Do businesses have the right target or asset in sight, and do they even know what to protect? Infosecurity talked to Tripwire President Gus Malezis for some answers.
What are the biggest, most dangerous threat vectors?
Gus: The threat vector that we’re seeing are the same ones that you’re seeing frankly all over the newsprint, and I think we’ll continue to see that escalation. We continue to see the escalation of both volume and intensity; volume, we’re seeing more and more of these things.
We would have thought they would have abated by now, or the world would have done a better job security their infrastructure, and I think there is a better job being done, but it does not seem to be dissuading the bad guys very much. The bad guys are more successful at what they’re doing, versus the good guys, frankly, so that’s one thing that is probably not a big surprise to anybody.
Should we focus on the target, or the asset?
Gus - We’ve got to turn and focus back on the asset, or the assets that are most valuable to us, and watch the targets that people are going after. So that to me is a massive shift in focus by the customer, not so much by the industry and not so much by the vendors, but more about enterprise customers, and particularly those that have the skills and the wherewithal to say that they have got to start watching the patient, and has to start watching the target in our house.
That is the biggest threat, or the biggest change that I see over the past say 12 to 24 months.
Are there some cultural things people can do to protect themselves better?
Gus: Maybe the consumer has to come into this conversation at some point, because they need to demand something better from their providers. I think it is about assessing the value of those assets, and whether they can afford to be without them. What’s the cost to their business, if something is (a) not available, (b) disrupted, and (c) what is the impact to their brand? What’s the impact to TalkTalk or Carphone Warehouse, or Target. I mean, in the US, everybody has a project that’s called, Don’t Be Target!
Pardon the pun, but you talk to the large retailers, like Home Depot, like Costco, and they’ll say, we have a project. You know the name now, and they realise the impact, the negative impact to their business, and after it’s happened to somebody else, then they tend to respond, up until that that executives believe that it’s not an issue that’s worth significant focus, or a change in operational attitude or investment. Then they get the lawsuits.
What genres of technology do you think are needed to combat today’s threats?
Gus: Well, I’ll go back to what our customers are telling us, and they have a reason for calling us, and the reason is to say that we’ve invested in network technologies, that’s enough for now. Now we need eyes on the assets, and that’s the major shift that we see, that the leading practitioners, that the best thinkers and scientists, information security scientists, are focusing on.
I’ve got enough eyes on the wire, now I need eyes on the target. I need to be watching my targets, prioritise which one are key, and watch them, and then I ask the question, well what is it you’re watching? They look at me, and they smile, and they say, we’re watching for change, because change is a precursor to something that could be bad.
So how do you separate good change from bad change?
Gus: Well, there are things that we are use, there are policies. So they watched the target, they say they’re not watching the wire, that’s not helping any more, so we’re going to move investment out to watching the asset. It’s clear the anti-virus is not going to cut it, they tell me, or even the personal firewall is not cutting it, because all that stuff blasts right through, so now we’ve got to watch the asset and watch for change, and that change is something that Tripwire happens to be very good at.
So that’s really where the market is now going, and that’s where I will say the smart money is investing in.
What should businesses be doing?
Gus: You watch the wire, keep doing that, now watch the target, know when something is changing, understand what it is, do something about it, and then integrate your data. That way you can have higher-level business messages that you can communicate to your executives.
We still see a lot of executives that are unclear, they’re very uncertain of what they should do about their security, information technology security, and IOT security, and there is no clear message in the market. For the most part, it’s a thoroughly confusing foggy space as an executive, so that’s the challenge that we see.