Saturday, August 28, 2010

Intel McAfee Deal - My two cents

Many analysts and Intel is saying that more security would be baked into the hardware for growing number of internet-connected devices.

It is certainly true that security would become concern for users using different kinds of gadgets and other internet-connected personal and Enterprise devices.  Some of the devices run on battery.  As we all know, kind of attacks are becoming sophisticated day by day.  Sophistication of attacks translates to more computing power to detect these attacks and stop them.  Would this kind of computing power available on gadgets such as smartphones and other mobile devices?  Even if it is available, how much battery power it takes.  I guess it would be very high.

I believe that computational intensive attack detection and prevention of many of these mobile internet-connected devices would provided in the cloud or in Enterprise networks.  There would be some kind of agent and root-of-trust which is required in mobile devices, but majority of the traffic analysis for attack detection and protection of these devices would happen in the cloud. By the way, Intel vPro already has root-of-trust technology built into it and can be used in mobile devices.

My guess is that Intel is going to target the cloud/Enterprise market for doing traffic analysis for attack detection and secure the mobile devices. This would be growing market for sure in coming years.  Intel might add some features to the server chips to scale the security computation.  If you really see, McAfee is more popular in doing heavy weight Anit-Malware and Intrusion analysis for laptops. Similar technology is needed for mobiles without running them on mobiles.  In recent past,  McAfee bought some Mobile related companies such as Trust Digital,  WaveSecure etc..  This gives me an impression that Intel along with McAfee might come out with Enterprise device product which does not only 'Mobile device provisioning', 'Lost Mobile Security', but also secure the traffic between mobiles and Enterprise networks.  That is,  a device which is complete mobile portal to Enterprise from provisioning, reporting and security.  McAfee technologies IPS, Anti Malware, Anti-phishing, Anti-spam can be used in these Mobile Portal devices to ensure that the traffic going to/from the Mobile device is secure and sanitized. TrustDigital technology would be used to provision the mobile devices and for generation of reports on usage of mobile devices.  This combination can be powerful.

What are the features Intel might add to the hardware?  Majority of attack detection now requires proxies.  Almost all the Anti-malware companies implement proxies to terminate the connection,  decrypt the traffic if it is encrypted, do de-archive and de-compression if required,  analyze the traffic for attacks, sanitize the traffic,  create new connection to the other end point and send the traffic.  There are heavy computational intensive low hanging items that can be taken care in the hardware.  Many of the computational intensive items are already taken care either by Intel or by the third party hardware cards such as compression/decompression,  Encryption/Authentication,  XML/Xpath analysis etc..  Majority of proxy handling is still done in the cores. I believe this part of the proxy management and TCP/SSL Offload would be required to get the maximum power of the hardware.  That is, software running in the cores would only see the application protocol (HTTP, SMTP etc..) data, not the individual packets.

Let us see how things turn out in future...