Friday01 July 2022

Dell talks security, document control, and air gapped networks at Black Hat 2017 Featured

Reading time is around minutes.

Black Hat USA 2017 - Las Vegas, NV
When you think of Dell you might get many different images that come to mind. For some they might think about the 90s and the “you’re getting a Dell Dude” guy. Others might think about servers, or corporate desktops. In recent years, you might think about Dell’s push back into the performance market. However, for a large number of people you would not think about Security when the Dell name gets tossed out. This would be a mistake though as Dell does have a large team of people that work on security. This is not just for Dell products, but also for other products that are outside of the Dell realm. While at Black Hat 2017 I had the chance to site down with Brett Hansen, VIce President of Dell Data Security and we talked about some of the security offerings that Dell has.

The conversation kicked off with a talk about the origins of Dell’s security division and where they are heading. It was some interesting stuff, but that is not what you are hear to read. If you are really interested you can find much of that information with the right Google search. Instead let’s dive into the real meat of the conversation.

One of the things that interested me the most about the meeting with Dell was that they have come up with a way to make a cloud only anti-malware solution work for air gapped networks. This single topic was the most interesting to me as we have been seeing a concerning trend with anti-malware companies where they want you to send all of your information to the cloud, you need constant connectivity to also monitor the status of the agents deployed on your systems. This trend is concerning for multiple reasons. One of the first is that they (the anti-malware company) collects a ton of information about the systems that it is on. Some of this information might be considered critical infrastructure information (IP subnets, internal domain or group information etc). Once you give that information away you do not really ever know if it is being protected. The second is you have to give internet access to machines that you might not want talking to the internet just to make sure you have visibility and that they are up-to-date. Neither of these is a good thing., but then again if you have read this far you probably already know this.

Dell’s solution incorporates Cyalnce’s machine learning agent into their existing suite of products, but with a little bit of a difference. Dell was able to take the existing agent and alter the call home parameters so that instead of calling out to the internet, they call back to an on premises server that can maintain the telemetry data. The agents are updated by Dell instead of requiring these protected systems to talk out to places they should not be. It is an option that we are surprised needed to come from a third party in the first place.

This was not the only part of the end point security suite that we talked about though. We discussed the encryption side of the suite as well. Data at rest encryption is nothing new. Consumer products are already on the market with this feature, but dell is looking to take this a step further. They want to provide their customers with the ability to encrypt data in motion. The effort is similar to what we told you about with Ionic Security (Dell says theirs is better). This concept creates a new level of file control. You can set different policies which provide access to encrypted documents. This encryption continues to work even outside of the network they were created on. In other words you can grant rights to a document to a group of users and even when they are outside of the network those restrictions/rights are still in place. This means that even if someone steal that document off of an unprotected laptop that information is still secure (well as secure as the encryption). You can also grant access and expire that access based on the policies you set up. These policies include multi-factor authentication (come on, all the cool kids are using it).

Dell’s protection suit had a few additional features under the hood like enhanced BIOS protection to ensure that no one is using your UEFI BIOS through unprotected management engine flaws (we will talk about this a little later). Dell has rolled in some hardware checks (nothing new there, but still nice). They are also working with RSA to create some additional advanced data protection that is easy for clients to use. You know, the type that will prevent users from finding ways around restrictions or prevent them from just switching to Boxx or DropBox for their file transport needs.

We were also ensured that the suite is modular. You can buy just the parts you want and not have to worry about the others. This should make this a little more palatable for some.

In all the overview of the suite presented some interesting changes. As we see more and more anti-malware services push for the cloud we are seeing some that realize not everyone wants this. The other portions of the suite also appear to be showing an acceptance of some hard to deal with facts. The first one of these is that you simply cannot stop attacks. Someone is going to get into your network. Either an insider or a determined attacker. The move to securing the actual data inside while still paying attention to the gates shows this very clearly. This is actually a good thing and something we noticed two years ago during our visit to Black Hat. We hope to see this trend continue and to see the mass of vendors all selling tech to start to shift some of their focus to meet the change in the security landscape.

Last modified on Friday, 28 July 2017 21:44

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.