By Jeremy Wagstaff
| SINGAPORE
SINGAPORE Feb 9 A barrage of damaging
cyberattacks is shaking up the security industry, with some
businesses and organisations no longer assuming they can keep
hackers at bay, and instead turning to waging a guerrilla war
from within their networks.
U.S. insurer Anthem Inc last week said hackers may
have made off with some 80 million personal health records.
Also, Amy Pascal said she would step down as
co-chairman of Sony Pictures Entertainment, two months
after hackers raided the company's computers and released
torrents of damaging emails and employee data.
Such breaches, say people in the industry, offer a chance
for younger, nimbler companies trying to sell customers new
techniques to protect data and outwit attackers. These range
from disguising valuable data, diverting attackers up blind
alleys, and figuring out how to mitigate breaches once the data
has already gone.
"Suddenly, the music has completely changed," said Udi
Mokady, founder of U.S.-based CyberArk. "It's not just
Sony, it's a culmination of things that has turned our industry
around."
Worldwide spending on IT security was about $70 billion last
year, estimates Gartner. ABI Research reckons cybersecurity
spending on critical infrastructure alone, such as banks, energy
and defence, will reach $109 billion by 2020.
Several things are transforming the landscape. Corporations
have been forced to allow employees to use their own mobile
phones and tablets for work, and let them access web-based
services like Facebook and Gmail from office
computers. All this offers attackers extra opportunities to gain
access to their networks.
And the attackers and their methods have changed.
Cybercriminals and spies are being overshadowed by
politically or religiously motivated activists, says Bryan
Sartin, who leads a team of researchers and investigators at
Verizon Enterprise Solutions, part of Verizon Communications
. "They want to hurt the victim, and they have hundreds of
ways of doing it," he said in a phone interview.
CLOSING THE DOOR
The result: companies can no longer count on defending
themselves with decades-old tools like firewalls to block
traffic and antivirus software to catch malware, and then assume
all traffic that does make it within the network is legitimate.
Research by IT security company FireEye last month,
for example, found that "attackers are bypassing conventional
security deployments almost at will." Across industries from
legal to healthcare it found nearly all systems had been
breached.
"Once an attacker has made it past those defences they're in
the gooey centre, and getting around is relatively simple," said
Ryan Wager, director of product management at vArmour.
Attackers can lurk inside a network for half a year before
being detected. "That's like having a bad guy inside your house
for six months before you know about it," says Aamir Lakhani,
security strategist at Fortinet Inc, a network security
company.
Security start-ups have developed different approaches based
on the assumption that hackers are already, or soon will be,
inside the network.
Canada-based Camouflage, for example, replaces confidential
data in files that don't need it, like training databases, with
fictitious but usable data. This makes attackers think they have
stolen something worthwhile. U.S.-based TrapX Security creates
traps of 'fake computers' loaded with fake data to redirect and
neutralise attacks.
California-based vArmour tries to secure data centers by
monitoring and protecting individual parts of the network. In
the Target Corp breach during the 2013 holiday shopping
season, for example, attackers were able to penetrate 97
different parts of the company's network by moving sideways
through the organisation, according to vArmour's Wager.
"You need to make sure that when you close the door, the
criminal is actually on the other side of the door," he said.
'THREAT INTELLIGENCE'
Funding these start-ups are U.S- and Europe-based venture
capital firms which sense another industry ripe for disruption.
Google Ventures and others invested $22 million in
ThreatStream in December, while Bessemer Venture Partners last
month invested $30 million in iSIGHT Partners. Both companies
focus on so-called 'threat intelligence' - trying to understand
what attackers are doing, or plan to do.
Clients are starting to listen.
Veradocs' CEO and co-founder Ajay Arora says that while his
product is not officially live, his firm is already working with
companies ranging from hedge funds to media entertainment groups
to encrypt key documents and data.
UK-based Darktrace, which uses maths and machine learning to
spot abnormalities in a network that might be an attack, has a
customer base that includes Virgin Trains, Norwegian shipping
insurer DNK and several telecoms companies.
But it's slow going. Despite being open for business since
2013, it's only been in the past six months that interest has
really picked up, says Darktrace's director of technology Dave
Palmer.
"The idea that indiscriminate hacking would target all
organisations is only starting to get into the consciousness."
(Editing by Ian Geoghegan)