hygiene, honey pots, espionage: 3 approaches to defying hackers
TRANSCRIPT
Hygiene, Honey Pots, Espionage: 3 Approaches To DefyingHackers
Dmitri Alperovitch, co-founder of the cybersecurity startup CrowdStrike, says his company isbuilding stockpiles of intelligence about potential hacking groups. Keith Bedford/Reuters/Landovhide caption
itoggle caption Keith Bedford/Reuters/Landov
Dmitri Alperovitch, co-founder of the cybersecurity startup CrowdStrike, says his company isbuilding stockpiles of intelligence about potential hacking groups.
Keith Bedford/Reuters/Landov
We're still waiting for details on how the hack against the health care company Anthem occurred.
But there's a classic approach behind many of the cyberattacks that make the news: An employee inthe company gets an email with an attachment ... opens it ... malicious software in the messageinjects itself into the corporate network ... and bam! The hackers are in -- and can remotely controlyour servers, exfiltrate documents and more.
Across the cybersecurity industry, startups are trying to figure out how to solve this problem -- andthey're developing some very different approaches.
Here, we take three companies working on the issue in different ways. To help dramatize thosedifferences, it might be helpful to compare each to a movie or show you may have seen on TV.
Take 1: Virtual Machines
First, the company Bromium.
"It's become obviously too easy for the hackers," says Rahul Kashyap, its chief security architect. "Allit takes is one user in a large organization making one single mistake, and they're in."
Malware is like an infection. To stop it from spreading, Bromium contains it. The company buildssomething called a "virtual machine" at the micro level -- that is, around anything and everythingyou might open -- an email, a new tab on your Web browser, a Word document, a PDF.
Essentially, Kashyap says, "we assume that the attackers are going to attack you no matter what youdo."
The virtual machine is a protective layer -- like putting thick latex gloves on doctors and nurses."And once you're done," Kashyap says, "we throw them away. So that in case you got infected, youdon't have to worry about it. It's automatically discarded."
Right now, Kashyap says, some of the most popular software on earth doesn't bother to contain orcontains poorly. For example, Internet Explorer, he says, is "barely a glove. I don't know -- you have
those gloves where your fingers are coming out. Those cycling gloves."
Bromium's digital hygiene approach reminds me of the hospital drama ER -- like the episode when astaph infection runs rampant through the ward, knocking out patients and staff. The culprit, it turnsout, was a janitor who didn't wash his hands.
Take 2: Honeypots
But contain as you may, says Doron Kolton, founder of TopSpin Security, the good hackers willalways break in. So when they do, you've got to trick them.
"We are setting, embedding, [a] decoy system inside the organization, and the decoy system [is]luring the attackers and the malware to get into those systems," he says.
Kolton takes advantage of the fact that once hackers are in a network, they don't know where to go.It's a maze. So you can leave some fake keys around, some breadcrumbs. Lure them into fake roomswith fake data -- and observe.
"I am seeing whether he wants to steal mywatch, or he's looking in the drawers formoney or anything else. I am looking overhis shoulder," Kolton explains.
When you do that, you not only pinpointwhere the hackers are. You also learn howthey behave -- their strategy -- and toy withit. That sounds just like Home Alone, that old1990 comedy with the boy hero who createshavoc for the robbers who try, and fail, toget into his house.
Take 3: Intelligence
But decoys are a response after someone hasalready struck. To block an attack -- evenpredict one -- you need to study who might
be after you.
"You're going out there, looking for bears, looking for pandas, who are Chinese adversaries orRussian adversaries or whomever," says Dmitri Alperovitch, co-founder of CrowdStrike. "You'rethinking like they're thinking."
CrowdStrike assumes there are a handful of organized hacker groups that can cause real damage toa Fortune 500 company, that they're backed by nation-states and that they're persistent.
"They don't say, 'Oh, we're done, we're going to pack up and go home.' They say, 'We got kicked out,but we have a mission to do.' "
The way they accomplish that mission, Alperovitch says, will vary group to group. Take HurricanePanda, a ring allegedly based in China. Unlike other hackers, Panda doesn't cripple a system bythrowing a bunch of malware at it. Its hackers get in quick and act like insiders.
"After that, they're moving around, using traditional administrative tools that a true administratorwould also use, making them very difficult to detect," Alperovitch says.
CrowdStrike says it's building stockpiles of intelligence, kind of like a superspy. Think Jason Bourneof the Bourne movie franchise, who really gets inside his enemy's head.
This year, spending on cybersecurity will hit nearly $77 billion, according to a study by the researchfirm Gartner. Silicon Valley investors, much like Hollywood producers, are trying to pick the winningstory line. It's unclear if it'll be about stopping an epidemic, catching robbers, high-end espionage --or something else.
http://www.npr.org/blogs/alltechconsidered/2015/02/16/386669799/hygiene-honeypots-espionage-3-approaches-to-defying-hackers?utm_medium=RSS&utm_campaign=technology