Lightning Round with Mike Sikorski
What is the state of cybersecurity today?
Michael Sikorski, one of the cybersecurity industry’s technical leaders, is the founder and leader of the FireEye Mandiant FLARE team, one of the world’s top reverse engineering and threat analysis operations. Working with Mandiant Incident Response, his team helped uncover the SolarWinds supply chain backdoor malware. Sikorski recently joined Trinity Cyber’s Advisory Board. “I’m really excited to be part of a company that is directly disrupting and messing with the bad guy—live on the wire,” he said at the time. “This is a dream come true as someone who has been cleaning up after intruders and reverse engineering their malware for 14 years.”
Former companies: FireEye Mandiant FLARE Team and Mandiant Advantage Labs
Cybersecurity claim to fame: His perennial book Practical Malware Analysis was inducted into the Cybersecurity Canon Hall of Fame in 2019.
Here, Sikorski answers a few quick questions on the state of our industry today
When I joined FireEye through its acquisition of Mandiant, I had the chance to take all the best reverse engineers from both companies and create a super-mega team called FLARE, where we did reverse engineering, vulnerability analysis, and research and development. Altogether, I’ve been supporting the front lines of incident response and R&D for 14 years between Mandiant and FireEye. And through that time, my team has grown little by little through mergers and acquisitions. We ended up building educational courses on malware analysis and then products to be able to automate malware and threat analysis. We most recently became the innovation center for the Mandiant Advantage platform.
Outside of the people and raw expertise we have access to, I would say it is our data. And the reason the data we have is special is that we are doing about 400 incident responses a year worldwide. To put that in perspective: If there’s a big hack in Bangladesh, we probably go do the investigation. Any corporation or vendor gets hacked in the United States, we’re likely to be the ones behind the investigation. We’re the first ones to see what those attackers are doing. We know what an attacker is doing right this second, and at a very deep level. I lived through and supported some of the largest and most notable intrusions in history. I’m excited that through my role in Mandiant Advantage Labs we get this frontline data and can quickly put the knowledge we gain internally into the hands of customers.
Everyone gets breached—period. That has been Mandiant’s motto from the early days. Recently, FireEye disclosed that we were hacked. It wasn’t easy to stomach at first, but due to our expertise, experience, and perseverance, we were able to sort out what happened and discovered the now infamous SolarWinds supply chain backdoor. We ended up uncovering one of the biggest incidents in recent history because they used it against us, something I’m proud to have been a part of solving and sharing with the world.
Trinity Cyber’s technology takes bad things and makes them benign before they impact your network without tipping off the bad guy. Trinity Cyber makes malicious attachments clean and tricks vulnerability scanners into thinking you’re patched when you’re not.
People thought about it for sure, but no one really thought that it could be implemented at a speed that would be able to keep up with current rates of network traffic while being a real man in the middle. And nobody actually tried to build it with the knowledge of malware and the knowledge of the threats to be able to actually pull it off. Steve [Ryan] comes in and has the vision and the experience to know that he could pull it off. He is so driven to stop the bad guy, just like FireEye's CEO Kevin Mandia. They are very similar in that intense goal to get attackers. That, I think, is super cool and motivates me to be a part of their mission. It’s why I believe there’s a sense of shared purpose in the cybersecurity industry today.