Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
Why 'Adaptive Defense' Is CriticalFireEye CTO Dave Merkel Offers Advice in Wake of Anthem Breach
As hacker attacks, such as the breach of Anthem Inc., become more common, it's more critical than ever for organizations to carry out a comprehensive "adaptive defense model" to protect sensitive information, says Dave Merkel, chief technology officer at FireEye.
Although the model should incorporate several technologies, including multi-factor authentication, encryption and intrusion detection systems, it must go beyond that, Merkel says in an interview with Information Security Media Group.
"You also have to have intelligence," he notes. "The bad guy has [intelligence] about you, why don't you have it about the bad guy?"
Organizations also have to ensure they have expertise to protect data, detect breaches and respond appropriately, he stresses. "The bad guys are always innovating, so you have to also."
Going beyond a focus on breach prevention is essential, Merkel says, because breaches are inevitable. "You need to be analyzing, hunting in your environment, looking for attackers constantly with your human expertise, and then when you identify something that might be an incident, you have to respond, and you have to do it quickly ... so if you do have an event, you go from identifying the event to resolving it in minutes, as opposed to what we unfortunately frequently see, which is resolving it in weeks or months or potentially years."
Mandiant, a FireEye company, is working with health insurer Anthem in the digital forensic investigation of a hacking attack that may have exposed up to 80 million individuals' unencrypted information, but Merkel says he cannot yet reveal any details. The breach is believed by Anthem to have begun with phishing e-mails sent to a handful of its employees.
In the interview, Merkel also discusses:
- How spear phishing and social engineering schemes are becoming more sophisticated, and why organizations need to put effort into learning more about potential bad actors and their motivation for attacks;
- Why neither encryption nor multifactor authentication are silver bullets to protect data;
- Why the healthcare sector is a growing target for hacker attacks.
Merkel has more than 15 years of experience in the information security and incident response fields. Before joining FireEye, he was CTO and vice president of products at cybersecurity firm Mandiant, which was acquired by FireEye, where he focused on shaping the strategy and direction of the company's technology and engineering solutions. Earlier, Merkel spent more than seven years leading a team of technologists at America Online to protect corporate systems and network infrastructure. And he was a special agent with the United States Air Force office of special investigations.