By Andy Bui
On February 6th, the Center for Long-Term Cybersecurity hosted the first seminar of the Spring 2024 CyberMētis Speaker Series, featuring a talk by Derek Manky, Chief Security Strategist and Vice President of Global Threat Intelligence at Fortinet.
The CyberMētis Speaker Series connects cybersecurity experts and practitioners with UC Berkeley students to discuss the practical skills and acquired intelligence required to operate in a constantly changing natural, human, and digital environment.
A central theme of Manky’s presentation was the importance of understanding current efforts in the private sector, law enforcement, and government to disrupt cybercrime, which is becoming more well-funded and organized. “We don’t want to be one step forward and two steps back,” Manky said. “There is an arms race that we always talk about with cybersecurity, so we started putting some brainstorming in, looking at how we can not constantly be on the defensive, but be on the offense.”
Raising the Level of Defense in the Industry
Manky explained that he envisions a unified strategic approach toward raising the level of defense against cyber criminals, a sort of Venn diagram where the world “shares threat intelligence, shares information, and addresses privacy concerns.” As a model that is working to improve the cybersecurity of the global digital ecosystem, he referenced Fortinet’s partnership with the Cyber Threat Alliance, a non-profit organization that enables real-time, high-quality cyber threat information-sharing among companies and organizations in the cybersecurity field.
“We’ve turned the industry around with this,” Manky said. “We have a trusted network where information is shared in advance…so everybody can be prepared. We can have defenses ready to be deployed, which means nobody is caught by surprise, and it raises the overall level of defense.”
Manky went on to describe Fortinet’s work with Interpol issuing intelligence packages, and looking not only at what international cyber criminals are doing, who they are targeting, and what tools and methods they’re using, but also finding out who they are. “The toughest thing in the world of threat intelligence is attribution,” said Manky, “There are ways to do it, and arrests are made, but we cannot arrest our way out of this problem.”
He went on to discuss industry innovations like MITRE ATT&CK and similar protocols and frameworks that can help organizations understand cyber threats and adversary behaviors in order to mitigate harm. Manky emphasized the need for further intelligence sharing and public-private partnerships to find holistic solutions for disrupting cybercrime.
The Evolving Threat Landscape
Although the cybercrime threat landscape looks similar to how it did 10-15 years ago, Manky explained, the problem has only grown more fast-paced and complex. Manky noted that cyber criminals have been successfully “building an empire,” with a growing list of thousands of orchestrated players involved, many of whom are developing their own tools and distribution models, allowing even more cyber criminals to target organizations.
In recent years, Manky has seen a convergence of cyber criminal enterprises shifting their targets from quick, financially motivated hits on small- and medium-sized businesses toward more sophisticated, politically-motivated attacks on operational technology and critical infrastructure.
Manky concluded his presentation by going into more detail on some of the various threat intelligence initiatives Fortinet is working on in partnership with different stakeholders in industry, government, and academia.
“It really is a game of chess,” he said. “You have to know the offense, what your attacker’s typical moves are, and then you can create a better defense for that. With [cyber crime] disruption, it’s the same idea. We look at all of the tools in the attack kit, and take those pieces off the chess board. It’s never going to end in checkmate, in my point of view, but we can mitigate the risks. We’ve made promising progress, and it’s refreshing that the industry wants to do the right thing and work together.”