UPDATED 11:00 EDT / JUNE 28 2019

SECURITY

Nation-state attacks bring companies and government together to fix security

There’s little denying that cybersecurity is in fixer-upper condition these days. Threats are getting more sophisticated, while there aren’t enough skilled professionals to fight them. Companies keep piling on threat-detection software tools to unimpressive effect. The status quo will simply not be adequate to fend off new attacks, particularly those from nation states.

Companies must web together to form stronger defenses, according to Jamil Jaffer (pictured), vice president of strategy and partnerships at IronNet Cybersecurity Inc. The threats from nation states are overwhelming individual companies. And how would they not? Traditionally, the government — with all its resources and manpower — is expected to defend the U.S. against attacks from other nations.

“We don’t expect Target or Walmart or Amazon to have service-to-air missiles on the roof of their buildings to defend against Russian Bear bombers — we send the government to do that,” Jaffer said. “But in cyberspace, the idea is flipped on its head. We expect Amazon and every company in America, from a mom-and-pop shop all the way up to the big players, to defend themselves against script kiddies, criminal hacker gangs and nation-states.”

Jaffer spoke with John Furrier and Rebecca Knight, co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the AWS Public Sector Summit in Washington, D.C. They discussed the push for new collaborative solutions to nation-state and other cyber attacks (see the full interview with transcript here). In a separate interview, Jaffer spoke with Furrier and Dave Vellante at the AWS re:Inforce event in Boston (see the full interview with transcript here). (* Disclosure below.)

This week, theCUBE spotlights IronNet Cybersecurity in its Startup of the Week feature.

Collective defense and the hope for deterrence

Nation-state attackers have seemingly unlimited resources and manpower to leverage against targets. It’s not realistic to expect a single company to match these large, organized actors and defend itself, according to Jaffer. At the same time, the U.S. isn’t prepared to appoint the Department of Defense to start policing the internet, he added.

To address such threats, companies are on a security tool shopping spree. Seventy-five percent of respondents to Alcide.IO Ltd.’s 2018 “The State of Securing Cloud Workload” report, expect their cloud security stack to increase in the next year.

Instead of increasing the number of security tools, perhaps a more feasible solution would be to increase the number of private-sector companies collaborating for a more secure internet.

One company may have its best practices and its store of hard-won knowledge on threats. It may have developed ways to put out particular security fires it’s seen over the years. When multiple companies pool their knowledge and skills capital, the result it a more-comprehensive array of security resources, according to Jaffer. He terms this approach “collective defense.” In the case of novel threats, companies may draw on each others’ past experience with that threat type. They might prevent the threat from even seeping into their own data centers.

This, together with network traffic monitoring and its collective-defense approach, is an important piece of its surveillance and monitoring platform. It shares all the anomalies seen across multiple companies to identify threat trends and correlations among data to predict and prevent attacks. It is something like an air traffic controller screen for preemptive cyberdefense, Jaffer explained. It does require commitment from its partner companies.

“But, increasingly, they’re realizing the threat is so large, they  have no choice but to work together. And we provide that platform that allows that to happen,” he said.

With solid preventative measures in place, proper policing and deterring become possible. “A lot of people say deterrence doesn’t work in cyberspace. I don’t believe that. I think deterrence can and does work in cyberspace — we just don’t practice it,” Jaffer stated.

It’s little wonder hackers are blithely stepping over the red lines in cyberspace. “It’s because we haven’t really given them a sense of where those lines are and what we’re going to do if they cross them,” he added.

Here’s the complete AWS Public Sector Summit video interview with Jaffer:

Cloud’s stake in collective defense

Cloud infrastructure enables collective defense. It puts supercomputing power at companies’ fingertips and allows them to rapidly update in response the threats, Jaffer pointed out. Also, cloud providers are increasingly on board with the idea of security as a collective effort involving themselves and their customers.

“Whether or not you call it shared responsibility, it’s your stock price that matters if you get hit,” he said.

IronNet has all of its backend services in the Amazon Web Services Inc. AWS Cloud. At AWS re:Inforce 2019 in Boston, Massachusetts, AWS announced new capabilities for enhanced security. IronNet is an AWS partner, and the announcements blend the AWS Cloud with IronNet’s advanced defense technologies.

AWS’ new Virtual Private Cloud traffic mirroring leverages IronNet technologies, including IronDefense, for advance network behavioral detection and IronDome for collective defense. It brings these into AWS cloud and hybrid cloud environments. This gives users the ability to defend a cloud network the same way they would defend an on-prem network, Jaffer explained. He calls this announcement “game-changing.”

In the cloud, we’ve historically looked at logs. The new AWS capability allows users to integrate logs and do much more to prevent threats, patch and update simultaneously and at scale. “You can look at all the flows coming past you,” he said. “You can look at all the data, look at it in real time, and develop behavioral analytics over that.”

Private and public sector kumbaya

IronNet brings commercial and government security capabilities together for users in both realms. In fact, IronNet was founded in 2014 by General Keith Alexander (whom theCUBE also interviewed), former commander of the U.S. Cyber Command, director of the National Security Agency and chief of the Central Security Service.

“When I had Cyber Command, one of the frustrations was that we can’t see attacks on our country. And that’s the commercial sector that needs to help go fix that; the government can’t,” Alexander told theCUBE. “So, my thought was to fix the ability to see attacks on the commercial sector so we can share it with the government.”

Jaffer himself has held posts in the public sector. He served in President Bush’s Comprehensive National Cybersecurity Initiative.

The government ought to be doing more to modernize its own IT systems, according to Jaffer. It also should be asking how it can collaborate with the private sector and empower the latter to better defend itself. There are clear obstacles to this happening, however. For example, in recent years, there’s been a “tech lash” — a growing adversarial sentiment in D.C. toward Silicon Valley.

Jaffer wants to spark productive conversations between government and technology leaders. He founded the National Security Institute, a startup think tank at the Antonin Scalia Law School at George Mason University. NSI is working with the state commission on new cyberintelligence and national security legislation. It partners with the Hewlett Foundation to help technologists and policy makers gain understanding about their respective domains.

“D.C.-speak is a certain thing, and it’s not typically consistent with tech-speak,” Jaffer said. 

There are some positive signs that D.C. is moving to better enable defense against nation-state attacks. Last year, the U.S. Department of Defense gave Cyber Command authority to act more proactively against certain kinds of attacks. It allows Cyber Command to take action against Russia, Iran, North Korea and China in the event that any of those countries launch cyberattacks. 

The government stands to gain much from collaborating with the technology industry, Jaffer added. “Having these cloud infrastructures gives the ability to … leverage huge amounts of computing power, but also to leverage insights and knowledge from the private sector in ways that you never could have imagined. It’s not just innovation in technology; it’s benefits to the war fighter.” 

Here’s the complete AWS re:Inforce video interview with Jaffer, part of SiliconANGLE’s and theCUBE’s coverage of the AWS Public Sector Summit and AWS re:Inforce event. (* Disclosure: TheCUBE is a paid media partner for the AWS Public Sector Summit. Neither Amazon Web Services Inc., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU