News

11:04 AM
Connect Directly
RSS
E-Mail
50%
50%

FBI Former Cybercrime Chief: Same Hunt, New Startup

Shawn Henry now heads services arm of CrowdStrike, the semi-stealth startup that plans to aggressively profile, target, and unmask sophisticated cyberattackers.

The toughest part about fighting cybercrime is actually catching the people behind the botnet, financial fraud, or cyberespionage. Just ask the former executive assistant director of the FBI's Criminal, Cyber, Response, and Services branch, Shawn Henry, who late last month retired from the bureau after 24 years, and announced Thursday that he has joined startup CrowdStrike to continue the fight from the private sector.

Henry, the newly named president of CrowdStrike's services division, said the static strategy of building a bigger wall isn't working against today's cybercriminals. CrowdStrike, which thus far has kept much of its strategy in stealth mode, is focusing on the bad actors behind targeted attacks, whether they are nation/state-sponsored hackers or financially motivated organized cybercriminals.

"If you profile the adversary and know what he's targeting, that allows you, as the owner of the data, to make strategic decisions on what to put on the network and how to store it. If you have a better understanding of them, that provides you with more granularity in your network defense and protecting your intellectual property," Henry said.

The ultimate goal is removing those bad actors. "From a law enforcement perspective, we have taken a couple hundred of those people out of play. Each was involved actively in breaching networks, and they are not doing that anymore," Henry said. "It's a multipronged approach: There needs to be defense, but for so long that's all we've been doing. There hasn't been any offense."

So what is a legitimate and legal offense by the private sector? "It's not just sitting back on your heels and trying to deflect the punches," Henry said. "It might be the way you move, it might be the sharing of intelligence with federal agencies or other companies. There are some deceptive tactics you can utilize that create challenges for the adversary. It's a whole host of things."

Henry said CrowdStrike's strategy is to help identify the bad guys and make it more expensive for them to operate. The company obviously won't cross any U.S. legal boundaries in their efforts, he said, and has no plans to hack the attackers.

CrowdStrike was co-founded by former McAfee executives George Kurtz, now president and CEO of the startup, and Dmitri Alperovitch, now CTO of CrowdStrike. Kurtz and Alperovitch first announced the company in February at the RSA Conference, where they demonstrated how advanced persistent threat (APT) attackers could use mobile devices to commit cyberespionage.

Alperovitch said he and Kurtz had become frustrated with the industry's continued approach of focusing on malware instead of the attacker--the human behind the malware. "That's like looking at a gun or bullet as opposed to the shooter," he said in an interview during RSA. "We have an adversary problem, not a malware problem. The tools and exploits all change."

Read the rest of this article on Dark Reading.

Put an end to insider theft and accidental data disclosure with network and host controls--and don't forget to keep employees on their toes. Also in the new, all-digital Stop Data Leaks issue of Dark Reading: Why security must be everyone's concern, and lessons learned from the Global Payments breach. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
4/23/2012 | 1:16:38 AM
re: FBI Former Cybercrime Chief: Same Hunt, New Startup
This is something to watch closely... I'm wondering if this may end up spawning a new business opportunity in cybervigilanteeism.

I'm also concerned as to just what this organization thinks it can do - are we looking at a group that will continually be conducting intelligence gathering and feeding that to organizations? That seems to put them in a passive strategic asset category.

However, "Henry said CrowdStrike's strategy is to help identify the bad guys and make it more expensive for them to operate." makes it sound as though the organization will be taking a more active and more tactical position in this space.

I agree that focusing on the root of the problem will be more effective in the long run, but I would really like to see how they are going to go about doing just that.

Andrew Hornback
InformationWeek Contributor
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 State of Unified Communications
2014 State of Unified Communications
If you thought consumerization killed UC, think again: 70% of our 488 respondents have or plan to put systems in place. Of those, 34% will roll UC out to 76% or more of their user base. And there’s some good news for UCaaS providers.
Video
Slideshows
Twitter Feed