At VMworld 2016, we spoke with customers about how they are supporting digital business transformation (view our video interviews below). Senior IT leaders, all describe a challenging but exciting multi-year journey, and all agree that technology is ever-more critical to business innovation, agility, and resilience. And they are embracing a customer-first approach. For end customers and employees alike, they want to make life and work easier, more convenient, more productive, and more fruitful.
“When we talk about attacks against IT infrastructure, it’s not like you come home at night and your TV is missing,” says Shawn Henry, president and chief security officer of the security technology company CrowdStrike Services. “Until people actually feel the threat, it’s hard for them to get it.”
That may help explain why cybersecurity is still not the priority it should be. An Economist Intelligence Unit survey sponsored by VMware revealed that security is the top corporate initiative for only 5 percent of C-suite executives around the world. And those initiatives are not always well targeted. A separate Accenture survey found that 58 percent of respondents are still prioritizing traditional perimeter-based controls against external attackers, instead of addressing high-impact internal threats.
Redefining the Perimeter
“One problem is that the perimeter has moved,” says Henry, who was assistant director of the FBI Cyber Division before joining CrowdStrike. “Historically, organizations had a well-defined corporate network that was easier to defend. But with widespread use of mobile devices, that perimeter is continuously expanding and causing organizations to lose visibility of where their network ends and begins.”
The expanding perimeter is a good thing from an effectiveness and efficiency perspective, enabling the workforce to increase productivity. However, organizations need to address the added risk that it causes. “If you can’t look at the devices and constantly watch them, you are missing attackers who are trying to access the network,” Henry says. “Organizations will often deploy a firewall and hope that it blocks threats, but if they never monitor it proactively, they don’t know.”
Another challenge is that attackers are becoming more sophisticated. Threats can include organized crime groups looking to steal data for financial gain, foreign intelligence service hackers stealing intellectual property, and even terrorist organizations that want to take the infrastructure down. “It’s not only about data breaches,” Henry says. “Someone can use a digital attack to physically destroy the hardware infrastructure that you use to run your network.”
Moving to Cloud-Based Security Defenses
CrowdStrike is taking a cloud-based approach to these challenges. “What organizations are doing now is they’re moving to cloud-based defenses, connecting their network to capabilities that provide full visibility into what’s happening in their environment,” Henry says. “The cloud makes it possible to deploy and scale those capabilities very quickly.”
According to CRN, “as more companies make the move to adopt the cloud, the importance of cloud security vendors and their offerings is at an all-time high.” Effective cloud security offerings don’t just look for “known bads” (threats people have previously experienced). “Organized groups are constantly changing their tactics, their malware, and the ways they communicate from a network that they’ve breached,” Henry says. “What we see them doing today we’ve often never seen before.”
Detecting Attacks Before They Do Damage
The key is to look for telltale signs of an attack. “Even with previously unknown threats, there are indicators that let you know if somebody is engaged in activities such as performing reconnaissance, executing malicious code, or setting up command-and-control channels to maliciously communicate with your network,” Henry says. “These indicators allow you to be much more responsive and mitigate attacks before they can have a significant impact.”
Henry sees good intelligence as essential for spotting threat indicators. “At the FBI, we became an intelligence-led organization where we were constantly looking for those who were going to take actions,” Henry says. “That same philosophy applies to network security. By learning about your adversaries and their methods, you can do a better job looking for indicators of those attacks in your environment. Also, sharing intelligence with other organizations in your industry gives you greater capability against an adversary because your vision is much clearer.”
Recognizing the Importance of Leadership
Based on his many years of experience, Henry has found that network security basically comes down to leadership. “Companies have to be proactive, hunting on their network, looking constantly, not just waiting for something to happen,” Henry says. “That takes leadership, being willing and able to adopt new technologies that allow the visibility organizations need today. I talk to CEOs and CIOs about defining what’s important for the organization and leading from the front. If the leadership recognizes security as important, all the employees will. The right attitude will permeate throughout the organization.”
In this video, Henry discusses how sharing threat intelligence can help ensure our collective safety.