In Wake Of Data Breach, Bit9's New CSO Is Shoring Up Security Defenses

Printer-friendly version Email this CRN article

Bit9 Chief Security Officer Nick Levay has been at the job for only three months, but he told CRN that he already has added staff and is executing against a priority list to bolster security procedures and infrastructure at the whitelisting vendor.

Levay, who joined Waltham, Mass.-based Bit9 in June, served six years at the Center for American Progress, a Washington, D.C., think tank, where he was director of technical operations and information security. Levay said that organization was targeted daily by sophisticated attacks, putting him in a good position to address security operations at Bit9, which suffered a high-profile data breach.

"I have a lot of initiatives and projects under way," Levay told CRN. "There is a mixture of maturing our infrastructure, building out the way our [security operations center] operates and maturing procedures for handling things. It's a lot of stuff."


[Related: Verizon Analysis: Top 10 Causes Behind Data Breaches]

The whitelisting vendor revealed the data breach in February. The firm provided details about the breach, which began with a SQL injection attack, a common Web-based attack that targets the back-end system that services company websites. The company said once attackers got in, they were able to install a back door and, due to an "operational deficiency," the malware was able to execute because the company's whitelisting software wasn't installed on some systems.

The breach struck at the heart of the company's intellectual property, giving attackers access to digital code-signing certificates. They then used the certificates to target Bit9 customers. In the hands of attackers, the code-signing certificates enabled malware to execute on systems protected by the vendor's whitelisting software. At least three firms were attacked using the stolen certificates before Bit9 revoked them. The company reportedly released details to antivirus vendors regarding more than two dozen malware types created using the stolen certificates.

Levay declined to discuss specifics but said much of the work he is overseeing was prompted by the data breach. "I'm really building out best practices in how we run our [security operations center] and we handle our operations," he said.

"Before I even got here, a lot of very good actions were taken in the wake of the breach to ensure that the types of deficiencies that led to the breach would not occur again," Levay said. "There is a degree of which that I have been taking what has already been started, maturing it and taking the additional steps."

NEXT: Levay Says Center For American Progress Under Constant 'Onslaught'

Printer-friendly version Email this CRN article