Cybersecurity Legend Dr. Edward Amoroso Talks Malware
« Back to Blog

Cybersecurity Legend Dr. Edward Amoroso Talks Malware

By The Cylance Team

Cylance recently spoke with Dr. Edward Amoroso, Founder and CEO of TAG Cyber. Amoroso recently retired from AT&T after 31 years of service, beginning in Unix security R&D at Bell Labs and culminating as Senior Vice President and Chief Security Officer of AT&T from 2004 to 2016.

Amoroso offered his thoughts on malware, bad architecture, and how distributed hybrid cloud architectures may prove to be our cybersecurity salvation.

When Security Architecture Fails

Amoroso began by explaining how most companies are satisfied with securing their perimeters, and relying on an implicit trust across the network. As long as the hard outer shell is secure, they believe, the soft inner core is safe. Thus, once the perimeter is breached, an attacker can move laterally throughout a network with relative ease. “This is how Edward Snowden got into the NSA, and how most of the big retail hacks happen,” Amoroso explains. “The idea that a third party can get through a portal and see credit card machines on a network points to bad architecture.”

It is Amoroso’s observation that most of the malware we’ve seen over the last 10 to 15 years was designed to take advantage of terrible architectures. He went on to add that if you set out to write malware, you would first seek to understand the intended victim’s set-up – their architecture.

According to Amoroso, security often fails because it is architected with minimal emphasis on internal controls. Two things need to happen to fix this. First, adoption of security measures offered by companies like Cylance that have proven to be effective by using advanced analytic techniques to understand how malware behaves, and blocking it. These products offer a good way to deal with malware attacks on infrastructure.

Second: companies should embrace virtualized, distributed architectures. Over time, as companies virtualize and adopt hybrid cloud architectures, malware will shift and security will shift with it. The use of software defined for telecommunications and mobility will become one of the biggest themes.

Amoroso adds, “If we were to start a company today, we would create a cloud, use Office 365, invoice in the cloud, (do) everything in the cloud. This is an entirely different architecture. So, malware will shift and attacks will shift. How detection and prevention will happen will shift accordingly.”

The Race to Secure Tomorrow’s Architecture

Amoroso went on to explain how new approaches to architecture are changing how we deal with malware. “First generation architecture had a big, dumb perimeter. Once someone got in, you were dead,” he says. Now, we are moving toward a distributed architecture. When malware gets in, it is contained by way of segmentation, in a containerized infrastructure. It is harder for the malware to hop around. Therefore, malware cannot distribute fast enough to cause a lot of harm.

Amoroso said, “Over the last few years, we have considered cloud and distributed systems as part of the problem that needs to be secured. Now I think it is probably part of the solution, and needs to be accelerated.” He added that it is surprising to compliance managers and Federal regulators that scattering assets into the cloud is a good security strategy. The compliance managers don’t understand the concept. Amoroso went on to say, “We cannot have auditors telling security teams how to build architectures - auditors should take the lead from security experts. Their job is to follow the security controls in place, not the reverse”.

He notes that it is frustrating to deal with companies that are very conservative and set in their old ways. They do not want to shift, adapt, and move on. He does better with companies that are innovative and want to try new things, like artificial intelligence.

Amoroso concluded by saying, “We should encourage companies to deal with the dynamic threat with a dynamic defense. No one can afford to just sit and wait.”

You can hear Amoroso live on our webinar, The Protect To Enable® Webinar Series: Understanding the Reality and Rhetoric of Emerging Threats, hosted by Malcolm Harkins, Cylance’s Chief Security and Trust Officer, on Thursday, June 22nd 2017, at 11:00 AM PDT / 2:00 PM EDT. Click here to register.

Tags: