Current attack techniques don't allow companies to easily sit by and monitor the fringe, explains Shawn Henry, an FBI veteran who's moving directly to security startup CrowdStrike. Henry said his transition relies at the philosophy he shares with the fledgling company.
The threat is continually increasing. We're moving more data, ideas, intellectual property to the network. … The objective set is increasing, so the threat is increasing.Shawn Henry, president of services, CrowdStrike
Attackers are getting sophisticated enough that they may be able to slip through outer defenses and invade a system, wreaking havoc from the within, he said. Briefly, the adversaries are (or were) already within the network, so if companies aren't monitoring the activity within their perimeters, they don't seem to be doing enough.
Henry, who spent 24 years with the FBI, is joining CrowdStrike as its president of services. CrowdStrike's goal, in accordance with Henry, is to “see how [attackers are] working within the network and moving within the network and eradicate the threat that way.†Constant log monitoring, he said, would only be a start. Security staff should go deeper.
“People who built the network know what anomalous activity seems like,†he said, so that they should be constantly keeping a watch out.
In an interview with SearchSecurity.com, Henry said it's no big surprise that this activity is occurring within networks on this kind of large scale.
“The threat is continually increasing. We're moving more data, ideas, intellectual property to the network,†he said. “The target set is increasing, so the threat is increasing.†Whether theft is going on at a bank or on a bank's website makes no difference. Criminals follow their target wherever they could gain access to it, he said.
Henry highlighted common vulnerabilities within DNS, servers and applications as widely exploited issues. But those more complicated attacks also are joined by techniques which have been around for years, including targeting common vulnerabilities and the usage of malicious email attachments to get right into a corporate network. “The adversaries†are only so good at going in that once they're there, he said, they could move horizontally and vertically through a network without being detected.
In general, CrowdStrike hopes to assist detect and eradicate the threat from the interior using the technology and intelligence services that they already offer. The third leg of the corporate, the services division, is what Henry may be heading.
As president of services, Henry will oversee CrowdStrike's incident response and managed services teams, which currently include “Incident Response Services, Enterprise Adversary and Malware Assessment, and Response and Recovery,†in keeping with Henry's announcement on CrowdStrike's blog.
His team shall be answerable for coming in after a breach has occurred to offer computer forensics support and services within the aftermath. After leading thousands of employees and overseeing thousands of investigations with the FBI, he feels he's well-equipped to deal with the position.
According to Henry, the change to the personal sector is simply another phase in his life where he can apply his skill set.
“I served my tour, after which I retired,†he said, noting that he appreciated the complete people he worked with within the public sector and that he hadn't felt restricted by any person or thing.
“CrowdStrike provides me the chance to continue this fight, from "any other side," using intelligence and technology to get in front of the issue instead of merely reacting to it,†his announcement said.
Nessun commento:
Posta un commento
Comments links could be nofollow free