Duca is regarded as a guru in the security space, having joined McAfee back in 2000 and becoming chief technology officer in 2013 at Intel Security as it had become, before joining Palo Alto Networks in April 2015. He was also a member of the Australian Government’s Online Safety Consultative Working Group. He combines his leadership style, with a technical base and communication skills.
Duca says 90% of his role is about raising awareness of security best practice because the bad guys are getting smarter and more persistent. “These days we all know what the vulnerabilities are and anything that is known can be prevented although the adversaries are always finding new ways to get around patches and new security technologies,” he said.
“Most people tend to think that they are safe and secure if they use anti-virus (software) and have a firewall sitting at the front door of their organisation. That may have worked once upon a time, but unfortunately, the hackers of the world have become a lot smarter than that,” he said.
Duca says that he was attracted to Palo Alto Networks based in Santa Clara, California, because its take on security was focused on the network (and that includes the WAN, cloud and Internet), it was a disrupter, and because of its contextual approach. He also could see the mission, purpose and passion for challenging the security status quo, and it was exhilarating.
The remainder of the interview is in his words.
Palo Alto Networks core products are a platform that includes advanced firewalls designed to provide network security, visibility and granular control of network activity based on application, user, and content identification and cloud-based offerings that extend those firewalls to cover other aspects of security like advanced endpoint protection.
Its founder Nir Zuk was a member of the famed Israeli Defence Force Unit 8200 and is credited in 2005 as the inventor of the first stateful inspection (SPI) firewall and intrusion prevention system. He wanted to use the firewall to identify network traffic like applications, ports used, users (and method of access), to protect against bad behaviour (e.g. not known good), and provide fine-grained visibility and policy control over application access/functionality. Hence Palo Alto Networks is credited with the first Next Generation Firewall.
It now is more important to place these attacks into a context and begin to understand the big picture – why are you using an unknown mobile phone from Russia at midnight to access corporate networks and run an app? The context is all wrong and it can be stopped at network level until it is investigated.
The bigger question is how to ensure security does not cripple line-of-business apps. You can lock down a network and pretend it is 100% secure, but it will cripple the user experience. There needs to be a better way – how can we safely enable those apps?
Palo Alto Networks can perform a single pass deep packet inspection without slowing the network or WAN down and through whitelisting it identifies good behaviour and lets it past. Then if you find something odd you can inspect it and upload it to us for bare-metal (on a computer) testing and analysis – and have a response within a few minutes.
Cyber criminals, hackers, are very well organised and funded. They are using tools like machine learning and AI equal in sophistication to the best protection companies.
We use tools too but we have over 37,000 customers to help us and once we find an issue it protects all of them instantly. Palo Alto Networks has been successful – we are not a huge company, but we are achieving 30% year on year growth and adding about 2000 customers a quarter.
Final messages to iTWire readers
- Security is all our responsibility – “she will never be right again mate"
- The world has changed and the bad guys have as many resources as the good guys.
- Be prepared to ask hard questions and accept the bitter challenges.
- Cyber-crime and breaches are a matter of when, not if – you will be challenged every day.
- Consider security on a risk-based factor – what risk will you face if you are hacked, what will it cost to reinstate (if you can) and will you remain in business? What are the crown jewels to be protected at all costs?
- Boards need to look at security as the top priority and not hesitate to spend what is needed.
- Don’t accept fear, uncertainty and deception (FUD) propagated by many security vendors – call it out for what it is: BS.
- Focus on how you make the company resilient for tomorrow – yesterday has already happened.