Black Hat: New Security Paradigm

Wednesday, July 25, 2012 @ 04:07 PM gHale


By Gregory Hale
It is inevitable, attacks are happening and they are going to get more powerful and persistent, so to fend of attacks and to go on the offensive against attackers, security models need to change.

“We need a paradigm shift,” said Shawn Henry, retired executive assistant for the FBI and is president of start-up company CrowdStrike Services, during his keynote address Wednesday at Black Hat USA 2012 in Las Vegas. “The old information metric cannot stop (attackers) from getting on the network. We need to understand who the adversary is, this way we can be proactive.”

RELATED STORIES
ICS-CERT: Attacks on Rise
Cyber Secure Device Certification
Robustness Testing: Saves Lives, Money
Siemens CERT Gains Achilles Status

Henry said the days of perimeter defense are gone. Yes, we need to continue using them, but security professionals need to go on the offensive and find out who is attacking and then fight back.

“We have been focused on perimeter defense for a long time. Defense in depth is very important, but the adversary is jumping over the fence; going through the firewall,” Henry said.

Security professionals should change their approach because attackers are sure changing theirs, Henry said.

“Cyber terrorism is a threat and we should be concerned about the threats against industrial control systems because they are real,” he said. “The adversary understands where to attack: Take their water away; take away their electricity.”

Henry said the biggest threat he sees today is computer network exploitation.

“I believe it is the most significant threat we face today. The DNA of your company is available to the bad guys.”

The catch is, Henry said, there are still leaders of companies with their heads buried in the sand.

“I still hear from CEOs saying why would we be attacked? They just don’t understand. The threats are much deeper and the pool of adversaries is constantly expanding. They are overcoming the defenses placed against them.”

Attacks continue to occur, but companies continue to keep them quiet – at least publicly. Henry said there is a great disparity between the classified cases of attacks and the unclassified ones.

“The unclassified environment is like the tip of the iceberg,” Henry said. In all his years in the FBI, Henry said he saw more versions of attacks that ended up classified.

Security is getting better, but professionals cannot stand still. There needs to be a new way to attack the problem and it has to happen soon.

“You have to be more strategic,” Henry said. “The more granular the information, the better you can protect.”

“The stakes are high.”



Leave a Reply

You must be logged in to post a comment.