To address Kevin's issue, we believe that the threats are somewhat unique to each network, so we want to come up with tools that allow specific network operators to address their specific threats. So we make these things configurable and adaptable and definable by each product owner, we give customers full access so they can generate their own rules and signatures because we believe that waiting on a vendor to address a specific threat inside of a network, especially one that's seen by a government entity or a private organization that does not want to share that threat, is essential to allowing our customers control threats.
SHIMEL: Richard, would it help if companies like Sourcefire, Symantec, McAfee and the others shared information about attacks so there would be a global threat response in the cloud? Is the security industry mature enough for that? [also see: "Startup envisions CISO collective to share cyberattack information"]
STIENNON: It's not nearly mature enough to share that information, and the attacks are so targeted it wouldn't be completely effective anyway. I know one defense contractor that, for every attack they shut down, tries to tie that back to indicators they either detected themselves or had pre-knowledge of from the Defense Industrial Base Information Sharing Network, which is easily the most mature. And information from that network only helped them stop about 20% of the attacks, so there's always going to be this need for internal situational awareness.
SHIMEL: OK. Let me throw a question out to all three of you. Are whales -- and I don't mean that in a derogatory way -- are whales like the Department of Defense, like an Oak Ridge National Lab, an exception to the rule that demands customized solutions, or do smaller shops need the same kinds of solutions?
O'DONNELL: I believe that the magnitude of threat is going to be a function of the value of the resources targeted. If it is all the credentials for a popular cloud provider or blueprints for the next F-35 modification or something else that has a monetary value that's hard to quantify, the attackers are going to throw everything they have into it. They are going to come up with custom exploits, they're going to use highly trained individuals and they're going to spend a good bit of time and be patient until they get that data.
That's a very different threat than something you're going to see if you are running a single server with no credit card data. Now, does that mean that you're never going to face the kind of attack that someone like Oak Ridge or a large government entity would face? Absolutely not. But it does mean that if you are an Oak Ridge or a Lockheed Martin or Nasdaq people are going to bring their A game and you need to have really well-trained people, as well as top-notch technologies they can use to respond to the threat.
Sign up for Computerworld eNewsletters.