In The Boardroom™ With...
Mr. Raj Samani
McAfee
EMEA CTO
www.McAfee.com
Updated September 2015
VP, CTO for McAfee EMEA Raj is currently working as the VP, Chief Technical Officer for McAfee EMEA, having previously worked as the Chief Information Security Officer for a large public sector organisation in the UK. He volunteers as the Cloud Security Alliance Chief Innovation Officer and special advisor to the European Cybercrime Centre. Raj is also the author of the books 'Applied Cyber Security and the Smart Grid' and CSA Guide to Cloud Computing. He can be found on twitter @Raj_Samani
SecuritySolutionsWatch.com: Thank you for joining us again today, Raj. Much has happened in the cybersecurity space since our first chat together about 1 year ago. The bad guys, whether organized foreign countries, sophisticated hacker groups, or lone wolves, continue to probe for the weakest link into the network. What is your perspective, Raj, regarding the current threat environment?
Raj Samani: Well the number of breaches keep on coming don’t they? However the last twelve months has seen some fundamental shifts in the world of cybercrime, from the threats side the as-a-service nature of attacks has been one of the main reasons behind the increase in attacks. A number of years ago I wrote a report entitled Cybercrime Exposed where it was said “Today, cybercriminals require no technical knowledge only a means to pay”. It is fair to say that this is now in full swing, take ransomware as an example. Our latest threat report saw a 58% increase in samples in one quarter alone and this is in part because it has been made simple for anybody to participate in this lucrative industry.
SecuritySolutionsWatch.com: The United States Office of Personnel Management (OPM) recently discovered that the personnel data of 4.2 million current and former Federal government employees had been stolen. Care to comment?
Raj Samani: OPM, Ashley Madison, the hits keep on rolling. You know I heard a remarkable term some time ago called “Breach Apathy”. It describes a feeling that people are so used to the headlines that they simply don’t take notice. However, I would suggest that this is a dangerous trend. We as a society cannot simply shrug our shoulders and accept that our data will be compromised. The impacts of these data breaches are significant, of course the headlines will point to the suicides related to the AM breach, but millions of people were being blackmailed, businesses lost money, and ultimately jobs were lost.
SecuritySolutionsWatch.com: Protect. Detect. Respond. Recover…is an objective we often hear talked about. Seems to us that “detect” is the all-important key word there. Would you agree? Please tell us about McAfee’s Advanced Threat Defense offering.
Raj Samani: As an industry we have largely focused on the Protect element. Whilst this is appropriate, the reality is that criminals are becoming more innovative as we recently saw in the Beebone botnet takedown. Advanced Threat Defence is intended to address the detect element. This is achieved through isolating files, and running it in a secure environment. If this appears to be malicious then it will be prevented from running. This allows us to protect against things that we have no historical context of, in other words those fabled 0-day threats.
SecuritySolutionsWatch.com: We enjoyed your very informative recent Blog…
“The quick and dirty on how Morpho operates: the group’s modus operandi is a combination of watering hole attacks, zero-day exploits and multi-platform malware. They compromise websites pertinent to the target, exploit them and deliver either a Java-based zero-day exploit or a potential Internet Explorer zero-day exploit. Bottom line: this is cyberespionage via zero-day.” Would you please elaborate on this for our readers?
Raj Samani: This means that we have a very capable, highly resourceful attacker (or group of attackers). If we look back into history Sun Tzu uttered the words “Know Your Enemy”, and in this environment very skilled individuals are targeting information about you and me.
SecuritySolutionsWatch.com: On the bright side, the IoT environment and interconnected world we all live in truly enables technology to help people and create economic opportunities. May we have your thoughts on that Raj?
Raj Samani: If I utter the words cyber, what is the term that springs to mind? In most cases they will be negative, such as crime, espionage, war, etc. However the reality is that this is only one side of the coin, and one term that is often forgotten is opportunity. Technology has transformed every industry, every person, every section of society. We have to recognize this and maximize the opportunities for the benefit of each of us, but do so in a way that reduces the risk to a level we are all comfortable with.
SecuritySolutionsWatch.com: Thank you again for joining us today, Raj. Are there any other subjects you’d like to cover.
Raj Samani: As an industry we are working hard to create an environment that is safe for you, your business and your family to seize every possible opportunity. However we do need your help, if this means taking measures to protect your systems from infection and becoming part of a botnet then we will do everything we can to provide tools, and guidance. The only way we can move forward is if we work together.
SecuritySolutionsWatch.com: Thank you for joining us today, Raj. It is an honor to speak with a member of the Infosecurity Europe Hall of Fame and the Cloud Security Alliance Chief Innovation Officer. Please give us an overview of your background and your role at McAfee.
Raj Samani: My role is that of Chief Technical Officer for EMEA, I used to work as a CISO for a large government department, and have for many years volunteered within industry working groups such as the ISSA (where I was VP of communications for the UK chapter), and now obviously supporting the CSA.
SecuritySolutionsWatch.com: We understand you will be speaking at Cloud Security Alliance Congress 2013. May we have an overview of the main themes you will be addressing?
Raj Samani: Our dependency on services that are IP enabled is growing significantly and will continue to grow; from smart meters, power and water grids, train systems and every day devices such as units in cars, refrigerators and televisions. The need to correctly identify and authenticate when they connect to the Internet will be of critical importance, particularly if we consider devices related to health. In addition there is a need to ensure that they are capable of resisting cyber attack, as the impact of their unavailability could lead to serious economic effects. The session that I will be presenting with Evelyn will focus on the need for increased assurance in a connected world and explores the controls for establishing identity and leveraging up-to-date cloud-based threat intelligence to proactively secure mission-critical services.
SecuritySolutionsWatch.com: What is your perspective on the latest most significant trends affecting cloud security at this time?
Raj Samani: Well there has been significant concern about privacy within cloud in light of recent media reports. Within the CSA we conducted survey asking non-US residents whether recent reports would make their company more or less likely to use US-based cloud providers. The results found that 56% less likely to use US-based cloud providers, and 10% cancelled a project to use US-based cloud providers as a result.
https://downloads.cloudsecurityalliance.org/initiatives/surveys/nsa_prism/CSA-govt-access-survey-July-2013.pdf
SecuritySolutionsWatch.com: Today’s constant-threat environment has never been more challenging for the Public and Private sectors with cyber attacks coming at any time from organized governments, to sophisticated hacker groups, and lone wolves. What is your perspective on “best practices” to be followed in this environment?
Raj Samani: You know it’s a great question. I suppose for the cloud service provider, the challenge is not necessarily on what the best practices to implement are, but how to demonstrate that best practices are actually deployed. This concept is not new. So the term transparency is the term often used here, but when we think about it, the lack of transparency actually discourages the adoption of implementing higher levels of security.
It kind of reminds me of the riddle, that if a tree falls in a forest but no one is there to hear it does it make a sound? Well if I as a provider implement the highest levels of security but do not have the marketing budget that a larger provider may have, how do I relay this?
So I suppose this may not be the answer you are looking for, but the best practice I would argue is to demonstrate the greatest transparency possible. Whilst providing the customer a right to audit may not be sustainable, something as close to giving the greatest level of transparency should be best practice.
SecurityStockWattch.com: May we have a sneak-peek into your upcoming books? As one of the most prolific authors and speakers on the cloud security scene, what can we look forward to next ?
Raj Samani: Well the next book will in fact be the CSA Guide to Cloud Computing, co-authored by myself, Jim Reavis, and Brian Honan. The writing process is well underway and we fully expect it to be released in 2014.
But this is only the tip of the iceberg. You may have seen the last White Paper I co-authored entitled ‘CyberCrime Exposed’. As you know I have been drinking from the cloud kool aid, so aligned the cybercrime eco-system to the typical cloud terms we use. For example the potential cybercriminal can now outsource every part of an attack as-a-service, much like a cloud end-customer can outsource using a similar model.
This WP will be part of a series that is being produced, but also there is a pipeline of shorter articles and blogs.
SecuritySolutionsWatch.com: Thanks again for joining us today, Raj. Are there any other subjects you would like to discuss?
Raj Samani: Be careful, if you give me a soapbox you may never get it back!
You know I guess I would like to raise the point about cloud computing for critical operations (or indeed infrastructure). I am doing a webinar panel session entitled ‘Cloud Computing for Critical infrastructure – what a dumb idea?’
It’s a tongue in cheek title, I recognize that. But really consider the amount of traffic that for example smart meters will generate, the cloud will therefore have a very important role to play here. Therefore the need for better assurance, and its ability to support real-time decisions will become more important. So whilst I labored on the point of transparency, this will be imperative but also so will the need for greater assurance.
And of course the inevitable plug, yes I mentioned smart grid so you can get my earlier book I co-authored with Eric Knapp on Amazon, entitled “Applied Cyber Security and the smart grid”.
One of the recent features we released in July on the McAfee Web Gateway is the ability to do on-the-fly encryption/decryption for cloud storage applications that allow enterprise administrators the ability to combine a DLP policy (or any other permutation of policy settings on MWG) with an encryption policy, so that confidential or sensitive data can be safely stored in cloud storage applications but is not readable unless transferred back over MWG. MWG is the first Web Protection solution ever to introduce this capability. |