To gain insight on the months ahead as they relate to IT attacks, malware, cloud security, and the impact of virtualization on security, we recently chatted with Simon Crosby, former CTO of Citrix Systems' data center and cloud business. Crosby recently founded a cloud security startup, Bromium, with Guarav Banga, former CTO and senior vice president at Phoenix Technologies, and Ian Pratt, chairman of Xen.org and co-founder of XenSource.
CSO Online: What do you think 2012 may bring in terms of malware?
Crosby: I think you will see, obviously, a growth. By the way, the growth path in malware is currently exponential per year. That will continue. That's obvious. I think you'll see, in the U.S. large enterprise and maybe even in the federal infrastructure, another major compromise next year. It will be incredibly bad and incredibly embarrassing. That is, to say, very succinctly, we are now in a state of ongoing national cyber espionage. It's not cyber war, but it's cyber espionage on a grand scale. That's absolutely going to carry on. However, I do think the year ahead heralds a fantastic opportunity. It will be the first time when virtualization hardware and its uses within computer systems, generally, dramatically change the odds in favor of security.
CSO Online: How is that?
Crosby: We're in a really bad state in the traditional IT world. Here's a good example. I was sitting with a very large military organization and they tell me that they are required to have two of everything. Two firewalls. Two web application firewalls. Two endpoint security measures. The question is, why two? They have to have diversity of vendors. Then they can have some degree of certainty that they will have more protection. Is two good enough? They don't know.
CSO Online: Wait a minute, just to understand, they have two of each in-line? Two WAFs, two --
Crosby: Right. That's merely a sign of how desperate the times are. The existing approach, blacklisting, is broken. Whitelisting is very useful for the stuff you know. While you can tell that the programs that you use, your applications and your operating system, are in a certain state, you can't tell what's going to happen when they process bad data. That's what happens when you get attacked. Your browser is not malicious. It's just that when your browser happens to go to a particular website and pick up a particular attack, then it's going to attack. Whitelisting is great. It just can't go far enough because it has no way of reasoning about the unprecedented use of code.
If you look at the various vendors who have been trying to get there, I think if you look at various segments of the industry, we're all trying to get to the same place. And that is a more trustworthy, more reliable infrastructure.