Network World recently asked blogger Alan Shimel, co-founder and managing partner of The CISO Group (see his blog here), to host a roundtable discussion with representatives from three sectors of the security community: a practitioner, an analyst and a vendor. The wide-ranging conversation touched on everything from the state of threats today to the failure of risk management, the need to share information and a massive attack suffered by the user.
SHIMEL: Hi everyone, this is Alan Shimel, co-founder and managing partner of The CISO Group, and welcome to a Network World Roundtable on Security. The topic of our roundtable is "See it, Protect it, Control it: Advanced Security Intelligence to Outsmart Attackers." We're lucky to be joined by a fantastic group of folks today: Kevin Kerr, the chief information security officer, or CISO, at Oak Ridge National Laboratory, one of the leading research labs in the world; Richard Stiennon, a former Gartner analyst and now the chief analyst at IT-Harvest; and Adam O'Donnell, Sourcefire's chief architect from the company's Cloud Division.
Kevin, you're in the front lines of this war we're waging against cybersecurity attackers, so I'm going to start with you. Have you seen a sea change recently in the kinds of attacks, the kinds of methods attackers are using?
KERR: I think so. They used to knock on your front door or come through the window or over the wall. Nowadays they're relying more on social engineering to try to get someone who's inside the fortress to let them in, whether through phishing or malware or something like that. So they're trying harder to avoid detection in the hopes that they can get one little foothold and, once they're in, then it's fun time for them.
SHIMEL: But the security industry hasn't been sitting on its hands. Adam, how has the industry responded?
O'DONNELL: The game has definitely become far more challenging, not only because attackers now have a profit motive, but because nation-states are involved and willing to break into a system at any cost. In some ways the industry's technologies have become equivalent to a seatbelt, something you absolutely have to have to help be able to protect you, but they're not going to be able to safeguard every situation you get into. In order to address the more challenging threats, both nation-state attackers or from a committed individual or group trying to get into a network, we need to start using technologies that can be modified for your specific environment, something that gives you control over the threats that your specific network is seeing and also gives you visibility into what may have come in in the recent past. [also see: "What is an 'advanced persistent threat,' anyway?"]
Sign up for Computerworld eNewsletters.