Cisco Systems Chief Security Officer John Stewart worries most about stealthy, targeted attacks--Forget those mass-mailer Trojan horses.
Some years ago Stewart was putting out large-scale fires, responding to the latest outbreak of a computer worm or virus. With advances in security systems and changing threats, the job has morphed. These days, Stewart and his team are precision fighters, working to prevent stealthy attacks that are after corporate secrets.
Stewart heads up Cisco's global IT security team, among other security-related groups. With his staff, he secures a network used by about 50,000 people, with more than 60,000 PCs and countless other network-connected devices including 50,000 voice over Internet Protocol, or VoIP, phones.
But the single biggest threat to companies, according to Stewart, is unstructured data. He sat down with CNET News.com recently to explain what keeps him up at night and what solutions to data leaks might be.
Q: What is making you want to take a vacation?
Stewart: The world has wrapped around its head (the idea) that just because there is no news, life is good. In fact, it's ironic because in a sense it was good that threats used to be a mainstream topic. It brought attention and reminded everybody that it is a considerable issue. But now, botnets are off the charts, and low and slow is the attacker's approach. Not trying to generate massive amounts of spam, massive amounts of control chain that would be signaled, means that you've got a whole new layer of aggression.
I would worry about all the other third-party software that's bundled when you buy a computer. PDF flaws, the instant-messaging worms. This is an order of magnitude more complex than dealing with operating system flaws.
You're talking about targeted attacks that go below the radar?
Stewart: Targeted or untargeted, but below the radars. One is just obvious, clearly aimed at one organization. The other one is just as deadly. It is the very slow, quiet one, where the infection vector probably still is traditional, but not causing a computer to display any ill characteristics immediately. It'll go quiescent for a given period of time, it will just quietly send information out, as opposed to spiking the CPU, ripping the hard drive as fast as possible and propagating as fast as possible. That's because the intent is not to be found, the intent is to get the information, but avoid detection. Frankly, the sophistication is getting significant.
That's what the pundits say. Consumers are hit by botnets, but businesses are targeted by attacks aimed at stealing trade secrets. Is that true? Are bots not a problem at Cisco?
Stewart: We've got the same problem consumers have, but we've got signaling mechanisms that can pick up control channels faster than any consumer network can. We've also got a network that will protect us, versus the free and open Internet. Corporations have a dedicated team. We've got IT professionals.
So essentially you can deal with botnets because you're better prepared.
Stewart: Absolutely.
So, you don't have a botnet problem inside Cisco?
Stewart: That's a leap I don't want to take. It is a manageable one. If a bot picks up, typically we will see it. It doesn't mean we will never get a bot, it just means that we will pick it up fast and we will shut it off. That's different in the consumer space.
If the botnets are under control, what things are worrying you? These targeted attacks? How do you deal with those, or do you find out when it's too late?
Stewart: At the moment, I'd say that there aren't enough ways to see this type of attack. The security industry has mostly given us a number of abilities to pinpoint problems, but not a correlation between them all. If you can get collaboration between disparate types of systems, then you will see the problems faster.
What also doesn't let me sleep very well is changing targets. Operating system vendors have always been the target. They are getting better and, as a result, the attackers are going after the application space. Applications are where the data is, where it's being stored, where it's being downloaded, where it's unstructured.
Are you worried about all these zero-day flaws in Office applications?
Stewart: I worry about that. I would worry about all the other third-party software that's bundled when you buy a computer. PDF flaws, the instant-messaging worms. This is an order of magnitude more complex than dealing with operating system flaws. There is also an infrastructure side of this problem, all the Web developers that have thrown application after application on the Web storing your data.
Operating System Applications as well as other types of Applications are all written by people.
Hackers who want to turn a profit will do so the easiest way possible. As for what the easiest way is... depends on the security and settings used by those whom they're hacking into.
If the hackers find one way more profitable than another... they'll switch to the more profitable method.
Bottom Line: Don't allow them to access/mimic/hack anything that they can make a profit on. And fine them way over and above what ever profits they could have made otherwise such that it's not profitable any more.
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
After a higher-than-expected fourth quarter, the video subscription service unburdens itself of a pending yearlong class action suit and settles for $9 million.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Hackers who want to turn a profit will do so the easiest way possible. As for what the easiest way is... depends on the security and settings used by those whom they're hacking into.
If the hackers find one way more profitable than another... they'll switch to the more profitable method.
Bottom Line: Don't allow them to access/mimic/hack anything that they can make a profit on. And fine them way over and above what ever profits they could have made otherwise such that it's not profitable any more.
FWIW