article by Michael Mimoso
TENERIFE, Spain – Intelligence services may be the security industry’s boogeyman right now, but for a long time, IT security has done a good job of following the government’s lead when it comes to developing new approaches and strategies.
At the Kaspersky Lab Security Analyst Summit, Inbar Raz of PerimeterX illustrated how security has been in lockstep with the way intelligence agencies do business.
Starting with perimeter defenses and eventually landing at on-premises protection, security products and services have mimicked government’s deployment of border controls and internal security services with firewalls and endpoint protection respectively.
The next step is understanding what hackers are doing and learning about adversaries and their tactics in order to proactively close the doors on threats; in other words, counterintelligence.
“We need not to just run after the enemy but engage them,” Raz said “Start the fight before it reaches our door. It needs to be legal, but don’t wait for the enemy to come to you.”
Counterintelligence is an age-old practice. The colorful Raz had many examples to share, including the story of Munir Redfa, an Iraqi pilot who in 1966 defected and flew a Russian MiG-21 fighter jet to Israel, or the tales of Aldrich Ames and Kim Philby, heads of counterintelligence for the CIA and the U.K.’s MI5 respectively, both of whom were convicted of spying for the Soviet Union.
Raz compared these events to what can be gleaned from studying today’s crimeware-as-a-service models on the deep web.
“This merchandise is sold online and you don’t know who’s buying it,” Raz said. “Many companies race to provide defense; they buy malware and rootkits and analyze how it works in order to defend customers.”
From the other side, there was Duqu 2.0, an operation allegedly carried out against Kaspersky Lab by Western spies.
“Their biggest threat was Kaspersky, so they sent malware to Kaspersky to figure out what they know and plan against what’s coming up next. Imagine the nerve to do that,” Raz said.
Current and future challenges also mirror each other. War and enemies have a different look with terror organizations such as Al Qaeda and ISIS shaped as ideological concepts rather than assuming the role of nation-state based attackers. Raz said groups such as Anonymous pose similar challenges to security professionals.
“Anonymous is not a particular group of people. At any moment, you could choose to join them, or quit,” Raz said. No one knows who they are, what they’re doing, or how long the will be there. Where is the battleground? ISIS is all over the map: Paris; Yemen; California.
“With security, data is no longer on your server, it’s everywhere and anywhere (cloud services such as Salesforce, Office 365, and others,” Raz said. “It’s time to go beyond the periphery.”