Cybercrime, which Caccia believes will “always exist”, keeps the industry healthy and profitable. “That, and the explosion of data. The problem is about big data as much as security. We’ll [the information security industry] always be trying to catch up with the bad guys”. One of the problems, Caccia said, “is that we’re trying to layer on defense after we’ve built the cyberworld”.
Dr Prescott Winter, ex-CTO of NSA, joined ArcSight in March 2010 as their CTO. He, alongside the rest of his colleagues at ArcSight, is in the business of reducing cybercrime, which ArcSight categorise into four problems.
Caccia listed these four categories of cybercrime.“Cyber-fraud (“which is extremely hard to catch”); cyber-warfare (“which is the least common”); cyber-theft (“of which there are the most incidents”); and cyber-espionage (“which is recorded less”).
Caccia asserts that there is a line between cyber-espionage and cyber-warfare, and admits that their customers are worried about the latter. “They’re worried about cyber-war, but are we actually in it? I’m not sure”, he said.
Money spent, problem unsolved
When challenged about the amount of money spent on information security technology every year, and the lack of resolution for the problem, Caccia thinks carefully before responding. “Some companies spend money on technologies, which they then fail to use properly, and fail to apply the updates.
“Organisations are spending money in the wrong places. They need to evaluate risk, work out what is worth worrying about, and invest in that.”
Even those organisations that are spending their budget in the right way are up against a very intelligent hacker community. “There are smart hackers who are launching attacks that security companies can’t defend against. They find new holes, and new techniques to get around defense technology”.
Part of the problem, says Caccia, is the lack of deterrents for the bad guys. “It’s harder to attribute crime to people and organisations. You essentially become invisible [when hacking online]. Finding and prosecuting the hackers require skills that law enforcement agencies don’t have. They are trying, but they can’t share information with each other”, which is a real hurdle, Caccia admits.
Like most other information security vendors, ArcSight are looking at ways to take their security offerings into the cloud. “We haven’t got this solved yet, but we’re working with complimentary partners on this. It’s not a new business model, but there is opportunity”.
Hard times, easy growth
Despite the tough economic climate in the last few years, ArcSight has continued to prosper, boasting 33% growth in 2009. “Growth has been fairly consistent through the recession, and hasn’t slowed down in any way.”
Outside of ArcSight, Caccia sees an industry of opportunity also. “Funding is picking up in the Valley again, and we’ll see new start-ups. One of these will be the next big security player, that’s just the nature of the Valley.
“It’s a good time to start a new company – it’s easier to get space, and you don’t need as much money”, he concludes.