Cybersecurity efforts should focus on hunting down the network intruder instead of trying to defend the network from an attack, says Shawn Henry, the FBI’s former top cyber official.
Henry retired from the bureau last month and has moved to startup company CrowdStrike, which provides malware and incident response services.
The .gov space is effectively protected but there is no authority when it comes to the .com space, Henry said.
Each company is responsible for protecting their own network and that requires a higher level of strategic response, he added.
Henry said the FBI does not spend time protecting its own networks, as the private sector completes that task while the bureau seeks out the criminals.
Henry said there is an intelligence void that the private sector needs to fill.
He joined CrowdStrike as president of its professional services subsidiary, saying the company’s approach to security yields intelligence that has not been available outside of the government space.
George Kurtz, a former McAfee executive and founder of CrowdStrike, approached Henry to join the firm, which focuses on both attacks to networks and the culprit behind the attack.
The company focuses on looking inside the network in order to fingerprint attackers, which does not necessarily prevent an attack but does provide a method for response to current and future threats, GCN reports.
The company employs a strategic approach over tactical and expects to release the related technology later this year, according to Chief Technology Officer Dmitri Alperovitch.
Henry said he thinks most do not understand the seriousness of network threats since most have not seen the classified data available within government.
Henry said the private sector can develop the same levels of intelligence the government does but does not employ a method to gather the data.
Identifying the source of an attack is possible if companies analyze the right types of information, he said.
While it may be difficult to identify the culprit’s exact location, Henry said it is possible to identify a group or motive that would aid in defense from future attacks.