IT Компромат - правда о HiTech

ExecutiveBiz :  What are some of the tools in a cyber warrior’s arsenal?

Steve Hawkins :  They are the tools and the techniques that it takes to assess vulnerabilities in systems.    Everything is designed for an intended purpose, but nothing is designed perfectly, and it is through those unintended functions where hackers will hack into the system.  We have quite good automated software tools for going into those basic levels of hardware-software interaction and finding vulnerabilities on a really large scale.  Part of it is training individuals to use those tools to be able to go in and find those vulnerabilities, determine if someone is exploiting them, and look for ways to basically fill up the hole that they’ve found so that no one can hack into your system.

ExecutiveBiz :  What do you think is the most overlooked aspect of cyber security?

Steve Hawkins :  I think there has been much more emphasis on protecting networks from the outside threat, and I think there needs to be more emphasis on the insider threat.  Insider threats can be malicious, but it can also be unintentional.  Once someone has penetrated from the outside and is in your network, they have become an insider.  Being able to monitor that inside activity is very important.

ExecutiveBiz :  What is the best way for businesses to protect against those insider threats?

Steve Hawkins :  We actually have some insider monitoring software that we use as a host-based software that goes on every machine or laptop and is based on a set of policies or rules.   It will monitor the activity of individuals across your organization and make sure they are adhering with the policies that you have put in place.  Let me give you an example: if you came in and denied the use of a memory stick inside your organization, you’ve got to have something on the computer that will monitor if someone attached a memory stick to it or hooked an iPod up to charge when they weren’t authorized to do so.   A little more sophisticated policy is you will allow a memory stick, but you won’t allow any proprietary information to be moved to it.  You have to have the policy set around files and file areas where proprietary information is stored and you can detect when any of that activity takes place.  The reason we are host-based on local machines is that the alternative is to do network monitoring, where you can only monitor transfers across the network.  If someone were to disconnect their computer from a network and download files to a thumb drive or if they were to do the disconnect from the network - encrypt some proprietary data, put it in a new file name, then re-connect and transfer it off-site — monitoring at the network level won’t catch these types of issues.  It is important that your monitoring is based in the host environment and it’s essential that you have a clear set of policies that really deter the activity that you want to prevent, and effectively regulate and monitor who can share what information with whom.  Only then can you address that problem - whether it is inadvertent or malicious.  You can see that activity and it will set flags and on a particular capability as a forensics platform, but then you can go examine the activity just like a DVR.  You can replay every mouse click, every movement they took so you can see exactly what was going on.  You can really see the intent.  Was it malicious or was it just an accident?

ExecutiveBiz :  What would you say your ratio of government to commercial clients is for this particular service?

Steve Hawkins :  it is 80% government and I can tell you that we are the selected solution for the focused observation by DISA for all of DoD.  I can’t mention them by name, but we also support a number of  Fortune 1000 companies.  Let me give you examples of what the commercial sector use our services to accomplish.  They are interested in issues like are there buyers in cahoots with their suppliers, or is someone sending their critical pricing information out to a competitor, or is intellectual property making its way out the door for some of these activities.  That’s the kind of applications that the commercial side is interested in.

ExecutiveBiz:  What advice can you give to other companies on how to recruit and retain the best talent in cyber security?

Steve Hawkins:  I believe that the individuals that you want to recruit and retain really desire to have a work environment  much like the old dotcom environment.  We’re sitting here as a major defense contractor; you wouldn’t think that a defense contractor could do that.  Our approach to this is we bring these individuals in and we’ll create work cells that are very reminiscent of what you would have seen in a start-up environment: You demand excellence, but you give a little freedom of dress and hours and activities, snacks and things like that.  If you can create that kind of environment, you will attract this type of individual.