Organizations should proactively stipulate hardware- and software-based security technologies for endpoint devices to best protect against future threats.
Stuxnet, a sophisticated cyber weapon that targeted industrial control systems, highlighted the security vulnerabilities of the many intelligent systems connected to networks. Whereas securing client computers is typically top of mind for most organizations, the endpoint security solution implemented on userless devices, such as digital signage displays, printers, kiosks, and vending machines, often goes unnoticed. Since many intelligent systems seem like black boxes, organizations purchasing them may be reluctant to specify a security solution. In such cases, device security strategy may be determined solely by the equipment manufacturer, who may or may not have expertise in this area.
Further complicating matters, there isn't a single security solution capable of addressing all future risks; instead, most would agree it's necessary to implement a series of different defenses across the system. This can be done using a layered security approach that enforces policy using both hardware- and software-based technologies, some of which are reviewed in this paper. IT organizations are very familiar with the software solutions, such as anti-virus (AV), but they are probably less familiar with hardware-based security technologies available today. For example, computing platforms based on Intel® Core™ vPro™ processors incorporate various technologies to increase threat protection, some of which also improve the effectiveness of software-based security solutions.
With dangerous cyber threats escalating, establishing a security strategy for intelligent systems should not be an afterthought. This is particularly true of hardware-based security solutions, which must be designed upfront by the equipment manufacturers and cannot be added after the fact. This paper reviews some advanced security technologies that can be specified in a request for quote (RFQ) or a request for proposal (RFP) in order to stipulate leading-edge protection against cyber attacks and zero day threats, like Stuxnet.