Jamil Jaffer, VP - Strategy & Partnerships, IronNet sits down with John Furrier & Rebecca Knight at AWS Public Sector Summit 2019 in Washington, D.C. #AWSPSsummit #AWS #theCUBE https://siliconangle.com/2019/06/28/nation-state-attacks-bring-companies-gov-together-to-fix-security-awspssummit-reinforce-startupoftheweek/ Nation-state attacks bring companies and government together to fix security There’s little denying that cybersecurity is in fixer-upper condition these days. Threats are getting more sophisticated, while there aren’t enough skilled professionals to fight them. Companies keep piling on threat-detection software tools to unimpressive effect. The status quo will simply not be adequate to fend off new attacks, particularly those from nation states. Companies must web together to form stronger defenses, according to Jamil Jaffer (pictured), vice president of strategy and partnerships at IronNet Cybersecurity Inc. The threats from nation states are overwhelming individual companies. And how would they not? Traditionally, the government — with all its resources and manpower — is expected to defend the U.S. against attacks from other nations. “We don’t expect Target or Walmart or Amazon to have service-to-air missiles on the roof of their buildings to defend against Russian Bear bombers — we send the government to do that,” Jaffer said. “But in cyberspace, the idea is flipped on its head. We expect Amazon and every company in America, from a mom-and-pop shop all the way up to the big players, to defend themselves against script kiddies, criminal hacker gangs and nation-states.” Jaffer spoke with John Furrier and Rebecca Knight, co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the AWS Public Sector Summit in Washington, D.C. They discussed the push for new collaborative solutions to nation-state and other cyber attacks (see the full interview with transcript here). In a separate interview, Jaffer spoke with Furrier and Dave Vellante at the AWS re:Inforce event in Boston (see the full interview with transcript here). (* Disclosure below.) This week, theCUBE spotlights IronNet Cybersecurity in its Startup of the Week feature. Collective defense and the hope for deterrence Nation-state attackers have seemingly unlimited resources and manpower to leverage against targets. It’s not realistic to expect a single company to match these large, organized actors and defend itself, according to Jaffer. At the same time, the U.S. isn’t prepared to appoint the Department of Defense to start policing the internet, he added. To address such threats, companies are on a security tool shopping spree. Seventy-five percent of respondents to Alcide.IO Ltd.’s 2018 “The State of Securing Cloud Workload” report, expect their cloud security stack to increase in the next year. Instead of increasing the number of security tools, perhaps a more feasible solution would be to increase the number of private-sector companies collaborating for a more secure internet. One company may have its best practices and its store of hard-won knowledge on threats. It may have developed ways to put out particular security fires it’s seen over the years. When multiple companies pool their knowledge and skills capital, the result it a more-comprehensive array of security resources, according to Jaffer. He terms this approach “collective defense.” In the case of novel threats, companies may draw on each others’ past experience with that threat type. They might prevent the threat from even seeping into their own data centers. This, together with network traffic monitoring and its collective-defense approach, is an important piece of its surveillance and monitoring platform. It shares all the anomalies seen across multiple companies to identify threat trends and correlations among data to predict and prevent attacks. It is something like an air traffic controller screen for preemptive cyberdefense, Jaffer explained. It does require commitment from its partner companies. “But, increasingly, they’re realizing the threat is so large, they have no choice but to work together. And we provide that platform that allows that to happen,” he said. With solid preventative measures in place, proper policing and deterring become possible. “A lot of people say deterrence doesn’t work in cyberspace. I don’t believe that. I think deterrence can and does work in cyberspace — we just don’t practice it,” Jaffer stated. It’s little wonder hackers are blithely stepping over the red lines in cyberspace. “It’s because we haven’t really given them a sense of where those lines are and what we’re going to do if they cross them,” he added. Here’s the complete AWS Public Sector Summit video interview with Jaffer: