"For a long time, we've focused on building higher walls, designing smarter guards to keep out all of the attacks; that hasn't worked so well," says Kennedy, a senior director for security at the networking company.
"The economic view says that we can stop, or greatly reduce the risk of cyberthreats by understanding that a lot of the criminals are in business," he says. "They're trying to make money off of us, and if we can break their business model, we can stop it; we can keep our data and our businesses safe."
It won't be easy. Unlike the physical world, where attackers are local, cybercriminals could come from anywhere. "It's going to be an ongoing battle to figure out who the bad guys are [and] find out how to get them," Kennedy says.
In the interview, Kennedy:
- Points out that catching criminals will require more international cooperation. "A lot of these businesses build across borders; the victim isn't necessarily in the same country as the attacker," he says.
- Recommends that to fight cybercrime, the cybersecurity community emulate efforts of companies and law enforcement agencies that successfully curtailed mass-phishers; and
- Explains how security serves as a business enabler.
Kennedy is responsible for Juniper's data center security products. Previously, he worked on anti-spam and secure gateway products at IronPort and Cisco. Earlier in his career, he ran product management and marketing for several startups and managed a seed-stage technology investment fund.