Malcom Murphy is Technical Director at Infoblox and as a result, knows a lot of information about software architecture and how to construct proper defenses against online threat actors.
However, as Coronavirus has spread, cybercrime and the tactics of online hackers have become increasingly prevalent and more complicated in their approach due to so many new types of IT infrastructure’s being hastily put into place due to the ongoing pandemic and the ensuing panic that the virus has spread into our every day working structures.
So, we sat down to talk to Malcom, to chat about how he and his company are dealing with the changes in the cybersecurity world, the ways in which his company deals with that process and help secure organisation’s IT architecture and his forecast for the future of cybersecurity as more of tech companies allow their employees to work from home.
What’s your current role at Infoblox and what does that entail in terms of Cybersecurity?
I run the solutions architecture team, for EMEA, so that’s a team of people technical people and consultants who discuss with our customers, the prospect of what a solution looks like.
So specifically in a security context, that’s how can they leverage our capability at the core of the network to deliver improved security across their whole, architecture infrastructure, so we’re not really a point solution we underpin an organisation’s infrastructure and architecture and improve the whole security posture, so we really get under the whole thing of what a customer environment looks like, what an organisation’s IT landscape and threat landscape looks like and when it works well we can make structural improvements or help organisations to improve the overall structure that they have got.
That’s brilliant thanks for outlining that, what organisations at Infoblox working with and which ones are your priority?
We work with all sectors and but I do have some analysis say financial services, central government, there are things that tend to work better. But what we do, is applicable across all sectors and I think it’s less to do with the nature of the business and more to do with the nature of their IT architecture.
Where we bring significant value to somebody is where they have a large, distributed IIT infrastructure or network and then if you think about it that way, retails, bank, large global banking organisations they think wow, as do retail company’s ad do retailers, as do manufacturers who have complex networks and have the proliferation of big complex problems that we can really simplify.
That makes sense, that you look more into the number of things, you need to protect rather than what they are protecting. What effects have you seen on Coronavirus have on global cybersecurity and do you think that global cybercrime is on the rise right now?
Yes, it has risen to high to even higher, and it creates a huge opportunity for the big organised side of crime, it has a certain capacity and it has been going on and we have seen a rise in opportunistic stuff because the threat surface has got so much bigger, because as of March 23rd, all of a sudden all of those people who were going into Canary Wharf and where we had a security model that was based around, having an inside and an outside, all of those people, there’s now hundreds of thousands of attack surface, and all of those businesses working from home, now, the threat surface has increased, its’ not under Inflblox’s control in the same way that my desk in my office in London is.
So overnight everything that everybody working in cybersecurity was thinking about and working towards for the last few years it suddenly happened and if I’m the bad guy that’s happy days because most of the time during those years people were not dragging their heels, there were real things that people wanted to consider and so security risks must have got bigger and the opportunity for people to get naughty also got a lot bigger.
Okay, so COVID 19 has caused a lot of disruption in Cybersecurity, so to be specific, about what Infoblox does to stop these ransomware attacks and threat actors, what systems do you put into place to stop these threats?
So, what we do at the network level, there is the Forrester report that came out recently, that’s a great point of enforcement, one of the network areas we focus on is DNS is old-fashioned, its fundamental but its’ something we never think about.
But take for example a phishing attack an email comes, if you click on the link, your browser comes into a website, before my browser gets to a website, before my browser even connects to the site it has to do the address look up and we can do stuff there, not read about firewall, not read about true detection, not reading about the contents of the website, at the signaling, level to say is this a good place or a bad place and there’s lots of intelligence I can provide there, so it’s a very scalable, very robust enforcement point, and we can deliver it from a cloud-based environment, so it doesn’t matter if hundreds of people working in Canary Wharf are working in the home counties because I can do it from home cloud-based and reach those people like that
The nicest thing about the sophistication of what’s going on is that there are nor real overheads and the nice thing is that this is always up to date.
The latest information is always up to date, is this a none bad place, is this “suspicious”, organisations can pick their own policy’s, some organisations might turn around and say if its’ not on the list of places that you can of, it’s on this whitelist, the extreme policy, that policy level of control, I can have it even in my own organisation , what we can do is to combine that with other sources of threat data that an organisation has, they’re constantly under attack and I can use that contextual threat data from Financial Services Company A rather than Manufacturing Company B and combine that with other sources of data.
And the third piece is that I can combine that with telemetry around what the people in my organisation are doing because we are doing at the signaling level, and the context that we know of who the threat actor is, what they have done before, and what they do, because of the profile that we have built up from the signaling that has been reported about it in our network.
Internet Giants such as Twitter and many other monolithic online entities, that employ hundreds of thousands of staff combined, will now be working from home for good, what do you think about the overall impact this will have on global cybersecurity?
I think there’s more that needs to get done. What’s happened on the 23rd March in the UK, three year’s worth of planning happened in three minutes, and what that means is that a lot of shortcuts were taken. Whatever the new normal looks like, when we find the steady-state again, some organisations will be 100 percent fine ongoing but some organisations there is going to be a mix, whatever happens, whatever we used to do, it will be different and they will probably spend the next 12-18 months working on this, it will impose a new challenge on all new large infrastructure institutions to go back and assess where the big risks are and retrofitting some policy and procedure to find out what they need to do to have the adequate level of cybersecurity that they need. We took some cuts but that’s what we needed to do to get it all working.
Do you have any other cybersecurity rules, like not bringing in your own devices, or another handy piece of advice to help us all to improve their own cybersecurity?
Yes, I come back to the sans critical security controls, those checklists, and stuff that is already there but the application of those things will be different. Thinking of critical security controls, unauthorised devices should not be on my network but now things have to change because my network extends to the homes of my employees for a lot of places.
So, I don’t think we should throw away what we have, I think we should adapt the implementation what we have to reflect the changes in the network. That’s why I come back to the point I made at the starts infrastructure level process, the nature of my infrastructure and my architecture is changing and that’s the bit that I need to focus on.
So, it’s not about having a particular security technology or point solution it’s how do I build architecture, so it doesn’t matter if you take your phone into work or not, when you have your own private network, there are things your organisation will not know about but if there is a vulnerability if there is a route in my home network in my IT device or whatever that presents a risk and we look at how we can architecturally look at that and protect that. And things like those critical controls and everything we know, everything will stay relevant it just needs a new makeover.
Is there anything else you’d like to add?
I think by nature, I’m an optimist, I think the landscape has changed dramatically in the last three-week period and in the short term that has created opportunities for the bad guys, they are quicker off the mark then we would like. But I’m optimistic organisations will catch up and net net, we will catch up.
Organisations are having to catch up with the new working from home environment and people end up there quicker and I think If I take the big picture view and say, does this improve our overall organisational health, all the big picture things, I think the new normal will look better than the old normal and I think actually when we look back the security practitioners will look back we would never have done it this way and we may have cut a few corners but we got where we needed to be. And the last thing I wanted to say It probably helps security practitioners because this issue is now front and center of the board.