George: When most people think about APT, they think it's a "what," but it's actually a "who." And the "who" is somebody from a nation-state trying to steal something that's important for financial gain. That's the problem we're really focused on. So the "who" is a person or group of people. I was recently with a guy who ran security for a really important telco in New York, and he was saying that he just came back from a security conference and they were talking about how, for example, the Chinese are organizing. The Chinese are not a bunch of individuals trying to penetrate the network. It's 150 Chinese who, like a battalion, are told, "Here's what we're going after and here's the threat vector we want you to use, because the goal is to compromise this particular company or this particular critical infrastructure." They're moving in that way. So it's a "who" or a collection of "whos."
Dix: You say nation-state, so this isn't organized crime, the attacks are actually backed by foreign governments?
George: Absolutely. Not every government, but certain governments. It's a national pastime in China -- it's recognized as something good -- but of course they deny it. We have this really important tool that a lot of first responders use when there's a breach. They go in with our tool and get visibility on the network and do forensics to find out what happened. One of our partners got called into a company who said, "We believe the Chinese are stealing our designs for these handbags and mass producing them because the knockoffs are making it to market before we can get out the original." They used our tool to find out it was a plant in some far-off place in China. So yes, it's well organized. Yes, it's state funded.
Our roots were in protecting classified information and dealing with cyber-espionage, and four years ago when Google got breached and put their hand up and said, "Hey, we just got breached by the Chinese," thousands of other companies put their hands up and said, "That happened to me too." All of a sudden what got put on the table is nation-states looking to steal intellectual property and identities. Anything that can be used for profit is at risk. It's the crown jewels of every company in the United States, everything from patents on formulas and algorithms to customer lists and bank account numbers. Nobody is immune. And if you're at a high risk for an advanced threat, you ought to start behaving like you've already been compromised because you probably have and don't know it.
Dix: Is it your experience that most companies believe their security is adequate?
George: Everyone's trying to mitigate their risk, and this is a really, really hard problem. In fact, nobody's solved it yet. So every company is trying to understand how they fill in the gaps to mitigate their risk. Any vendor who's saying "we can solve the APT problem" is not telling the truth. No single point product can do it. So people are putting in tools to give them visibility into the problem and to fortify their security.