Photo: Ashar Aziz.
Ashar Aziz founded FireEye in 2004 and leads both the technical and business strategies of FireEye as CTO and CEO. Since founding FireEye, he has directly run all major departments, including Engineering, Marketing, Product Management, Sales and Finance. He is also the original inventor of the core set of technologies behind FireEye's ground breaking Malware Protection Systems. This work has led to the filing of over 18 patents on various aspects of FireEye's technologies.
Ashar has received over 20 patents in the areas of networking, cryptography, network security and data centre virtualisation for work done prior to FireEye. We speak with Ashar about the state of cybercrime and what organisations can expect on the security front.
Q: Most large organisations already have some form of protection from malware and security threats that are capable of identifying, capturing and destroying known threats. Isn't this enough to ensure peace of mind?
Ashar: In the last 10 years, malicious software (malware) has become increasingly sophisticated both in terms of how it is used and what it can do. Industry analysts estimate that on any given day, about 5 to 10 percent of all PCs are infected with next-generation, remotely controlled malware (according to Ars Technica) which translate to anywhere between 50 to 100 million compromised PCs worldwide.
In FireEye's own intelligence analysis and research on next-generation malware infection trends, we find that the median infection rate is about 450 incidents per week per gigabyte of data traffic. Despite the US$20 billion invested every year in IT security, today's traditional defences are not working against today's malware. Next-generation threats are here and they are extremely effective at evading traditional security mechanisms, whether by Web drive-by downloads or email spear phishing.
Since 2009 when Google announced the Aurora attacks, there has been an escalation of advanced malware attacks, creating many public headlines as a result. The victims of these attacks are very high profile enterprises which included victims such as several nation-states, Google, RSA, and Symantec — just to name a few.
Whether it is a nation-state sponsored attack or cyber criminal organisation, today's so called Advanced Persistent Threats (APTs) are malware variants that are custom developed and highly targeted. As a result, these attacks are bypassing traditional defences.
Q: One of your solutions' key features is the ability to remove "unknown" threats. How is this possible? Isn't catching some unknown entity a fallacy?
FireEye was specifically designed to pick out exactly needle-in-the-haystack attacks that look at very stealthy and evasive zero-day attacks that are unknown and typically take advantage of unidentified software vulnerabilities, be it a web browser, some kind of document readers or even the operating system itself.
How it works is that we leverage our virtual machine analysis that is able to replicate the victim environment and take what we consider to be suspicious traffic of the network and analyse it in these virtual machines, which are kind of like Petri dishes for attack analyses.
If we see the attack manifest itself in these virtual environments, we know we have confirmation of an attack. By using this layer of technology and by sharing in real time through a global malware protection cloud all this dynamically generated information about malware and its forensic deconstruction, we are able to create a very strong defensive layer against these APT (advanced persistent threat) attacks, which have the attributes of being zero-day, unknown, stealthy and evasive.
Sign up for Computerworld eNewsletters.