The toughest part about fighting cybercrime is actually catching the people behind the botnet, financial fraud, or cyberespionage. Just ask the former executive assistant director of the FBI's Criminal, Cyber, Response, and Services branch, Shawn Henry, who late last month retired from the bureau after 24 years, and announced Thursday that he has joined startup CrowdStrike to continue the fight from the private sector.
Henry, the newly named president of CrowdStrike's services division, said the static strategy of building a bigger wall isn't working against today's cybercriminals. CrowdStrike, which thus far has kept much of its strategy in stealth mode, is focusing on the bad actors behind targeted attacks, whether they are nation/state-sponsored hackers or financially motivated organized cybercriminals.
"If you profile the adversary and know what he's targeting, that allows you, as the owner of the data, to make strategic decisions on what to put on the network and how to store it. If you have a better understanding of them, that provides you with more granularity in your network defense and protecting your intellectual property," Henry said.
The ultimate goal is removing those bad actors. "From a law enforcement perspective, we have taken a couple hundred of those people out of play. Each was involved actively in breaching networks, and they are not doing that anymore," Henry said. "It's a multipronged approach: There needs to be defense, but for so long that's all we've been doing. There hasn't been any offense."
So what is a legitimate and legal offense by the private sector? "It's not just sitting back on your heels and trying to deflect the punches," Henry said. "It might be the way you move, it might be the sharing of intelligence with federal agencies or other companies. There are some deceptive tactics you can utilize that create challenges for the adversary. It's a whole host of things."
Henry said CrowdStrike's strategy is to help identify the bad guys and make it more expensive for them to operate. The company obviously won't cross any U.S. legal boundaries in their efforts, he said, and has no plans to hack the attackers.
CrowdStrike was co-founded by former McAfee executives George Kurtz, now president and CEO of the startup, and Dmitri Alperovitch, now CTO of CrowdStrike. Kurtz and Alperovitch first announced the company in February at the RSA Conference, where they demonstrated how advanced persistent threat (APT) attackers could use mobile devices to commit cyberespionage.
Alperovitch said he and Kurtz had become frustrated with the industry's continued approach of focusing on malware instead of the attacker--the human behind the malware. "That's like looking at a gun or bullet as opposed to the shooter," he said in an interview during RSA. "We have an adversary problem, not a malware problem. The tools and exploits all change."
Put an end to insider theft and accidental data disclosure with network and host controls--and don't forget to keep employees on their toes. Also in the new, all-digital Stop Data Leaks issue of Dark Reading: Why security must be everyone's concern, and lessons learned from the Global Payments breach. (Free registration required.)