LAS VEGAS–It’s not difficult to find people here who are excited about security. There are roughly 10,000 of them in town this week. But there’s a smaller group of people who are on a different level, who are so passionate and amped up about their ideas that they can’t stop themselves from talking about them. Shawn Henry is one of those people.
An intense former top FBI official, Henry is here not just to deliver speeches at Black Hat and DEF CON, but to deliver a larger message to the security professionals, CIOs and other attendees at the conferences, and the message is this: It’s time to rethink security.
“People are continuing to play perimeter defense and there’s more things people need to be doing to get visibility into the network to see what’s going on,” Henry said in an interview here Wednesday.
Henry is now the president of CrowdStrike Services, the consulting and incident-response arm of the stealth-mode startup. His team goes into organizations that have been compromised or that think they may have an attacker on their network and help find out what’s happening. In a lot of cases these days, what’s happening is compromises by advanced attackers looking to siphon off intellectual property.
This is a threat that’s been discussed for the last couple of years as a picture has emerged of the extent of state-sponsored attacks against U.S. businesses and government agencies. Henry said that not only is this kind of attack happening every day, it’s worse than most people think.
“It’s hard to explain the threat to some organizations,” he said. “Some people get it, but many don’t. The entire threat out there is kind of like an iceberg. The part that most people hear about is the part above the water line, the unclassified threats. People don’t hear about what’s below the water line, which is everything that’s happening in the classified environments. It doesn’t get a lot of attention outside of the classified environment, but I can tell you that it’s deep and broad and extensive.”
Pieces of that massive threat have been going after businesses both large and small, as well as government agencies, and a lot of that typically is laid at the feet of groups of attackers in China and a handful of other countries. But Henry said that the largest threat comes from a different place.
“The biggest threat is foreign intelligence services. There are dozens of countries that have extensive electronic information-gathering teams,” he said. “The information that they’re seeking is what makes them the biggest threat.”
In order to defeat the kind of threats that government agencies and enterprises are facing today, those organizations need to think about security in different terms. Rather than looking at a network or host and thinking about what kind of defenses it needs, security staffs should think about how an attacker would get in and what he’d be able to get if he did.
“We need to make it more difficult for the adversary to operate,” Henry said. “We need to look at things like denial and deception, putting malformed files on a host, misinformation.”
Henry said that there have been operations like this going on inside the federal government for a couple of years. Whether that approach takes hold in the enterprise remains to be seen. But Henry doesn’t think there’s a choice anymore.
“What we’re doing now isn’t working. We have to develop capabilities to change the game,” he said.