Hi folks, Ed Amoroso again, we're back for part two of my discussion with my friend Roger Thornton, the CTO of AlienVault. So Roger, let me ask you about the cyber threat. So what are the things that people running businesses, or governments, or countries should be fearful of now in terms of assets and infrastructure that sit on the Internet, that use software? What are the threats that you see kind of brewing that are of concern? >> Big question, right? And a lot of attention to this on just about every facet of TV journalism. I think the first thing we could probably do here is group these into some various pockets, and the one that we will dive down on is the one, as a practitioner trying to protect a business, you should be concerned about. So broadly speaking, and I gotta say, you definitely understand this topic [LAUGH] better than I. So here's my attempt [LAUGH] to make sure I get it right, okay. Broadly speaking, as a corporate entity, you've gotta consider a range of threats from insiders, employees that have some malicious intent. Somewhat amateur external groups that are involved in crime, professional external groups that are involved in crime. And then depending on the company you're in and what you do for a living, you may very well have to deal with the nation-states trying to break. >> Yeah, military attacks basically, right? >> Maybe even from your own country that's eavesdropping on your customers. >> Could be, yeah, true. >> And you don't want that to happen. The one thing that has to be said, especially since a lot of these are college students, as an individual, your privacy is something you should be concerned about. And if you're young, in school, protecting your privacy from your peers, protecting what you want to keep secret from your parents or your loved ones, your employer, is really hard to do if you're going to be laying it all out there on computers. So if you use social network and all that stuff, you want to think about probability that this stuff is going to be seen by everybody, now is at about 100%. Gotta throw that out there when you're talking to younger people. And then for governments, I mean, you have that same threats that companies do. Except the the degree to which the countries are antagonizing each other using computer security, it's at an epic level. Maybe it was like that in the past we didn't have visibility, but it's profound. So if you're a company and you're trying to protect yourself against those threats, first thing you gotta do is consider each of the various threats, both from motivation and capabilities point of view. And let me give you a good example. [COUGH] Most of your employees are not terribly motivated to harm the company they work for. But a few of them might be, and they might be terribly motivated. They might be people that you had to let go for a layoff or with someone who you hired who wasn't a good person who would seek retribution. So a small percentage of people who have enormous motivation. Maybe not the greatest capabilities from a computer hacking point of view, but access. The threats that I think are some of the easiest to deal with are the criminal threats, in that they're really just trying to make money. So their motivations are fairly rational. They don't want to get caught and go to jail. And you can predict their behavior. The threats I think that are the most troubling for a business are groups that are attacking your business out of some kind of zealous, desire to change to the world. >> Philosophical. >> Philosophical, harder to predict what they're going to do, harder to know that they're there. And just about any company that operates today is going to have somebody that doesn't like them. And so, if you're going to defend yourself, one of the best exercises is to start off with is doing a real careful assessment of the kind of company you are, where those threats may reside and what their opportunity may consist of. When you do that, you've got a general blueprint of how you're going to manage things. But the next thing that you need, and it's partly what I do in my day job, is you need to know, maybe it's a little bit like someone who trades stock. You need to know what's going on in the market today. What are the active campaigns? What are the malware toolkits that people are utilizing? What are the things that people in my sector are seeing? What have I seen in the last week? What things are kind of going out on the horizon? And this unfortunately is a fairly complicated and expensive endeavor. Very, very large companies will invest in teams that can do this. If you're in a section of the economy that's deemed critical infrastructure, you may very well get some help from the federal government in understanding the threats down at the tactical level. But for most companies around the world, you're going to have to figure how to do it yourself. And so that's what I'm dedicated to right now, is trying to figure out a way that you can make that day in and day out threat information available, ideally for free, if not, through products that are reasonably priced. I think a lot of the very big companies, very capable to take care of themselves, but the average size company is really not. And so one of the things that my company runs is we call the Open Threat Exchange. The Open Threat Exchange is a free, crowdsourced system that, anybody who is running a threat detection system, we have a commercial one and we have an Open Source one. All of our open source users, and a big percentage of our commercial users, upload to the Open Thread Exchange what we call indicators of compromise. And these are any measurable thing on a computer system that goes along with a particular threat campaign or attack. And these all get uploaded into central computing environment in the cloud. Then people can log into that and collaborate with one another and say, hey, you saw this, I saw this, but here I saw these 15 other things, too. You should know about them because now I've got 16 indicators that tell me about this guy. You might upload another ten, and so on and so forth. We bundle these things together in an entity we call a pulse, and then through this system, people can publish pulses and send them out to each other. That's all entirely free. That sharing system is a way for us to allow the customer base, who everybody, once you're a victim, you have the ability to see, even if you don't have a fantastic security research organization. You're going to see some indicators, at some point after they crash through the door, and if you're generous enough and smart enough, you're going to share those with your peers. Because sharing with your peers allow your peers to now be aware of that actor. But it's smart to share with your peers because they share with you. Now a big body of you, you only need victim number one, and a bad guy's found out. And this is going back to the whole thing of cybersecurity is not an engineering problem to solve, it's a crime to be managed. >> Yeah. >> It's a never ending game. There's always going to be the next attack that's based on some new piece of software that has a vulnerability that slipped through the cracks. >> Yeah. >> And our ability to detect it once globally, and not over and over and over again, is a big shift. >> Saves time. It's so nice to see your passion and your interest in this technology and in this field, it's just very, very inspiring. So on behalf of our whole community, I want to thank you for taking some time to stop by our studio and share with us, and I hope you'll come back. >> Thanks, I really appreciate it. >> Great. >> Everybody out there, good luck with the rest of the course, and keep up the good work. >> That's great, we'll see you on the next one, thanks.
