FireEye’s Essam Ahmed talks hacktivism and how to protect your company from becoming another headline.
In the past decade the world of IT security has changed dramatically. What would you say have been the key changes within that time?
In our industry, it seems the amount of digital criminals have really evolved. Their capabilities continue to improve in tandem with the technology that is designed to protect both corporate and private data. Related article Kenya’s GDP at $60.94 billion and rising
Kenya’s economy is booming and FDI is the key
A great example being the ‘Desert Falcons’, who hacked the KSA government before moving onto the financial institutions. How do you begin combating this type of organised activity?
We’ve started to see a lot of new organisations such as Desert Falcons, especially with the political unrest in the region. Entities such as the ‘Syrian Electronic Army’, are just one example of an organisation with a political agenda that can cause serious disruption. Hacktivism is one of the major drivers in order to deliver both political views and in other cases, financial gain.
In the majority of cases these organisations will use something we’ve abbreviated to TTP’s, or Tools, Tactics and Procedures, which are effectively used as their own fingerprint. In response to these types of threats, FireEye has been focusing on developing its technology, while gathering intelligence for these APT (Advanced Persistent Threat) groups, with the end goal of being able to detect the compromise on a system.
In what format do you help to protect your clients, i.e is it more of a software or a hardware solution?
It’s probably important to point out that there’s no such thing as full protection; attacks are inevitable. Every year we have a couple of serious breaches which we respond to. Our job is to focus on the response time, and we’re trying to respond as quickly as possible. In the latest reports, we’ve found that it will typically take 205 days to understand there is an active threat on a particular system, with the longest period of time taking up to eight years, and you can imagine the type of unwanted exposure a client can get over that period of time. Our aim is to reduce the response time down to as little as possible, at the moment we believe it is feasible to reduce detection in as little as 10 minutes. By using a combination of intelligence, technology and expertise; we are able to offer the highest level of response to any security breach. By passing on our services to our clients, we can directly help to manage any breaches, and if there are any criminals within the organisation, we can isolate those individuals quickly and contain the threat.
Do you work with law enforcement in terms of bringing various hacktivists to justice?
We have a forensic investigation unit in our organisation. We have ten resources only focusing on the forensic part, so we can ensure that full due diligence and all the law enforcement standards are met, for example by making sure that the information hasn’t been tampered with. There is a way of storing the data that ensures it meets the highest standards of law enforcement ensuring our analysis can be used as evidence in a court of law.
One of the biggest issues in the west has been identity theft. Do you consider it a problem in the Middle East?
Those types of attacks tend to be very specific and targeted. Identity theft is probably a greater problem in the west. I’m not seeing a lot of it in the Middle East. Maybe the UAE has a more comprehensive strategy to combat identity theft, but wherever you find weaknesses in the financial structure, you’ll find criminals trying to get their hands on easy money.
Do you use your own proprietary technology in terms of software?
Absolutely. Over the past ten years, we’ve been fine tuning our software to specifically combat all types of threats. Our technology is called MVX (Multi-Vector Execution), which is based on a virtual machine but its a purpose built appliance which enables us to analyse a range of traffic from different vectors including email, web traffic or even file based traffic, inclusive of the ability to contain any issues and respond in the shortest time possible.
The CIO conferences are based in a wide range of cities which each have a variety of demands in terms of their tech sector. Are there any particular markets you’re interested in focusing on and do you offer a wide range of solutions for the less sophisticated markets?
The point is, every organisation in the world, whether big or small requires the same technology to combat these globally accessible threats. You can see organisations, for example, companies with intellectual property, and they may only be a small company, but the data they have is valuable and hence at a high risk of being targeted. FireEye is covering every portion of the market – we can help customers big or small. We protect email from spearfish attacks which can typically come into contact with as much as 78% of an organisation. There are no borders on the internet.
What advice would you offer to companies who would like to know the best way of protecting themselves against cybercrime?
The variety of threats that organisations face today is getting higher and higher. It is important to have a solution that can identify and deal with any breaches in your security either by intelligence, technology or expertise. If you have all three then you’re more likely to be able to protect your company from becoming the next headline.
Related article Kenya’s GDP at $60.94 billion and rising
Kenya’s economy is booming and FDI is the key