Lessons from Google attacks could help US bolster cyber defense
McAfee exec says organizations need to extend proactive security measures to the cloud
- By William Jackson
- Apr 16, 2010
The U.S. government is responding aggressively to a new generation of advanced cyber threats, such as those used in the recently discovered Aurora attacks, McAfee Chief Executive Officer Dave DeWalt said Thursday in Washington. To improve defenses, security measures must be moved into the cloud, he said.
“The effort has been stepped up,” he said, although the efforts are not always visible. There is more public-private cooperation, particularly within the defense and intelligence communities, and responses are being based more on real-time information about the dynamic threat landscape.
Hackers attack Google using Microsoft security hole
New evidence in Google attack points East
DeWalt, who was in town for a gathering of public-sector customers, said real-time intelligence gathering and response is the key to countering advanced, persistent threats of the kind used in the recently disclosed Aurora attacks against Google and 150 other organizations. DeWalt called the Aurora attacks highly coordinated and sophisticated, but sloppy in their execution.
“It was not the most perfectly executed attack and we could learn a lot from it,” he said. “And we did.”
Much of what was learned by the company in the analysis of the attacks cannot be disclosed because of confidentiality agreements with customers, but DeWalt said the attacks were alarming because they were seeking out source code and other critical information, and because the malware was in place for a long time, quietly observing and seeking high-value assets.
However, as with a criminal who leaves his fingerprints at a crime scene, the malware was not removed from compromised servers and servers that were receiving stolen data were discovered.
“That taught us a lot,” DeWalt said.
These advanced, persistent threats are part of a rising tide of malicious activity, he said. “We see a lot more than we’ve ever seen before, and it’s increasing.” McAfee received 34 million samples of malicious code in 2009 and that total is likely to be surpassed this year, he said.
The glut of malware is being driven by the growth of Internet-enabled devices and an economy that is increasingly moving online, a situation that DeWalt said creates an environment encouraging cyber crime.
He cited intelligence gathering and evaluation as the key to countering growing threats and said that security must move into the cloud to provide the real-time analysis needed to enable reputation- and behavior-based responses.
“The cloud has become the most critical component of security,” he said.
McAfee launched a cloud-based security system, called Global Threat Intelligence, in September 2008. By enabling GTI in network endpoints protected by McAfee, devices send data in the form of encrypted hashes to a global database. A cloud-based engine analyses data to detect threat patterns and responds to endpoint queries about the likelihood that traffic is malicious. GTI now receives 4 billion queries a day.
Mike Carpenter, McAfee senior vice president for public-sector and systems integrators, said the state of readiness for nations to wage offensive as well as defensive cyber war has advanced significantly in the last two years, and although the United States is not lagging in this area, it remains threatened.
“We have some of the best defensive capabilities in the world,” Carpenter said.
“But being the most technologically advanced country in the world has two edges to it,” DeWalt said. The increased dependence on technology “allows us to be more vulnerable.”
William Jackson is freelance writer and the author of the CyberEye blog.