DS Dominic Storey
DS: We’re the makers of Snort, the most widely used intrusion prevention system in the world today. Our business is providing contextual security solutions for the cyber security threats of the 21st Century.
The threat environment’s changed completely over the last couple of years. In the age of the castle we protected ourselves by putting walls around them, but what’s the point of a wall around a castle when we have the age of the jet plane that can easily just drop bombs on the top of the castle anyway? In the same way the age of the firewall, which has been protecting people’s networks for so long, what’s the point of that when we have 3G phones which then connect to networks, and allow us to drop software bombs, if you like, into any business at any time?
We have to respond so quickly to things. We have to be fairly instantaneous to figure out whether this is a threat or not. Imagine you’re working in a bank and this guy walks up to your counter and he’s got a balaclava on, you’re thinking friend or foe? Is he going to pull out a shotgun, or is he going to pull out his chequebook? The only clue you have is the weather, so you look out the window and it’s a hot sunny day, then you know you’re in trouble. You look out and it’s minus 20 below, and it’s cold and snowy, he’s probably going to get his chequebook out. That’s context.
Context as applied to security, in our business, is about actually understanding, when we see an intrusion event, what that means to your own network. An IPS alone tells you an event and an IP address, so that all the information you have is, this is a security event against this IP address. It would be much more useful if you had a little bit more information about the assets of what you have, such as, this is a security event against a Blackberry. That gives you a lot more useful information. If you had even more information, such as the IPS data itself, the information about what kind of device it was, and the user who’s using that device at the time, so now not only do you see it’s a Blackberry, you see it’s owned by President Obama. Now, if you’re running that network’s security environment for the Whitehouse and you see an attack against the Executive, then you know you’ve got to do something about that pretty quickly.
We have a simple IPS solution for simple requirements. People want to be able to block events happening on their network, that’s Sourcefire IPS. When they want to consider the more important aspects of the assets they have, the vulnerabilities they have in their own business then, once we include Sourcefire IPS and our product called Realtime Network Awareness, with our Defense Center, which correlates that information together, then we have active contextual information, reducing the number of events they have, enabling them to deal with the situation a lot faster. When we consider that we can then integrate user information in, now we can see active security events against the users of the machines at that time, giving us the full contextual gamut that they require.
