FEDTECH: How does the tool isolate and protect the data? What’s the mechanism by which it works to do its job?
McDonough: At a high level, it’s zero-trust architecture. We talk about the four I’s: isolation, immutability, intelligence and invisibility. The way we transfer data from the production environment into the vault itself, it’s completely invisible to anybody on the production side. This eliminates the insider threat or compromised credentials, those sorts of things. That’s how we get true isolation from a zero-trust architecture standpoint — everything that controls that replication link is controlled from inside the vault. Putting it into the vault provides invulnerability.
FEDTECH: What makes this tool particularly appealing to a federal customer?
McDonough: The provision of the last line of defense. If you’re hit with a very targeted, sophisticated threat or attack, the goal of the adversaries is to ultimately get to command and control. So, you have all of these steps that the adversary has to go through in order to take action on their objectives. The vault stops every single attack prior to command and control.
The adversary can’t take action on their objectives if the data is sitting in the vault. Can they destroy your production data? Can they encrypt it? Can they wreak havoc? Yes. But they can’t ever get to that data in the vault. And the big thing about recovery is that you have to have data to recover with.
Everybody has the expectation that attacks are going to happen. They’re now starting to actually work on their strategies from the standpoint of, “This is definitely going to happen, how are we going to respond?”
FEDTECH: It seems as if there’s more talk about cyber resilience versus cybersecurity. What’s the difference between the two, and how does this tool fit in?
McDonough: Resilience is, in my mind, everything together — all of your identify/protect/detect tools, your respond-and-recover tools, everything working in tandem with your people, process and technology.
Resilience is, “Let’s plug the holes that we know about; what tools can we use? What’s the security hygiene? Do we have email hygiene that can go out to our end users?” And then we start building resilience. The way we position the vault is that even if you don’t know what to put in the vault initially, we have a list of things based on empirical data or historical events that are the items you need to have in the vault. Active Directory, DNS, intellectual property, networking diagrams — all of those are things you are going to need to put in there, because that’s what the adversary is going to go after.
FEDTECH: Is ransomware the biggest threat right now?
McDonough: Yes. It’s happening more and more. About three years ago, an attack happened every 46 seconds or so; now an attack happens every 11 seconds. The problem is that now adversaries are starting to work together as an enterprise, going to their core strengths. One group might be really good at reconnaissance, one might be good at delivery. There’s enough money out there that they say, “Hey, let’s just split the kitty.”
With nation-states involved, it raises the specter of a brute-force attack, which by definition is going to be 100 percent successful given enough time and given enough resources. If bad guys have the backing of Russia, China, Iran or North Korea, they have the resources. If you’re more resilient, it’s going to take them longer to break in, but eventually they’re going to break in if they want to.
I used to talk about the difference between a bunker and a vault. A bunker gives you protection, but if there’s a direct hit, good luck. The vault’s made for that direct hit.
Brought to you by: