Cybersecurity’s new approach to attacks is contain and adapt

October 20, 2015
No items found.
min read

By Mark Albertson (examiner.com)

With the news this week that a network of state-affiliated Chinese hackers continues to pursue a strategy of targeted cyberattacks on U.S. companies and the personal email of the CIA Director was recently compromised, there is a growing realization among some security professionals that it’s become pointless to try to stop all breaches. Instead, a new strategy has emerged where malicious malware is greeted amicably at the front door, handed a warm cup of tea, and ushered politely into a locked room upstairs where it can’t do any real harm.

This new approach, known in the security world as “containment,” is being driven by the exponential increase in cyber threats that are a direct result of the rapid rise in mobile devices within the workplace. The proliferation of smartphones and tablets has increased the likelihood of a breach far beyond the ability of software tools and firewalls to protect against it. As a security director at a high-profile Silicon Valley company stated for this column, “I used to only have to worry about protecting one or two entrances into my firm’s centralized network. Now, I have literally thousands of devices that need security and normal tools just don’t work anymore.”

One Silicon Valley executive who believes strongly in using containment is Dr. Steve Herrod. The former chief technical officer of VMware and now general partner with the investment firm General Catalyst, spoke at length for this column about the need for a new cybersecurity approach.

“Our thirty year history of solving security problems has not worked,” said Herrod.

Herrod’s firm has invested in two companies that he believes have the potential to be game changers in the security world. Menlo Security, a company that emerged from stealth mode in June of this year, has attacked the hacking problem with a solution that isolates all incoming Web content in the cloud (away from a user’s internal network), scrubs away the malware, and then delivers a “safe” mirror image to the user.

According to Herrod, Menlo Security’s process of running protection in a disposable container is transparent to the user and they simply see the Web or email content they wish to access as rapidly as before. The malware that’s been isolated in a container can’t persist and is quickly discarded.

“They’ve proved they can detect any attack coming through Web or email,” said Herrod.

A slightly different approach to this problem can be found at another startup called Illumio. This company has attracted significantly more funding than Menlo Security and is another firm where Herrod’s General Catalyst has invested. John Thompson, former CEO of virus-protection powerhouse Symantec, is on Illumio’s board, and other investors include Marc Benioff (CEO of Salesforce) and Aaron Levie (CEO of Box).

Recently valued at more than $1 billion, Illumio has designed technology to protect applications inside a data center where most of the really bad things (like the hacking of Sony) can happen. They accomplish this by placing a small amount of security code on every computer and operating system that then closely monitors all of the activity inside the apps.

Because apps within a data center move around, a key component of Illumio’s approach is that the security contained in the embedded code follows each app whether it is inside a data center or outside in a cloud service. According to Herrod, Morgan Stanley has become one of Illumio’s first big public customers.

Illumio and Menlo Security represent a new wave of security technology approaches that is changing the mindset of threat defense from “protect the network” to “protect the workload.” Inherent in this new reality is that ultimately every network is going to get attacked and hacked, but now the threats are carefully isolated so that the work of the enterprise can go smoothly onward.

If these two companies are indeed at the forefront of a major change within the computer security industry, then we are about to witness a brave new world where language such as “protect and repel” will now evolve to “contain and adapt.”

Originally published at www.examiner.com on October 20, 2015.