Several key factors helped Intel's SBI project succeed. One was starting small and choosing a value asset or a few core infrastructure services before expanding. Another was to focus on the areas where a breach would be most harmful.
Yet another winning strategy was to build the program's value based on its goals. "We built solutions for our investigators before expanding to cover additional use cases from our customers," Ross says.
Finally, Intel put together a strong team to create and implement SBI. "We gathered experienced security professionals, including architects, investigators and engineers," Ross says. "These people worked closely with our privacy experts to design and document the tools, policies, processes and privacy guidelines."
Intel is developing a My Security Alerts tool, which it will deploy sometime in 2013, that lets employees view activity associated with their accounts and report suspicious behavior.
"Advanced malware attacks can infiltrate employee accounts and gain access to our internal network and do harm without appearing to be an intrusion. Our SBI platform is incredibly powerful, but it does not have the contextual information that an individual employee knows about their own use of company resources. The My Security Alerts tool will allow our employees to help us identify suspicious activity," says Ross.
Every day, the SBI platforms collect and process billions of events. Ross says. "We filter those events down, process the data with a new set of analytics that can flag potentially suspicious activity, and then present a summarized view of that to each individual employee. We then ask for their help to review these events and let us know if they want us to investigate it further."
Intel is continuing to scale its SBI platform to increase its ability to find advanced threats, react quickly and develop preventive and corrective controls for the future.
Sign up for MIS Asia eNewsletters.