For the past three decades, I’ve had the dubious distinction of listening to literally hundreds of hackers brag about successful break-ins. I’ve heard students joke about breaking into grading systems, colleagues mention having peeked at competitor networks, and even one guy confessing to having hacked a Presidential on-line chat (please don’t’ ask – it was a long time ago). If you asked me for one unifying element in all these hacks, I would give you my answer without a micron of hesitation: In every case, when all else fails, email hacks work. The familiar cadence heard so often is that the hacker tries this and then tries that – and when enough is enough, will heave a sigh and just launch a phish, confident that this will work. And it does. The enterprise solution, of course, is to select and deploy the best available tools to protect inbound email from such attacks. It’s been my experience that the best such tools combine advanced analytic methods into an “as-a-service” offering that can flexibly detect and mitigate the most advanced threats to business communications – which, by the way, now include social network posts and related activity. As part of the research for my TAG Cyber Security Annual (available for free download at https://www.tag-cyber.com/), I spent time with one of the world’s leading experts in this area, from one of the world’s leading companies offering world-class solutions in this area: Gary Steele, CEO of Proofpoint. I asked Gary to share his perspective on email security, cyber security, and related issues in our industry. Here is what I learned:
EA: Gary, would you agree that just about every APT attack we’ve all seen across our industry over the past few years has involved email-based malware?
GS: Yes, Ed, that is unfortunately true. The challenge is that email can be originated anywhere on the planet, and with the openness of email protocols and supporting infrastructure, the objective has always been to deliver such messages to their recipient. This explains why email has become a backbone for global business communication, but also the primary mechanism for the delivery of malware. So, it should come as no surprise that, as you mention, just about every APT attack over the past few years has involved email. It’s that vulnerability that drives everything we do at Proofpoint to help restore order. And our approach is to combine the best technology for detection and mitigation with support for a comprehensive enterprise approach to reducing cyber risk across the entire range of services in use.
EA: Why do you think the industry has not been quicker to adopt the most advanced cyber security protections for email infrastructure?
GS: I think just about every business and government agency in the world has some sort of email protections in place. The problems, however, are two-fold: First, the attackers have learned to adjust to the most conventional types of security solutions, ones based primarily on signatures such as IP addresses, which are often stale. But perhaps more importantly, most organizations have not developed an integrated architecture for enterprise security with email protection solutions as an embedded component. Our approach at Proofpoint has always had this holistic view at the forefront of every product and service we offer.
EA: What is the value of advanced analytics in a cyber security platform? Do you see this as the secret sauce in detecting zero day and other advanced attacks?
GS: I guess you could say that analytics is our secret sauce, at least in terms of the internal operation of our detection and mitigation platform. It’s the underlying algorithms that differentiate one platform from another, and we’ve demonstrated good success. Keep in mind that for any platform’s cyber analytics to be accurate and correct, there needs to be a team of developers consisting of the best and brightest software, protocol, and cyber threat experts – and I’m so proud of our entire team. They’ve worked hard to develop an industry-leading platform that works well against known and zero-day exploits. But we also know that no team can ever rest, because the most effective solutions today become exactly the sidestepped protections of tomorrow. That’s the secret to staying ahead of the offense. The solutions that work today must be reinvented almost as quickly as they are deployed.
EA: How does the cloud impact cyber security solutions?
GS: The cloud is an important part of how we need to think about delivering protection, as cloud-based solutions can update and deploy faster than on-premise tools to stay ahead of the latest advanced threats. For example, recently, our solutions were deployed globally to a 360,000-user organization in just 48 hours. With the ability to quickly deploy and continuously adapt, they allow you to automate the process of detecting, blocking and responding to threats for enhanced protection as your business grows.
EA: We all know that younger people barely use email in lieu of social media. What’s been your experience with social media in the enterprise, and more importantly perhaps, with protecting social media from cyber attacks?
GS: Yes, you are correct. Personal and business communications have expanded to include more types of services than just email. And yes, younger folks do enjoy social media, although I don’t think it’s generational. I think it’s more a tendency toward innovation that we see amongst so many different sectors in modern business. Look at how experienced marketing teams have gravitated to social media, for example. We at Proofpoint have been working diligently to apply our solutions to a broader range of over-the-top, messaging, and social communications media. Our researchers detected an infected Android version of the mobile Pokémon GO. We detected that a modified SDK was outfitted to include a malicious remote access tool called Droidjack, which would give the intruder control over a victim’s phone. We don’t normally think of games like Pokémon GO as being communication media worthy of targeted attack. But that is exactly what we found.
EA: As an industry veteran, are you optimistic that enterprise teams will do a better job in the coming years protecting infrastructure? Or do you worry about cyber disasters?
GS: Well, my answer is yes to both of your questions. I do think that enterprise teams will continue to do a better job at protecting infrastructure. There is no doubt about that. We see experts every day in virtually every sector applying the most advanced solutions to tough cyber security problems. Further, ecosystems are a key point of Proofpoint’s strategy, and we are partnering with security leaders to build technical integrations bringing greater value for our customers. This past year alone, we partnered with companies such as Palo Alto Networks, Splunk, CyberArk, and Imperva to give our customers a better security posture when fighting cyber threats. This makes me very optimistic. On the other hand, I also worry about cyber disasters, simply because experience has shown that as offensive attackers develop new techniques, they have the advantage of only having to succeed once, where the defenders must protect against every possibility.