Editor’s Interview – A Quick Q&A with Chris Cubbage, executive editor of Australian Security Magazine, and Derek Manky, global security strategist at Fortinet.
Fortinet’s Derek Manky recently presented in Australia and discussed the threat of things to come, and how next generation threat intelligence solutions will play a significant role against those threats.
“As the cyber universe expands with time, new threats are always lurking on the outskirts that present significant danger,” said Manky, the global security strategist at Fortinet. “Over 25 billion devices are expected to roam cyberspace by the year 2020, while bandwidth and traffic flow will burst.”
Along with his day job at Fortinet, Manky is involved with several threat response and intelligence initiatives, including FIRST (first.org) and is on the board of the Cyber Threat Alliance (CTA) where he works to shape the future of actionable threat intelligence. Derek also co-hosts ‘Security Threat Landscape’ with Network World, a monthly video program dedicated to cyber security.
Manky described today’s cyber environment as a ”Perfect Storm.”
Australian Security Magazine (ASM): The ‘Internet of Threats’ is an interesting take on the Internet of Things - with over 25 billion devices expected to be internet connected by 2020, is five years enough time to close the vulnerability gap between today's best secure systems and the remaining insecure systems. Otherwise are we not creating a ‘Threat of Things’?
Manky: “Referring to this as a ‘perfect storm’, moving to billions of connected devices is a problem with the creation of that many attack targets. The second problem is that the targets are easy targets, actually like ‘shooting fish in a barrel’.
We’ve worked with Microsoft and others to work on the security of hard drives, NAS devices, IP Security Cameras, routers and found that there are no or few product security teams in place and these devices create a lot of low hanging fruit to access networks.
The third problem is that the attack life cycle is expanding and there remains instructions on how to compromise known vulnerabilities. At Fortinet there are some 18,000 vulnerabilities that we protect against. With the amount of vendors making IoT devices, we expect this number to double in the next two years.
We’re still finding zero day vulnerabilities in major vendor products coming out even with resources applied to security considerations. The number one cause is the web interface, SQL injection and cross scripting.
Is it solvable? Nothing is 100 per cent, but two things from the vendor standpoint; as we’re creating an agnostic network with intrusion protection systems we still need to research and finding the vulnerabilities first. The second aspect is we’re seeing legislation, like that in California for credit cards being breached, where they are putting the liability on to the retailer, or when now the point of compromise is likely to be, in order to influence appropriate security practices.”
ASM: As the cost of computing falls to coincide with the increase in processing power and storage available, is this creating the environment and need for 'next gen' threat intelligence?
Manky: “Right now we monitor about 55 million end points, we’re seeing over 400,000 attacks a minute and this is predominantly PC based attacks. This is malicious activity and we monitor a lot more beyond that.
Implementing threat intelligence and algorithms will see a fall in cost but equals more devices–processors, memory and internet connection–attacks with DDOS, malicious code, lost data–that is directly going to translate into a lot more devices that could be used as an attack vector and so requires a lot more information to process.
At AusCERT we delivered a workshop to Queensland police and showed them how they can collaborate with the private security to get evidence and build criminal cases against the range of attackers–a lot of police efforts are moving towards the disruption model–taking ‘them’ out and stopping them from being disruptive–because as cyber gangs, like those in Russia, Australian police can’t just go and arrest them.
But the message is being received by attackers and they’ve started writing malware to avoid Law Enforcement Agency (LEA) detection and code that is over writing evidence and destroying data.”
ASM: …and so the ‘perfect storm’ continues…
This Q&A was conducted by Chris Cubbage, Executive Editor of Australian Security Magazine