Intel has been pursuing a strategy of purchasing software companies that it thinks could benefit from hardware enhancements. However, this is a particularly relevant acquisition, because security is such a big challenge for the IT sector.
Is there a benefit in enhancing security algorithms with hardware? Absolutely. In fact, in the network, companies have been doing this for a while.
One of the biggest problems facing security companies today is the number of moving targets that they must track. Before malicious software became a tool for thieves to steal money online, it was a hobbyist activity, and the number of malware variants was relatively small. But when organised crime got involved, the algorithms governing malware became more sophisticated, to the point where the malware began creating new versions of itself every time it was downloaded. Consequently, malware is now much more difficult to resolve at the desktop PC level, because computers have to check everything that runs across their hard drives against a database consisting of millions of different software variants to try and spot malicious code.
Instead, some companies have taken to analysing the software within the network. Some do it using hardware appliances running at the Internet gateway level within a company. Several of them use specially designed silicon of their own to speed up the process. Others do it in the cloud, using the advantages of virtualisation to make light work of tasks that would bring a single machine grinding to a halt. It is easier to analyse content in the cloud than it is to do it at the endpoint.
How much security can we put directly into the network?
This idea of hardware-enhanced security, whether through custom silicon, or by simply throwing more computational power at the problem, is one of the future paths for security research. But how much security can we put directly into the network? Analysing code destined to run on a computer is a good candidate for cloud-based analysis. So is trying to work out what a remote computer is trying to persuade a web application to do, and deciding whether it is a legitimate request (this is the basic function of an application firewall).
But there are other, more nuanced ways of putting security into the cloud using software alone. For example, fraud detection systems can analyse user behaviour at the application level to make a good guess as to whether an online session is legitimate. For instance, if an online banking customer suddenly sets up multiple transfers for tens of thousands of dollars to international accounts when he has never left the country before, fraud detection might raise a red flag with a software application smart enough to look at the user's history.
But such protective measures are not as easy to implement as they seem. For instance, you might be trying to access your online bank account from an Internet cafe in London, but if the hotspot was operated by a company with its servers in Germany, it could look like this is where the session was originated. The banking application may refuse to grant the customer access to their account because it looked as though he was was accessing it from a place on the continent that he had not logged in from before. Why would this matter when we all travel? If you accessed your account from a different London-based IP address shortly before, for instance, from a hotel, the fraud detection software will probably wonder why the user had skipped between countries in such a short period of time. Clearly, programming systems to spot potential fraud without compromising the customer experience is a challenge.
Putting security measures into the network is a powerful way to bolster online protection and make the Internet a safer place. However, it is a tougher, more complex task than we think. And while we grapple with the challenge, the black hats who are hell bent on stealing money from our online accounts continue to refine their techniques. This cat and mouse game is set to continue for some time to come.