How is it that software security companies can attain the valuations they do when time after time, software has proven vulneable.
Understanding what TPM-based solutions offer network security is a understandable struggle for those inluding myself who work outside the industry. Having noted that perhaps I can help.
TPM-based security is not a silver bullet to solve all network security vulnerabilities but it can, once deployed, eliminate significant attack vectors. Basically, TPMs can establish pre-boot code integrity eliminating rootkits and also assure "known device ID" in the same way that SIM cards do for mobile phones ie. allow only known authorized devices to access the network. The authorized device paradigm is significant because then if an attacker hacks credentials from a user (such as from Target's refrigeration vendor) the attacker needs not only the stolen passwords but also an authorized known device. In the Target hack once they had the credentials they used their own unauthorized devices to gain access. If all of Target's own devices and those of their vendors were TPM-secured then the hack couldn't have occurred in the way it did. It would be a challenge for a company like Target to require all their vendors to deploy "known devices" using TPMs otherwise they can't access Target's network but it could eventually happen.
Unfortunately there are ways to hack network access that bypass rootkits and known devices. This involves planting malware in devices at the OS level and using it to gain a remote presence on a user device which could include a TPM-secured known device. An employee opening e-mail is probably the most common method to get malware on a device.
So where vendors such as FireEye, Bromium, the three start-ups in the article going public and many others come in is to the detect malware attacks in real time and and remediate the threat in real time. Real-time detection and response is the big thing now and one will note all the big security vendors such as Symantec, McAfee and RSA all offer it to keep up with the flashy newcomers such as FireEye.
Imo it will take both TPM-based solutions and OS level malware detection solutions to better secure the network. Perhaps a siginificant number of incidents that malware detection solutions remediate would not have occurred in a TPM-secured environament, but given the capability to install malware on devices above the hardware level, TPMs can't eliminate all malware other than rootkits.
Wave is selling VSC to customers who have either deployed an alternative authentication solution such as tokens or merely use MS Active Directory-based passwords. The new version of WEM to detect and remediate rootkits is yet to be released. Again, it will imo take both TPMs and real-time malware threat detection to more effectively secure enterprise networks.
AI
