Kevin Mandia and his security company, Mandiant, are probably most well known for their 2013 report exposing APT-1, one of China’s espionage units.
Previously, there had only been rumors about the matter; Mandiant technology provided the proof.
Later that year, the company was acquired for more than $1 billion by FireEye Inc. At KPCB’s recent CEO Workshop, Kevin talked about the current security outlook and a bit about Mandiant’s history with general partner Ted Schlein.
Our recent episode of Ventured features an interview between Kevin and KPCB general partner, Ted Schlein, about the evolving landscape of cyber threats.
The impetus for Mandiant was the new breed of cyber-attacks by governments. (2:30)
Kevin started Mandiant after it became evident that hacking was no longer the work of random “script kiddies,” but was being organized by foreign governments, and that existing security tools weren’t up to the job of keeping systems safe. “Foreign governments against our private sector. It was the Russian and the Chinese primarily. When we saw that tilt, that’s when I knew it was time to start a company.”
Security breaches are inevitable. (3:10)
In the early days of Mandiant, there was a conventional wisdom in the security industry that breaches could be wiped out with the right technology. But Mandiant operated on the assumption that they had become a permanent feature of the landscape, and that each breach needed to be carefully studied to keep up with the attackers.
Rally the team around your mission and remove those who aren’t on board. (6:32)
Around 2006, Mandiant prioritized the software part of the business, but it wasn’t a popular decision among many current employees. “Almost nobody wanted to do it. I got emails like, ‘99% of all software companies fail,’ or whatever the stats were. So I knew I had to take some of those technicians that were the loudest, and move them out of the company.”
Disclosures about cyber breaches should not be handled piecemeal. (16:42)
In some of the recent well-publicized security breaches, companies released information in batches, over several days. A better policy is to get everything out at once, and to avoid speculating about things you don’t know. “What we’ve learned is disclose only what you know, don’t disclose what you don’t know, and if you can disclose on your own terms, embrace that.”
Phishing attacks are today’s biggest security challenge. (18:54)
Ninety percent of the security breaches Mandiant sees begin with a phishing email. “Somebody got an email saying hey, click on this link, you’ve been invited to have drinks or whatever the email was. The email had a link to something bad.” And new methods for phishing are being developed all the time. “Now you have to worry about Skype fishing and IM fishing.”
Lack of legal consequences perpetuates the onslaught of foreign cyber attackers. (19:55)
One of the problems security professionals face is that attacks coming from foreign countries are typically beyond the reach of the law. “If you hack in the United States, if it’s a U.S. company, you do get caught and there’s penalties for that. But if you act from North Korea, China, Russia, Iran, [they] just keep doing it.”
Countries that are no match for the U.S. military turn to hacking instead. (20:31)
In cyber, hacking is “asymmetrical,” in that a small group of people can do damage all out of proportion to their numbers. “That asymmetry is recognized by North Korea and Iran. The best domain for them to fight in is cyber, because they’re not going to beat us with bullets. And I think we’re going to see that more and more.”
The difference between Russian and Chinese hackers. (25:01)
Russian hackers are good at not leaving traces of their attacks. Chinese hackers are less careful in their programming techniques, but have an advantage in numbers. One recent change: Russians have become more tenacious. “In 2014, after 20 years of responding to the Russians, it’s the first time I saw them change their rules of engagement. Every time we caught them in the past, they would just go away. 2014 was the year we’d catch them in an intrusion and they just came back every single day.”