Attackers are going to gain access to corporate machines. And it's up to enterprises to decide what should happen next, says Patrick Morley, president and CEO of Bit9 + Carbon Black.
Make no mistake: Anti-virus cannot save every endpoint from infection, because such engines cannot spot malicious code that virus researchers have never seen before. Accordingly, the business imperative becomes to not just try to block attacks and unknown applications from executing, but to keep track of what's happening on every endpoint, so that if an attack does succeed, incident responders can replay how attackers got in, what they stole, and how they can be expunged from the IT environment, Morley points out in this interview with Information Security Media Group.
"You have to have visibility in real time, always on, on every device in the environment," he says. "By doing that - if you assume that the adversary is going to get residence - the first thing you've accomplished is, you've provided yourself with the capability to react very quickly, because you can see the adversary."
Breach Defense: Better Intelligence
Numerous studies report that most intrusions don't get discovered until weeks or months after they occur, and that the majority of businesses first learn they've been breached from a third party, such as a law enforcement agency. By that time, however, the attackers may have erased all signs of their intrusion from the targeted network and moved on, or perhaps done something that's outright destructive. That makes it difficult for businesses to launch effective digital forensics investigations and accurately ascertain when the attack began, what data got exposed, what wasn't exposed, and how to best mitigate the intrusion.
Morley, during his seven-year tenure as the head of Bit9 - has shepherded his company from providing endpoint security - and application whitelisting and blocking tools - through its February 2014 acquisition of Carbon Black, which gave the company a real-time analysis engine for monitoring PCs. Along the way, the company itself suffered a major breach in early 2013, with attackers stealing the company's digital certificate and using it to sign malware, which they then used to target three Bit9 customers. Morley, in a blog post, rapidly acknowledged the breach and detailed what had happened, as well as what the company would do going forward.
Speaking two years later, Morley says the company lost no customers as a result of the incident, and learned "quite a few" lessons. "By going through what we did, we truly experienced what our customers are experiencing on a very regular basis," he says. "We could speak to them, and I as a CEO could speak to CEOs at other large firms ... and we knew exactly what they've gone through."
In this exclusive Executive Session interview, Morley discusses:
- The need to prioritize not just protecting every enterprise device - where so much business-critical and valuable data gets stored - but also collecting in advance any data that will be required for breach detection and response;
- The growing importance and power that information security executives wield in the enterprise, as well as their increased accountability to boards;
- The biggest and most unexpected changes in enterprise security during his seven-year tenure as the head of the business, and how he has responded;
- The hack attack against Bit9: What the company learned and how customers have responded;
- His vision for Bit9, and what the acquisition of Carbon Black has meant for the company and its culture.
Prior to serving as president and CEO of Bit9 + Carbon Black, Morley held senior leadership positions with six venture-backed software companies, including three that had successful IPOs. He came to Bit9 from software vendor Corel, where - as chief operating officer - he led the company's global sales, marketing and operations functions for the Americas, Europe, the Middle East, Africa and Asia. Morley also played a significant role in the company's turnaround, acquisition strategy and eventual IPO. Earlier, Morley was CEO of Imprivata, a healthcare information security company. He also held senior management positions at technology firms Macromedia, Allaire, Rational Software and SQA.