In his role as chief cyber strategist for Fidelis Cybersecurity, Jim Jaeger is responsible for developing and evolving the company’s cyber services strategy while synchronizing it with product strategy. Jim previously managed the Network Defense and Forensics business unit, including the Digital Forensics Lab. He has led cyber forensics investigations into some of the largest network breaches impacting our industry. Rhode Island Governor, Gina Raimondo, recently appointed Jim to the state Cyber Commission. He is a former Brigadier General in the United States Air Force and his military service includes stints as the Director of Intelligence (J2) for the U.S. Atlantic Command, Assistant Deputy Director of Operations at the National Security Agency, and Commander of the Air Force Technical Applications Center. In these capacities, Mr. Jaeger was responsible for the collection and reporting of intelligence to Theater Commanders and the National Command Authority. He received his bachelor of science degree from the Air Force Academy and his master’s degree in management and supervision from Central Michigan University. He also completed the Executive Development Program at the Whitmore Graduate School of Business of the University of New Hampshire.
Christopher P. Skroupa: Why is robust network security monitoring so critical?
Jim Jaeger: Chris, unfortunately, we see too many breaches that go on for months before they are detected. Some incident response teams are reporting that many victims have been breached for over 200 days. We’ve worked several breaches that were not detected for over a year! What makes this situation even worse is that many of these breaches are not detected by the victim firm or their network monitoring functions. In too many situations today, the victim is notified of the breach by law enforcement or other external entities.
What makes this inability to detect breaches particularly problematic is that not only are losses likely to be significantly higher the longer the attackers are in the network, the difficulty and costs of dislodging them typically increase dramatically. This has forced us in many cases to employ a radically different approach to containing and cleaning up breaches. We call this approach aggressive remediation or eradication.
Fortunately, cyber security professionals are increasingly changing their focus from preventing breaches to detection and response. While this is a very positive shift, it is also long overdue. We’ve spent much of the last 25 years building CERTs and SOCs for government and industry partners. We’ve always said, “There is no network that is so secure that a determined hacker will not eventually breach. The key is detecting and responding to the breach when it does occur!”
Skroupa: In an information security market that is already flooded with tools, why has Advanced Threat Defense (ATD) technology become a hot item?
Jaeger: The rise of ATD technology over the past three years is a direct result of the fact that traditional network security tools have been relatively ineffective in stopping today’s advanced attacks like spear phishing. While firewalls, antivirus, and intrusion detection/prevention systems are important, they have not proven sufficient to protect government and industry networks from advanced attacks.