Migrer de 2003 à 2012 R2, adopter HyperV ou Microsoft Azure : comment réalise...
La sécurité toujours en éveil au cœur du processeur avec Intel et McAfee
1. La sécurité toujours en éveil au cœur du
processeur avec Intel et McAfee
Fabien Esdourubail, Directeur Marché Entreprise, Intel
Claude Chauvet, Expert Technique,Intel
Benjamin Marandel, Expert Technique, Mc AFee
2. D’ici 2015…
+ d’utilisateurs + d’appareils connectés + de contenus partagés
> 1 Milliard > 15 Milliards > 1 Zettaoctet de
d’utilisateurs en d’appareils connectés2 trafic Internet3
plus1
L’Internet et la forte croissance du nombre de terminaux renforcent
les besoins des Centres de traitement des données
1. IDC “Server Workloads Forecast” 2009. 2.IDC “The Internet Reaches Late Adolescence” Dec 2009, extrapolation faite par Intel pour 2015 2.ECG “Worldwide Device Estimates Year 2020 - Intel One Smart Network Work” prévision 3. Source:
http://www.cisco.com/assets/cdc_content_elements/networking_solutions/service_provider/visual_networking_ip_traffic_chart.html extrapolation pour 2015
3. Construire un Compute Continuum
PC de bureau PC portable Netbooks Appareil Smartphones Smart TV Informatique
numérique embarquée
personnel
4. 3 Axes d’Innovation chez Intel
Performance Connectivité Sécurité
énergétique Internet
+ +
5. Technologies Intel : Sécurité du Poste
Client
Technologie Intel® vPro™ Intel® AES-NI
La sécurisation et l'administration sont intégrées Accélération matérielle de l’encryption
aux chipsets
Technologie antivol Intel® (Intel® Technologie Intel® IPT (Intel® Identity
AT) Protection Technology)
Authentification à deux facteurs directement
Propose la sécurisation du PC et des données
dans les ordinateurs basées sur la deuxième
lorsque l’ordinateur portable est volé ou perdu
génération de processeurs Intel® Core™
6. Lutter contre des menaces toujours
plus variées & complexes
Anti-
Malware Data Identity Recovery
Prolifération Vol de données Usurpations en hausse Remédiation :
Sophistication Vol de matériel Vols de mots de passe coûts en hausse
Impact sur
la productivité
Contrer Protéger les Renforcer Reprendre le
l’installation et le données l’identité des controle même après
fonctionnement utilisateurs les conséquences
des Malwares d’une attaque
7. Les technologies clés d’Intel en
matière de sécurité
Anti-
Malware Data Identity Recovery
Intel TXT & TXT-SX Intel AES-NI Intel IPT avec OTP Intel AMT
Intel OS Guard (SMEP) Intel Anti-Theft NFC-TAP McAfee Deep Command
McAfee DeepSAFE Technology Intel IPT with PTD Independent FW Update
Intel Secure Key Intel IPT with PKI Granite City
Contrer Protéger les Renforcer Reprendre le
l’installation et le données l’identité des controle même après
fonctionnement utilisateurs les conséquences
des Malwares d’une attaque
8. McAfee et Intel
Intel® Virtualization Technology for McAfee Deep Defender Real-Time Stealth Attack
IA-32 & IA-64 Protection
Intel® AMT Out-of-Band McAfee ePO + Deep Greater Device
Management Command Manageability
Intel® AES New Instructions Enhanced Encryption
McAfee Endpoint Encryption
(Intel® AES-NI) Acceleration Speed
McAfee* supported on McAfee Embedded Malware Prevention
all Intel® architecture platforms Control (White listing)
McAfee Data Center & Cloud Server Integrity &
Intel Trusted Execution Technology
Security Protection
(TXT)
McAfee Anti-Theft (Consumer) Ultrabook & Laptop
Intel Anti-Theft
McAfee ePO (mgmt) Security & Data Protection
Hardware Enhanced Security
technologies
10. New Approach to Security Is Needed
Traditional attacks—and
defenses—focused
Applications/RDBMS primarily on the
application layer
Attack and disable
security products and AV HIPS
hence all protection
Infect OS with APT’s
Operating resulting in threats hidden
System
from security products
Compromise
virtual machine and Virtual Machine
hence all guest Rogue peripherals &
machines within firmware bypassing all
I/O Memory Disk Network Display
other security measures
BIOS
“Ultimate APT’s”
compromise
devices below OS,
either before or CPU
after shipment
Intel & McAfee Confidential
11. Stealth Rootkits—After the Fact Is Too Late!
Protection Gap Could Be Weeks
t0 t1 t2 t3 t4
Stealth Malware Malware Malware Damage Remdiation Is
Installed Hidden Steal Data Is Done After-the-Fact
Confidential information stolen
Cybercriminal owning endpoint
Endpoint part of a BOT network
12. Introducing McAfee DeepSAFE Technology—
Next Generation Security Beyond the OS
Technology by McAfee and Intel
McAfee Deep
Defender
Industry’s First Hardware
Assisted Security Platform
Operating System
New Vantage Point on Security— McAfee DeepSAFE
Operates Beyond the OS Technology
CPU
Technology Foundation to Deliver
Future Products
Intel® Core™ i3, i5, i7 | VT-x
13. Introducing McAfee Deep Defender—
Endpoint Security Beyond the OS
Industry’s first hardware-assisted security technology
Uses McAfee DeepSAFE technology McAfee Deep
Defender
Real-time kernel memory protection
Operating System
Protection from previously hidden threats McAfee DeepSAFE
beyond the OS for enhanced security Technology
Managed by ePO CPU
Intel® Core™ i3, i5, i7 | VT-x
15. Deep Defender—Faster Time to Protection
t0 t1
Stealth malware Installation Protection is Real time
install attempt attempt blocked
No Data Loss
No Endpoints Compromised
No issues
16. ePO Deep Command (vPro AMT-Enabled)
Deep Command utilizes Intel vPro Technology for local and remote
management beyond the operating system
AMT-enabled Desktop running
McAfee Agent and Security Software
Apps
McAfee Security
McAfee Agent
OS
Preboot
Intel AMT
18. ePO Deep Command
Security Use Cases
Deploy updated security “ahead” of an attack if
endpoints are powered off (DAT files or ODS)
Remote remediate Compromised systems or system
failures force physical access to the endpoint
Repair Policy or system misconfigurations that
cause connectivity issues
Green IT by maintaining security & compliance
regulations
19. McAfee Endpoint Encryption for PCs
and Intel AES-NI
• Endpoint Encryption for PC V6.1 is the
first encryption technology to support
AES-NI technology
• AES-NI is AES hardware crypto
acceleration included in the new Intel
Core i5 & i7 processors
• Strong performance improvements of
full disk encryption speed compared
with software alone
21. Ecosystème d’Intel pour la sécurité :
les éditeurs de logiciels indépendants
Pack pour la gestion d’entreprise Solutions d’aide et de prise de contrôle
à distance **
Solutions pour les PMEs
Solutions de protection contre le vol
Solutions de Virtualisation du Poste Client
La sécurité des données et ressources
Technologies de protection de l’identité et
anti –fraude
* Les autres noms et désignations peuvent être revendiqués comme marques par des tiers.
** Les dates et éditeurs de logiciesl indépendants sont susceptibles de changer
22. En conclusion…
•La sécurité est un des piliers de
l’informatique
•La meilleure sécurité est celle qui
commence dans le silicium
•Le processeur est le premier
élément de la sécurité des
informations
[Fabien]Phrase d’intro a définir (Intel au cœur de l’internet // Intel ayant toujours à cœur de comprendre les besoins des utilisateurs et d’identifier les nouvelles tendances // autre)<Suivi de>En 2010, nos spécialistes ont mené une étude visant à estimer la croissance de l’Internet à 5 ans. Bilan : il faut s’attendre a une explosion significative du nombre d’utilisateurs, de terminaux connectés et des données transitant sur la toile.Dans quelle proportion ? D’ici 2015 soit dans 4 ans maintenant, il faut s’attendre à ce qu’1 milliard de personnes rejoignent Internet, portant le nombre total de net citoyen à 2,5 milliards. Dans le même laps de temps, pas moins de 15 milliards de terminaux seront connectés à Internet et plus 1 zetaoctet de données transitera sur la toile (l’équivalent de 1000 milliards de To).À n'en pas douter les spécialistes de l’IT verront dans cette croissance quantité d’opportunités pour offrir de nouvelles expériences aux employés des entreprises comme au grand public. Pour autant, s’ils veulent réussir à proposer de nouveaux services ils vont devoir se reposer sur une nouvelle infrastructure adaptée à cette croissance explosive, un vaste réseau proposant un haut niveau de performance en terme d’efficacité énergétique, de sécurité et de distribution des ressources.
[Fabien]La conception de ces processeurs et technologies qui supportent aujourd’hui la nouvelle génération d’infrastructure et donc le « compute continuum » chez Intel sont développés suivant trois grands axes.La performance, et plus particulièrement la puissance de calcule développée par Watt est un axe fort de notre R&D. (impact sur l’autonomie des produits mobiles, meilleurs graphiques et donc expérience de l’internet,…)La connectivité, a savoir le développement de technologie filaire ou non facilitant une communication continue, simples et rapides (WiFi, Bluetooth, 3G/LTE, WiMAX dans les produits mobiles, fibre optique et Ethernet dans les serveurs).Et depuis bientôt 10 ans, la sécurité, où Intel a commencé en introduisant des instructions dans le processeur pour limiter les attaques de type débordement de mémoire (buffer overflow, avec la technologie Xdbit) et pour proposer aujourd’hui tout un panel de technologies destinés à protéger tant les serveurs que les terminaux mobiles et dont on vous parlera en détail plus tard.
[Claude]Message : Notre stratégie : intégrer des briques matérielles et logicielles de sécurité (objectif créer une chaine sécurisée)A propos de McAfee:“Intel and McAfee are working on joint technologies to better protect every segment across the compute continuum from PCs to devices,” said Renée James,. “By combining the features of existing Intel hardware and innovations IMcAfee DeepSAFE:Builds the foundation for next generation hardware-assisted security operating beyond the operating system Provides a trusted view of system events below the operating systemDetects and removes attacks undetectable today New vantage point to block sophisticated stealth techniques and APTsProvides real time CPU event monitoring with minimal performance impact Combines the power of hardware and flexibility of software to deliver a new foundation for securityn security software, Intel and McAfee are driving innovation in the security industry by providing a new way to protect computing devices.
[Claude]Thru end user research, Intel is targeting its security efforts into four key pillars. Anti-Malware:What if malware had no place to hide? What if consumers could click on any link and surf the internet worry free? That enterprises could expect predictable operational costs by preventing malware from infecting their managed devicesData– What if valuable data was safe from theft or lose? That you could trust your device like a vault or your data was safe regardless of where it is located?Identity: What if access to systems and services was safe and secure? That peoples identity were protected by their computing devices and it becomes impossible to impersonate them? Or that only authorized users were allowed access to enterprise resources?Recovery:What if devices just worked safely all the time? Devices are always up to date with the latest protections? Downtime and recovery time approached zero?And all this is to be delivered from phones to servers, from end points to the cloud.
[Claude]Thru end user research, Intel is targeting its security efforts into four key pillars. Anti-Malware:What if malware had no place to hide? What if consumers could click on any link and surf the internet worry free? That enterprises could expect predictable operational costs by preventing malware from infecting their managed devicesData– What if valuable data was safe from theft or lose? That you could trust your device like a vault or your data was safe regardless of where it is located?Identity: What if access to systems and services was safe and secure? That peoples identity were protected by their computing devices and it becomes impossible to impersonate them? Or that only authorized users were allowed access to enterprise resources?Recovery:What if devices just worked safely all the time? Devices are always up to date with the latest protections? Downtime and recovery time approached zero?And all this is to be delivered from phones to servers, from end points to the cloud.
[Claude : transition intel=>Mcaf]MEC supports all IA platformsMcAfee DeepSAFE technology was jointly developed from McAfee and Intel, enabling McAfee to build hardware-assisted security products that take advantage of a deeper security footprint. McAfee DeepSAFE technology sits beyond the operating system and close to the silicon, allowing McAfee products to gain an additional vantage point in the computing stack to better protect systems.McAfee Deep Defender is a next generation of hardware-assisted endpoint security, enabled by McAfee DeepSAFE technology, operating beyond the operating system, designed to detect, block and remediate advanced, hidden attacks. McAfee Deep Defender can be managed by McAfee ePO. McAfee ePO Deep Command provides secure and remote security management access to PCs that may be powered off or disabled. ePO Deep Command utilizes Intel® vPro™ Active Management Technology (AMT) to deliver beyond the operating system management, reducing security operations costs while enhancing your security posture. Using Intel vPro AMT, ePO Deep Command enables secure remote access regardless of the PC’s power state so security administrators can remotely remediate compromised systems, enable energy-saving initiatives, wake systems, and apply proactive securityThe first example of McAfee activating features in the silicon was the release of McAfee Endpoint Encryption for PC v6.1 in Q1 2011, which utilizes Intel’s AES-NI (Advanced Encryption Standard – New Instructions) to accelerate the performance of full disk encryption. Performance: Only 0.6% slower, rather than 25-30% on a 7200rpm HDD fully encrypted with EEPC v6.1 and Intel AES-NIOur collaboration has integrated McAfee’s on-device security and its device management capability with Wind River Linux.The solution enables—from the operating system to the application, from devices to systems and servers.It provides dynamic protection in a constantly morphing threat landscape.
This single slide talks about what most people think of as security in the chip.If you look at the operating system and virtual machine layer, in today’s world everything McAfee does runs on top of that layer. Antivirus, HIPS, all our security technology sits on top of that layer.What we’re doing is bringing security beyond the operating system. Why? Because threats are already there. There is stealth malware that hides itself below the operating system that can compromise the OS and cause it to report incorrect information to the security software running on top of the OS which makes it very challenging for security software to detect and remove. A lot of this new malware circumvents security. There is a need for a new vantage point – for security beyond the OS to determine, isolate, and remove a threat that is compromising the OS. Compare it to a battle at sea, where the ships on the water can see what’s at their level and what’s above them, but it they can get attacked easily by submarines and torpedoes. You need to have sensors underneath to see what’s attacking you there.Also, going beneath the operating system will improve security performance. Running a blacklist of millions of malware pieces in a security application is not sustainable. Utilizing hardware in the security model offers an alternative.We are developing security technology that sits below the operating and interacts with existing features in the silicon.
McAfee DeepSAFE technology is delivering the next generation endpoint security enabling security beyond the operating system. This technology platform was jointly developed by McAfee and Intel that combines the power of the hardware and the flexibility of software to deliver the industry’s first hardware assisted security platform. The gives a whole new vantage on security beyond the operating system to allow McAfee to detect new stealth attacks. This technology builds the foundation for next generation hardware-assisted security operating beyond the operating systemMany threats today use kernel-mode rootkits that hide malware from traditional OS-based security and are difficult to detect. If they are detected they are done after they have been installed and allowed the malware to do it’s damage (i.e. steal data, etc.). McAfee DeepSAFE technology will exposes many attacks that are undetectable today.This technology provides real time memory monitoring by utilizing hardware features in the Intel Core i3, i5 & i7 processors. Specifically this technology uses the Intel Virtualization Technology or VT-x to be able to get an unfettered view of system memory. This is a tremendous shift for McAfee and for security. From the vantage point of McAfee DeepSAFE we can apply new techniques that prevent malicious activity not just detect infections.
<Step #1>We start with an Intel i3/i5/i7 CPU with VT-x enabled. The OS Loader begins initialization of the Windows Operating System.<Step #2>In the next stage, the boot drivers load. The DeepSAFE Loader is the 1st boot driver in the load order and we use multiple methods to ensure that it stays as the 1st in the list. DeepSAFE loads itself as a memory hypervisor and resides beyond the OS. From this point forward DeepSAFE is monitoring kernel memory access and select CPU instructions.<Step #3>The remaining boot drivers load next. If a driver attempts to modify kernel, then DeepSAFE will see it and relay that attempt to the DeepSAFE Loader/Agent. We process against our detection logic (what we call simple rules) and if we identify the memory access as malware, it will be blocked. In essence, the rootkit will not be able to do its purpose. We do not need to have prior knowledge of the rootkit. We catch it trying to do its job. This gives us true zero day detection. Up to this point, AV drivers, AV agents, and even the Deep Defender Agent have not loaded.<Step #4>The next phase is for Windows to load the non-boot drivers. Just like in the boot driver rootkit scenario, DeepSAFE will see any attempts to modify kernel and will relay those attempts to the DeepSAFE Loader/Agent. In this stage, even if an AV driver loads before the rootkit driver, the AV drivers will not see rootkit kernel accesses and will have to rely on heuristic file or behavior identification. This makes zero day detection difficult and requires pre-knowledge of the threat or threat type. Deep Defender does not require pre-knowledge as it is monitoring for malicious memory access. Most root kits are non-boot drivers.<Step #5>After the remaining drivers load, our Deep Defender Agent loads. This agent contains the higher end logic of remediation and removal. It also contains any user interface and notification components. When Deep Defender Agent loads it looks to see if any rootkits were detected during boot and if so removes any remaining traces and eliminates them from the system.<Step #6>From this point forward, when any rootkit attempts to load, it will get caught by DeepSAFE, relayed to the DeepSAFE Loader/Agent, processed against not only our simple rules (in the DeepSAFE layer itself), but also processed against our richer more complex rules (in the Deep Defender Agent). If identified as malware, it is blocked, and then automatically remediated/removed.
Deep Command leverage AMT for local and remote management beyond the operating system Enhancing Security Apply security ahead of threat Blocking threats beyond the OS Ensure compliance Reduced Operations Costs Remote remediation Update security when systems powered off Password reset Unlock encrypted drives for maintenance
An example of the system data behind the dashboard. ePO administrators can use these data to drive automatic provisioning, reporting, and configuration of AMT-enabled systems.
ePO Deep Command enables companies to embrace power saving programs that can save significant amounts in energy costs, while at the same time giving security administrators security management access. Now you don’t have compromise between power savings and security management access. In an example of a company with 25,000 nodes with 60/40 mix of desktops and laptops and they can power down their endpoints during off-hours can save more than $500,000 per year in energy costs. This assumes the average power usage of PCs both laptops and desktops and the average cost (USD) of electricity. ePO Deep Command will enable companies to maintain security access while PCs are powered off.
The first example of McAfee activating features in the silicon was the release of McAfee Endpoint Encryption for PC v6.1 in Q1 2011, which utilizes Intel’s AES-NI (Advanced Encryption Standard – New Instructions) to accelerate the performance of full disk encryption.Performance:Only 0.6% slower, rather than 25-30% on a 7200rpm HDD fully encrypted with EEPC v6.1 and Intel AES-NI
[Benjamin redonne la parole à Fabien]
[fabien]Cette collaboration, cela fait des années que nous l’entretenons avec un très large spectre d’éditeurs de logiciels de renommée internationale couvrant des aspects très variés de la sécurité. Une activité primordiale si l’on désire apporter de véritable solution et non de simples briques de sécurité.Console d’administration de parc informatique, antivirus, dispositif antivol, spécialistes dans le chiffrement des données ou communication, éditeur de système d’exploitation ou de logiciels de virtualisation sont quelques exemples des sociétés, outils et spécialistes avec lesquels aujourd’hui nos collaborons activement.[Topo sur McAfee] -> qui va nous permettre de…
[fabien]Intel and McAfee have a shared vision for security and it’s importance in our digital world. There are three pillars that we believe apply to all computing experiences: energy efficient performance, pervasive connectivity, and security. (left side of chart)We believe that all computing needs to be secure. This is a foundation for creating a good user experience and a foundation, we believe, for our industry to continue to grow and expand.We also believe that the best security is “built in”. By including security capabilities into the hardware platforms, we believe we can achieve a better level of overall security that will benefit our customers.We believe that the combination of Intel and McAfee’s assets uniquely position us to deliver the best security solutions as a result. We have the ability to “build in” security into Intel’s hardware platforms and then deliver software and services that take advantage for those platforms to deliver the best in security innovation. The combination of McAfee and Intel brings fresh innovation to secure the future of computing and the Internet. Finally, we believe that protecting the digital lives of consumers represents and excellent business opportunity…not only for us, but for our partners. We need to protect whole security information channel. If only one part is not protected, whole information is at risk. The processor is the first part of the security information channel. That’s the reason why security is one of Intel’s pillars strategy.