In the last two weeks, the world of cyber security has permanently changed. We have reached a major turning point, and there’s no going back. There are no more rules and no more boundaries. Unfortunately, everyone is fair game – the consumer, government employee, cancer patient, girlfriend, banker, security company, and so on. Any adversary can attack any foe, anytime, anywhere, anyplace, and without consequences in many cases. That’s the new reality. First, the government agency OPM was breached, and data on 4.2M federal employee was stolen. Next, the legendary Kapersky Lab was toyed with, by a group of da Vinci’s hackers that painted the Mona Lisa of malware. And in between breakfast and lunch, the Army.mil website was compromised. Let’s call it for what it is “Ugly”. The bad news, the situation is going to get “magnitude of orders” worse, which will discuss in later post.
Obviously, the current security business models are insufficient to deal with the latest threats. The hackers have won the day, by outsmarting and outmaneuvering the security community. The general state of cyber security needs a major overhaul. Defense in Depth is not going to protect you. Traditional security solutions are not going to protect you. Implementing a state of the art Defense in Depth strategy, and installing FireEye, Palo Alto, Symantec and Arbor Networks won’t fully protect you. Any adversary with enough skill, resources and time will take what they want, when they want, and there’s nothing you can do about it, because you won’t even know it happened. The traditional security vendor ecosystem, which includes Symantec, Fortinet, Barracuda Networks, F5, Cisco, Palo Alto and FireEye is in dire need of help. The only way to deal hackers is with hackers. The security community needs fresh blood, insight, creativity and innovation from a party that is not within the security community silo.
There is one group of hackers that are so highly skilled and gifted, they could take on the best of the best in adversaries, and win, if the purpose of the adversary is to cause destruction. Who is this hacker group that can probably even surpass the Palo Alto’s and FireEye’s of the world? That would be the CDN Hacker Community, or CDN Founding Team. The majority of the CDN start-ups, were founded by gifted hackers. CDN founders are hackers at heart. The main difference between a CDN Hacker and a traditional security engineer; the CDN Hacker skill set is deep and wide. Not only are they very technical in one area, but very technical in many different areas, understanding multiple systems including caching, programming, open source, routing, networking, storage subsystems, databases, web applications, web services, security, HTTP, and so on. It extremely difficult to build a global CDN with a robust feature set. Even AT&T and Telefonica flopped in building one. In order to build an innovation driven CDN, you need the best-of-the-best in skill sets, where many systems that weren’t meant to work together can be hacked into harmony. That’s the skill set needed to fight the da Vinci hackers of the world.