It’s time for all of your counter-espionage tools to work together.

Michael Sentonas, President, CrowdStrike

February 17, 2015

3 Min Read

By now you, your peers, and your board should have accepted that cyberespionage is real, active, and not going away. Whether it is a customer or competitor, country or criminal, someone wants to know a lot more about you. They could be looking for intellectual property to steal, product or inventory details to strengthen their negotiating position, customer information to use or sell, or hundreds of other items. Their goal could be getting a better price, gaining a competitive advantage, disrupting your efforts, stealing your customers, or something equally as nefarious.

People have been watching your company from the outside for a long time. They may have even tried to get inside to sneak a peek at your secrets, posing as a customer, employee, or potential investor. And you were probably doing similar things to try to get inside the heads of your competitors, suppliers, or customers – all legally, of course.

The difference is that now there are more people, with access to more technology, trying to get inside. The worst part is that they will not necessarily be brazen about it, either. They may not go screaming from the rooftops about what they have stolen, or post the data on a darknet website. They may keep it to themselves and use the information carefully to keep you unaware, like the Enigma decoders in World War II, so you will not even know that you have been compromised.

In this new corporate cyberespionage environment, security vendors will often say “The old way has failed again; buy our gadget instead and it will protect you.” Unfortunately, this is just as risky as relying on any one sports play. Good defense is flexible, adaptable, and responds to the situation on the field. Most important, good defense relies heavily on communications among team members. Combining star players from several different teams rarely results in a superior defense, until they have learned to play together.

Similarly, no one style of defensive player is going to work for all plays, and no single security product is going to solve all of your security issues. You will need a broad mix of devices and services, but it should not be your responsibility to integrate them all. Look for end-to-end or standards-based solutions that have a proven ability to play well together.

Some espionage targets are obvious, while others can be quite obscure. You cannot know for sure what your adversaries are after, and you cannot lock down everything. You need to ask and honestly answer the questions about where you are vulnerable and what data could be used against you; not just core intellectual property, but information such as delivery schedules, contracts, inventory levels, product plans, and pricing analysis, just to list a few.

Using terminology from the spy world, your analysts will need to combine signals intelligence, human intelligence, open-source intelligence, and surveillance from your full complement of security agents. If they are not speaking the same language and using the same communication channel, there is an added risk of misunderstanding or miscommunication among systems.

You need your whole environment to share and understand threat intelligence, anomalous behavior, and suspicious files. Then you can detect the small percentage of alerts that could indicate cyberespionage, and your analytics team can combine forces and apply the context to evaluate these clues and act appropriately.

Combatting cyberespionage isn’t about hiring the latest silver bullet. It’s about building a collaborative team of special cyberexperts, a team with balanced and reinforcing skills; some network, some endpoint, some big data, some system. Harnessed together, that’s an effective weapon in modern cyberwarfare.

About the Author(s)

Michael Sentonas

President, CrowdStrike

Michael Sentonas is President of CrowdStrike. Previously, he served as Vice President, Technology Strategy, at CrowdStrike as well as Chief Technology Officer. With over 20 years' experience in cybersecurity, Mike's most recent roles prior to joining CrowdStrike were Chief Technology Officer – Security Connected and Chief Technology and Strategy Officer APAC, both at McAfee (formerly Intel Security). Mike is an active public speaker on security issues and provides advice to government and business communities on global and local cyber security threats.

He is highly sought after to provide insights into security issues and solutions by the media including television, technology trade publications and technology centric websites. Michael has spoken around the world at numerous sales conferences, customer and non-customer conferences and contributes to various government and industry associations’ initiatives on security. Michael holds a bachelor's degree in computer science from Edith Cowan University, Western Australia and has an Australian Government security clearance.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights