Nick Urick oversees FireEye‘s work with federal agencies in his role as vice president of the federal division for the Silicon Valley-based network security company.
FireEye calls its idea for cyber defense an “Adaptive Defense” approach that integrates the company’s technology with threat intelligence and experience in an effort to help government agencies stay ahead of cyber attacks and find them when they happen.
In this conversation with ExecutiveBiz, Urick shares his views on how agencies can reimagine how they do cybersecurity through the adaptive defense model and how information sharing between business and government factors into that concept.
ExecutiveBiz: What parts of the business did you focus on the most in 2014?
Nick Urick: We’ve been developing our federal team’s capacity to address the government and its challenges in cyber today. We have a pretty balanced team that covers the civilian and intelligence sectors, the Defense Department and a lot of the integrators joining programs and ongoing missions. We are now in every department-level agency and we’re spread across the Defense Department and the intelligence community.
A lot of agencies quickly adopted a good percentage of the technology and this was driven by the value they found in our technology, intelligence, expertise and services. It has been a very good experience for FireEye and our clients.
ExecutiveBiz: What is the biggest change that you have seen in the industry during your career?
Nick Urick: I’ve seen a lot of changes in the way government spends to provide architectures. In the last several years, particularly where budgets have been declining, we have seen massive consolidation of data centers and a very big reliance on cods versus some of the main order solutions that were offered by government. It became imperative that government selects the right solutions and architectures to solve its problems and fulfill its missions.
I see that more pronounced today than ever. We have several clients using older technologies and trying to migrate to new technologies, including cyber. They’re trying to find out which tools are effective and will ensure that they are adequately protected facing a budget and headcount that are either not growing or declining.
Essentially this is a big interesting part of the industry. Government has gone under a lot of attack. We’ve seen the reliance on industry, on a lot of architectures and processes, to gain skills in training and then move forward with that training themselves. They also have to do it in a cost-effective manner.
With past task operations, I’ve seen a lot of redundancy in spending. But today customers or government-clients are making very conscious decisions and are doing a lot of research to figure out which solutions will work for them. These customers are testing, deploying, training, doing ongoing expertise development, and later reinvesting in those solutions.
ExecutiveBiz: What areas of cybersecurity do you expect agencies to start emphasizing?
Nick Urick: We are going to see a dramatic movement from a tools-based approach to a compliancy-based approach to something that’s far more resilient. We’ve seen for the last two decades the deployment of all these conventional signature-based security tools. Based on having a tools and compliancy environment, we have this small set of security that shows you are compliant, safe and that you own the best tools in the industry.
In the past couple of years, government users have seen a lot of attacks and advanced malware that has gotten through. We’re in a position where a tools-based or compliancy-based approach isn’t good enough. There is a need to bring in new protection and counter-measures that are not signature-based and that can find, detect, help to contain or remediate the advanced attacks happening today.
Even with static budgets, considering the threat landscape, agencies are finding ways to reinvest in newer tool sets, skills, sets of threat intelligence. We’ve seen the rapid acceleration on building new architectures that will replace conventional architectures. Two years ago when I joined FireEye, there were a lot of agencies in this tools-based mentality due to limited budget. Now they’ve come to realize that the threat landscape is getting worse and evolving rapidly.
Agencies are trying to find ways to catch up and move toward more resilient architectures. They’re going to need to build a baseline on how to manage that type of environment for their agency.
ExecutiveBiz: How should government and industry build up their collaborations in cybersecurity?
Nick Urick: The mentality of moving now and doing something now to advance protection is vitally important. It is really critical to go from a tools- and compliancy-based approach toward evolving an adaptive and resilient set of defenses to protect against adversaries that are ever-changing their tools and improving techniques.
The second thing is for government to collaborate on cybersecurity. We need to establish cybersecurity tools and architecture testing that will compare the effectiveness of industry-developed tools on live network traffic. A lot of lab testing results are sometimes manipulated or tested against known threats, creating results that are not going to stand up in operational networks.
Cyber test ranges for example; a lot of those simulations, threat projections and malicious sites rely on previously known threats. Advanced tools screening requires live traffic to truly indicate a tool’s performance. There are so many vendors crowding into this space with messages about what they do in cyber that it is difficult for government users to clearly know the true solutions to build an architecture that sustains them.
The third component for collaboration is around threat information sharing. There are lots of privacy and liability issues but virtually no sharing between the private industry and the U.S. government.
This results in a loss of information on government-specific threats. Government’s participation with industry improves situational awareness, gives people better contextual information around the threat and makes sharing of threat intelligence among other government agencies easier. With all the recent news around devastating attacks, it’s really no surprise that President Obama came out to strengthen our nation’s cyber defenses.
He announced that sharing threat intelligence is a top priority and is going to be a key piece in legislation moving forward. That’s a key offering of FireEye and something we can help government with. It’s moving now to advanced protections, establishing testing for cybersecurity tools based on real live traffic, and threat information sharing.
ExecutiveBiz: In what ways can agencies rethink or reimagine the way they do cyber defense?
Nick Urick: It is a great thing to think about. We just announced that the average presence of attackers in a network is now 209 days. That’s an average of seven months before they’re discovered. Then there are another several weeks or months for containment and mitigation, so we can see attackers infiltrating a network for potentially up to a year — or in some cases longer than that.
FireEye’s platform reduces the time from protection to remediation from days down to minutes. Reimagining security is about moving toward an adaptive defense model where security teams have the tools, the intelligence and the expertise to detect, prevent, analyze and remediate rapidly evolving tactics used by these attackers.
The goal is to dramatically reduce the time to detect and to remediate. Threat information sharing is a key part of an adaptive security model. As a leader, FireEye expertise is world-renowned, and has been employed in all the major attacks that have happened. This is a critical piece we offer, along with our technology and intelligence. Those are three critical things in building an adaptive defense model.
If the government starts moving toward a shared model, it not only gives a lot more insight to detect and prevent but it also gives a lot of situational awareness. Today this is lost because the government doesn’t share attack information. We’ve announced some research showing 70 percent of all malware is used at least once, so you can imagine the transformative nature of how tools of attacks are rapidly evolving.
It is critical to have the current state-of-the-art threat information sharing, tools and expertise. Then we encourage organizations to adopt behavioral-based tools models, techniques and technologies that we have such as detonation chambers, and to actively monitor networks for advanced cyber threats.