On Tuesday, I had the honor of speaking about “Bringing the fight back to your security team,” at Structure Security 2017. My panel was comprised of former U.S. Government cybersecurity leaders who are now in the private sector, helping defend enterprises against attacks. Acknowledging that we’re flooded with breaches – with a record-breaking 4 billion personal records stolen by hackers in 2016 – we discussed strategies to turn the tide.
My session was moderated by Jesse Goldhammer, associate dean at UC Berkeley’s School of Information, and senior advisor to the highly regarded Center for Long-Term Cybersecurity (CLTC). One topic I’ve been vocal about is the need to expand training and education opportunities in our field. Dr. Goldhammer opened the session by describing his work in creating a new online master’s degree in information and cybersecurity. I’ve been fortunate to see the development of this program from its infancy, as co-chair of the CLTC advisory board, and I think it’s the most exciting new educational program in our field. I’m looking forward to seeing its graduates succeed.
My fellow panelists were FBI cybersecurity veterans Jason Truppi, who is director of endpoint detection and response for Tanium, and Colin Estep, who is chief security officer for Sift Security. Truppi, who was a supervisor for the FBI Cyber Division where he was responsible for major data breaches, hacktivism and cyber extortion cases, discussed the importance of reducing the time between intrusion and when the company finds out. When companies can hire internal analysts and use better tools from security vendors, he said, organizations can switch out of defensive mode and bring the fight back with hand-to-hand combat. Estep, who was a special agent for the FBI, discussed his background investigating cybercrime and responding to organizations victimized by attack. He also talked about the importance of giving companies better tools for incident response and threat hunting.
I was asked to share a lesson learned from my days as Senior Director for Cybersecurity at the White House in the Obama administration. After the infamous Nasdaq hack of 2010, I was part of the team trying to figure out exactly what happened. We’d meet periodically in the Situation Room, debate data and analysis from a wide range of departments and agencies, and relay the implications to the president. As the highly charged investigation continued, we’d learn sobering new details, answer some questions and open new ones, and end up changing our assessment time and again. For too long, we lacked a clear understanding of what important assets were in the Nasdaq system, what those assets were used for, which were vulnerable, and which were breached. This lesson has stuck with me for years, and now I’m focused on building technology to help enterprises get it right.
One point I brought up was that visibility is step one to better security. Large organizations – typically those targeted in sophisticated attacks – often discover assets and infrastructure that they didn’t know about. These become easy targets for attackers. I gave an example from a recent StackRox deployment to a large financial institution, where the customer was shocked to see our software immediately identify many Docker containers that they didn’t even know were there. I also stressed the importance of actively hunting for threats. It is critical to hire people with a hunting mindset — a zeal for uncovering hidden problems — and give them the best tools for early detection and remediation.