents said their security team spends 17 hours each week mapping known vulnerabilities in IoT devices alone. Automation tools in HAS can streamline those efforts, allowing for security teams to focus on mitigation versus vulnerability discovery. This can reduce security team workloads, reduce staff burnout and taper security staffing-related costs – all while keeping staff focused on mitigating threats and not false positives.
Ponemon bared this out in its study with respondents sharing HAS streamlines asset visibility and vulnerability exposure via an automated inventory of hardware assets at the silicon level, according to the 65 percent of companies that have adopted the technology.
Visibility is Vital but Can Sometimes be Shortsighted
Still many firms struggle with mapping known vulnerabilities on IT assets at the sub-operating system level. While 52 percent of respondents said they track security of their devices based on the latest microcode and CPU update, the remaining do not. Without that level of tracking organizations could be opening the door for sub-operating system malware attacks or persistence of malicious code at the BIOS and firmware level.
Sixty-nine percent of respondents said hardware and firmware security solutions make vulnerability management more effective. “Of those organizations using hardware and firmware security solutions, 58 percent of respondents say their organizations have good or significant visibility into whether their hardware and firmware are operating in a known good state,” according to the study.
Offsetting Zero-Trust Authentication Costs
Additional cost considerations include cost saving tied to hardware-enabled accelerators required for device authentication via encryption. Thirty-six percent of these respondents said hardware is part of their organization’s endpoint (PC/IoT) security strategy. Related compute costs can grow as companies place more emphasis on Zero-Trust solutions.
Among those firms adopting hardware security, the study found, 32 percent of businesses have implemented a Zero-Trust solution. “As organizations incorporate new security technologies, hardware-assisted security compliments existing protocols and bolsters overall security hygiene,” according to the study.
Hardware security can reduce compute costs of cryptographic-based authentication by allowing an organization to take advantage of hardware-enabled accelerators to offset the cost of encryption.
Thirty-eight percent of respondents said they take advantage of hardware-enabled accelerators to offset the cost of encryption, according to the study. Twenty-six percent said they deploy a hardware or silicon-enabled accelerators to offset the cost of authenticating endpoints before enabling access.
Practitioner satisfaction and the perception of HAS solutions is strong among organizations seeking innovative solutions to the constantly changing threat landscape. Thirty-six percent of survey respondents said their organizations have adopted hardware-assisted security solutions and 47 percent said their organizations will adopt a HAS solution in the next six months.
Respondents told Intel and Ponemon that today’s threat landscape requires “organizations to be agile and innovative in their cybersecurity practices.”
On-demand Event – Download Now: Join Threatpost and Intel Security’s Tom Garrison in a Threatpost roundtable discussing innovation enabling stakeholders to stay ahead of a dynamic threat landscape. Also, learn what Intel Security learned from their latest study in partnership with Ponemon Institue. WATCH HERE.