Raytheon is a $20 billion defense technology company with about 73,000 employees and customers from around the globe. Jeffrey Brown is CISO and director of infrastructure services for the firm, which means he’s responsible for traditional security functions in addition to metropolitan networks and WANs. “I have no one to blame if things don’t go right,” he puts it. What has Brown most concerned these days is the onslaught of socially engineered attacks brought on by new spamming techniques. We talked to him about the next-generation tools required to combat such threats, as well as some of his techniques for fending them off in the meantime. He also discussed the challenges inherent in providing identity management in a large company that has to meet strict U.S. and international security standards.

Why did Raytheon lump responsibility for infrastructure services together with security in your job description?

The thought was, it’s an end-to-end process: A lot of security is dependent on the network architecture. The network architecture has to support the inbound and outbound traffic through the Internet gateways and must be integrated with security services.

What is the reporting structure? Are you part of the IT group?

Yes, Raytheon places a pretty high priority on IT security. I report directly to the CIO, and she reports to the CEO.

What are your more pressing security issues these days?

Without a doubt, the most pressing problem is the explosion of the socially engineered attack. [Ed note: Socially engineered attacks require the user to take some action, such as clicking on a URL, for the attack to succeed.] There have really been three different chains of events that have come together to make it a very different threat environment than we faced just a few years ago.

First, we’ve done a pretty good job closing down a lot of the traditional malware ingress points on our perimeter — the open ports and the open services. But we have to leave open e-mail and Web browsing to conduct business, there’s just no way around it. Add to that the emergence of botnets and the mass-mailer spamming techniques that botnets facilitate, packers that allow you to compress executable files, encryption techniques that obscure signatures that antivirus systems look for, and polymorphic coding techniques that allow attackers to automatically produce thousands of unique variations of malware — which for all intents and purposes are all zero-day attacks. When those things all come together, the result is this explosion of socially engineered attacks. It really fundamentally changes the battlefield. While our traditional, signature-based perimeter and desktop defenses are still absolutely necessary, I don’t think they’re sufficient any longer. The industry is still working to improve behavior-based techniques and detection systems to make them more scalable and portable.

Whitepapers

• Gene Kim's Practical Steps to Mitigate Virtualization Security Risks
• Selecting Effective Virtual Directories
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• Learn how to Keep your Mobile Workforce Connected
• The self-managed network

View more SECURITY special reports