HP SVP suggests learning from cyber criminals and their methods

HP's senior vice president of enterprise security software suggests that we could learn a thing or two from cyber criminals -- and possibly persuade them to look elsewhere for targets at the same time.
Written by Rachel King, Contributor

SAN FRANCISCO -- Our best chance at defeating cyber criminals is by beating them at their own game, according to Art Gilliland, senior vice president and general manager of software enterprise security products at Hewlett-Packard.

"We're clearly in a war with the adversaries that we believe they are winning," remarked Gilliland at the 2013 RSA Conference on Thursday afternoon.

"We're clearly in a war with the adversaries that we believe they are winning," remarked Gilliland.

Citing internal research, Gilliland said that in 94 percent of the breaches reported, the organization that has been breached has been told about it from a third-party.

Furthermore, it turns out that they're hiding out inside of an organization's infrastructure well before they're ever discovered as Gilliland noted that it typically takes 416 days on average to detect a breach.
Even after discovery, Gilliland said that the time it takes to remediate those breaches has grown by up to 71 percent over the last two years.
That's especially important considering, according to another recent HP study, the cost assigned with that increase has increased by 42 percent over the last year because of the length of time needed to remediate.
The silver lining, Gilliland posited is that we've become very good -- or much better at least -- at protecting our networks and the operating system because 84 percent of the breaches are taking advantage of vulnerabilities at the application layer.
"The adversary is innovating," Gilliland commented, explaining that if you combine this information with the reality that cyber criminals can go online and rent Botnets for a few bucks per day, there is something different about the dynamic.
"If we're going to win, we're going to need to think a little bit differently about this," Gilliland asserted. "We are incredibly predictable to our adversary."
Gilliland acknowledged that businesses have to behave in budgetary cycles and build capabilities to end goals. The problem, Gilliland explained, is that cyber criminals know that, and they can be disruptive to that pattern.

"We've done a phenomenal job of raising the low bar," Gilliland quipped.

"We've done a phenomenal job of raising the low bar," Gilliland quipped.

So what should we do about that?
For starters, Gilliland advised we need to look more closely at the process that hackers use to define their attacks.
One aspect he mentioned is that there are experts that know how to build profiles of those who are attacked. It turns out many of these profiles are very cheap for other cyber criminals to buy, making it easier for them to break in. From there, all they have to do is enter the infrastructure and sell off more access points. That is then monetized, feeding the entire ecosystem.

"This process is really good at monetizing the sharing of information," Gilliland said. "This ecosystem is incredibly efficient at creating, sharing and acting on its security intelligence. That's creating a huge burden for us because they're way faster than we are."
If someone is more efficient and effective at one of those stages, Gilliland asked rhetorically, "Why wouldn't you just buy it?"
This reflects another problem on the business side. Gilliland added that his team found that most companies spend five times as much money in blocking the adversary than any other step in security prevention.
Gilliland suggested that the amount of money we spend in breach response can be reduced if we remediate faster and have a plan for responding to customers in a faster timeline.
In describing himself as a "veteran of this industry," Gilliland acknowledged he's excited about the potential big data offers for security, but he also posed "a challenge" to both the audience and the security industry overall.
"If you think about the capabilities we have today with cloud computing and the power that allows us to harness for building collective processing power, and you combine that infrastructure with the power of big data to analyze information, I think we can get a lot better if we share our information and analyze it in a central location," Gilliland said.
If we do that, Gilliland concluded, "I think we can fight and win together."

More from the 2013 RSA Conference on ZDNet:

Editorial standards