- What does Cisco have against Quebec?
- Attrition.org nails another nitwit
- Diary of a deliberately spammed housewife
- Seven cloud-computing security risks
- 20 great Windows open source projects
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Raytheon is a $20 billion defense technology company with about 73,000 employees and customers from around the globe. Jeffrey Brown is CISO and director of infrastructure services for the firm, which means he’s responsible for traditional security functions in addition to metropolitan networks and WANs. “I have no one to blame if things don’t go right,” he puts it. What has Brown most concerned these days is the onslaught of socially engineered attacks brought on by new spamming techniques. We talked to him about the next-generation tools required to combat such threats, as well as some of his techniques for fending them off in the meantime. He also discussed the challenges inherent in providing identity management in a large company that has to meet strict U.S. and international security standards.
Why did Raytheon lump responsibility for infrastructure services together with security in your job description?
The thought was, it’s an end-to-end process: A lot of security is dependent on the network architecture. The network architecture has to support the inbound and outbound traffic through the Internet gateways and must be integrated with security services.
What is the reporting structure? Are you part of the IT group?
Yes, Raytheon places a pretty high priority on IT security. I report directly to the CIO, and she reports to the CEO.
What are your more pressing security issues these days?
Without a doubt, the most pressing problem is the explosion of the socially engineered attack. [Ed note: Socially engineered attacks require the user to take some action, such as clicking on a URL, for the attack to succeed.] There have really been three different chains of events that have come together to make it a very different threat environment than we faced just a few years ago.
First, we’ve done a pretty good job closing down a lot of the traditional malware ingress points on our perimeter — the open ports and the open services. But we have to leave open e-mail and Web browsing to conduct business, there’s just no way around it. Add to that the emergence of botnets and the mass-mailer spamming techniques that botnets facilitate, packers that allow you to compress executable files, encryption techniques that obscure signatures that antivirus systems look for, and polymorphic coding techniques that allow attackers to automatically produce thousands of unique variations of malware — which for all intents and purposes are all zero-day attacks. When those things all come together, the result is this explosion of socially engineered attacks. It really fundamentally changes the battlefield. While our traditional, signature-based perimeter and desktop defenses are still absolutely necessary, I don’t think they’re sufficient any longer. The industry is still working to improve behavior-based techniques and detection systems to make them more scalable and portable.
IBM spent all that money on a mass rollout of PGP Whole Disk Encryption, just when its discovered that...- Anonymous
Comments (1)
RE: Defending the defense industryBy rashmi on November 20, 2007, 12:36 amwat identity management tool u are using,is ur apploication sso enabled???
Reply | Read entire comment
View all comments