Shawn Henry: Private Sector Has Cyber Info Void to Fill

Shawn Henry: Private Sector Has Cyber Info Void to Fill - top government contractors - best government contracting event
Shawn Henry

Cybersecurity efforts should focus on hunting down the network intruder instead of trying to defend the network from an attack, says Shawn Henry, the FBI’s former top cyber official.

Henry retired from the bureau last month and has moved to startup company CrowdStrike, which provides malware and incident response services. 

The .gov space is effectively protected but there is no authority when it comes to the .com space, Henry said.

Each company is responsible for protecting their own network and that requires a higher level of strategic response, he added. 

Henry said the FBI does not spend time protecting its own networks, as the private sector completes that task while the bureau seeks out the criminals.

Henry said there is an intelligence void that the private sector needs to fill. 

He joined CrowdStrike as president of its professional services subsidiary, saying the company’s approach to security yields intelligence that has not been available outside of the government space. 

George Kurtz, a former McAfee executive and founder of CrowdStrike, approached Henry to join the firm, which focuses on both attacks to networks and the culprit behind the attack. 

The company focuses on looking inside the network in order to fingerprint attackers, which does not necessarily prevent an attack but does provide a method for response to current and future threats, GCN reports. 

The company employs a strategic approach over tactical and expects to release the related technology later this year, according to Chief Technology Officer Dmitri Alperovitch.

Henry said he thinks most do not understand the seriousness of network threats since most have not seen the classified data available within government. 

Henry said the private sector can develop the same levels of intelligence the government does but does not employ a method to gather the data.

Identifying the source of an attack is possible if companies analyze the right types of information, he said.

While it may be difficult to identify the culprit’s exact location, Henry said it is possible to identify a group or motive that would aid in defense from future attacks. 

You may also be interested in...

Red Hat's David Egts: Open-Source Training, “˜Sense of Mission' Could Help Agencies Address Cyber Skills Gap - top government contractors - best government contracting event

Red Hat's David Egts: Open-Source Training, “˜Sense of Mission' Could Help Agencies Address Cyber Skills Gap

David Egts, chief technologist for Red Hat's North American public sector, has said there are several options …

HHS, Industry Aim to Help Health Organizations Mitigate Cyber Threats With New Publication - top government contractors - best government contracting event

HHS, Industry Aim to Help Health Organizations Mitigate Cyber Threats With New Publication

The Department of Health and Human Services has released a four-volume document that outlines 10 …

Cloud-Based Identity Tools, Mobile Device-Based Authentication Among Cyber Market Trends to Watch in 2019 - top government contractors - best government contracting event

Cloud-Based Identity Tools, Mobile Device-Based Authentication Among Cyber Market Trends to Watch in 2019

Some of the trends in the cybersecurity market to watch in 2019 include the availability …