Thought Leaders in Cybersecurity: Neal Creighton, CEO of CounterTack (Part 4)

Sramana Mitra: These detections that you’re making, are you able to trace that back to who is actually initiating these attacks?

Neal Creighton: The first and foremost thing that we try and do is stop the attack. That’s where we’re focused. We’re trying to keep the company off the headlines. That’s number one. The attribution piece is very hard because the attackers will come in and they will hide their tracks on their location. You’re able to see all that information that is applicable to the attack there. There are certain trades. We have enough information to say that certain payloads we see are characteristic of payloads we’ve seen from certain criminal elements or certain countries.

We can compare those and make predictions about where that came from. Then there are certain attacks that we think are pretty interesting like the Sony attack. The last year or so was very similar to an attack that happened in South Korea about two and a half years ago. There were certain elements of the payload that were very, very close. We’re able to see that, but our primary job is to make sure that we stop the attack before it does the damage to the organization and keep that organization out of the newspapers and keep the customer safe.

Sramana Mitra: I understand that’s your primary job and that’s the primary value proposition to the enterprise. One of the ways of stopping cyber crime is to stop it at the source and report these people to the governments who can take action against them. Of course, there is a bit of conflict of interest here for a company like yours whose main value proposition to your customers is that you stop these attacks from happening. If you stop the attacks all together, then you don’t have as many attacks to stop. It’s not in your best interest to report these criminals. Can you comment on that?

Neal Creighton: If we look at what we’re trying to do, the most effective way to stop these attacks is to make it economically very expensive for the attacker to do them. Right now with all the computing power out there, it’s not very expensive for these attackers to do these types of attacks. If they mount a very significant attack on an organization and are able to shut it down quickly, it becomes very expensive for  them to continue and move on to the next target. We focus on making it very expensive for the attacker to continue. On the other side, it’s very difficult. This gets in the issues between nations and international law.

A lot of the times we’re pretty much aware of where some of these attacks originated from – at least, the organizations. Enforcing that is very difficult. The United States has been trying. We’ve been negotiating with China. President Obama spent some time in trying to reach an agreement, which may have had some success in the last quarter to diminish attacks between our two countries. There are efforts like that going on, which I think are very valuable. We can provide data and people can use that to try and figure out attribution. They’re going to continue to happen. As we get to Internet of Things, it’s going to become worse. We just need to really focus on how we’re going to make it very expensive for the attacker to continue an attack with our customers versus moving on to the next target.