Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The security game changes when the bad guys are backed by foreign governments

John Dix | Aug. 14, 2012
Fidelis Security Systems has an interesting perspective on the world of security, working, as it does, with the U.S. government.

There are 65,656 ports in a firewall and we're the only company in the world that can give you visibility in and out. So again, if you're a good guy doing a not so good thing, you're going to send it to your email account and someone can see that. But if you're a malicious insider, you're going to bury it deep inside a JPEG, rename it, compress it three times, and send it out a high port that nobody's watching. Well, that's what we were really good at, and when that became the problem, all of a sudden what we did different than everyone else became really important.

So the profile of our customer base has changed dramatically. It was 90% federal agencies four and a half years ago, and this year and we'll be better than 50%/50% government and commercial, maybe even more commercial, because the threat factor has moved to the commercial enterprise. That part of our business is booming right now.

Speaking of the government, the Senate just failed to muster enough votes to pass the Cybersecurity Act of 2012 (S. 2105), which would have made operators of critical national infrastructure meet new security requirements and encourage federal agencies to share security information with private enterprises. What do you make of that?

PG: We thought the Cybersecurity Act was really important because it would bring the federal government, which has threat intelligence about the adversary, together with commercial enterprises. [The latter] were fighting the hacker down the street. Now they're fighting nations that have their own national security intelligence agencies. That's who they have to keep out of their network, and they need our country to help them. The federal government has insight into that threat vector that commercial CSOs don't have. They have been battling this adversary and protecting classified information for a long time, so they know how to do that. They have tools and really smart people that are valuable to this problem. And I find commercial CSOs are thirsty for that. They want that advice.

So we need those two groups to come together and share information. It's going on unofficially already. We'll go to Wall Street and talk about what we do and when they know our background the door will shut and they'll tell us they're sharing information with certain agencies. So there's some of that going on. But a framework for formalizing that, I think, would be really important. I think this bill was an attempt to move that agenda forward, and now we probably won't hear about it again until the other side of the election, which isn't good.

 

Previous Page  1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.