HBGary Director Talks Security

By Paula Bernier, Executive Editor, TMC  |  November 05, 2013

The definition of security is a tricky one.

It typically has to do with safeguarding yourself and your assets. But, in fact, there’s no foolproof way of doing so. There are, however, some steps you can take to lessen the likelihood of a security breach at your home or organization, and there are additional measures you can put in place to minimize breaches once they happen, says Matthew Standart, director of threat intelligence at HBGary, a 10-year-old security software and services company now owned by ManTech.

HBGary got its start when co-founder Greg Hoglund, who invented the first root kit software, joined forces on a research project funded by the Air Force and the Department of Homeland Security. The effort revolved around finding a solution to detect hidden software. That led to HBGary’s Digital DNA software, which is now the basis for all the company’s solutions.

But although the company helps others, even the federal government, with security, HBGary itself was the target of a security breach by the group Anonymous. This happened in early 2011 when the head of HBGary Federal announced he had uncovered the identities of Anonymous leaders and planned to reveal them at a security conference. Anonymous responded by breaching the HBGary network, posting archives of its executive e-mails, issuing a statement on the HBGary website, and overtaking some HBGary employee Twitter (News - Alert) accounts.

So between its own hacking experience and its involvement in helping others with security, HBGary has certainly had its fair share of experience and lessons learned on the security front.

“It’s probably not a matter if you’re going to be breached, it’s a matter of when,” Standart says.

To attempt to avoid a breach, Standart suggests that organizations do a risk assessment to understand where there are risks – both internally and externally – and figure out a plan for what to do about them. Organizations need to anticipate threats that face them daily, he adds.

Many breaches, he continues, happen because people are not following policy. As a result, some of the most severe incidents have been detected by simplistic methods. For example, employees traveling outside the company may ignore or not be aware of a company policy requiring that they connect to the company VPN before accessing a public network because it’s easier to just connect to the Internet directly, he says. But that can introduce significant risk so should be policed, he says.

When it comes to significant breaches, the role of insiders should not be downplayed, he adds. For example, Vodafone (News - Alert) was recently compromised when someone with knowledge of the organization accessed and stole its customer lists, including payment information.

“So it’s not always the guy outside,” says Standart.

He goes on to mention Edward Snowden, the National Security Agency (News - Alert) contractor who leaked classified information about the government’s surveillance efforts, was a relatively new employee yet had access to a great deal of information. That said, Standart suggests that organizations get to know employees for a while before handing over the keys to the kingdom; instead, he says, they may want to give employees access to systems and data a little at a time and only as needed.

Edited by Stefania Viscusi