Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Dmitri Alperovitch

, 32


Leah Busque

The cofounder of the security company CrowdStrike wants to help cyberattack victims strike back.

“After the investigation of Operation Aurora, the cyberattack on Google from within China that was revealed in 2010, I realized a completely new type of security strategy and technology was needed. I was leading research at McAfee and had been involved in investigations of criminal activity online, working closely with law enforcement. Aurora put us up against a nation-state, not a criminal. I was briefing the State Department as they crafted statements for Hillary Clinton to make publicly about the issue.

The online criminal problem was and is a big issue, but it pales in comparison to what nation-state attacks are doing to this country and our allies. Google has one of the best security teams on the planet, better than most government organizations, but they and many other companies with very good security practices were still getting hit. The problem was not the security widgets and technology they were using; it was the strategy. That’s why I left McAfee to start CrowdStrike.

The industry and the government were using a passive strategy of trying to detect and block cyberattacks, and that doesn’t work against an actor that’s really determined. China’s army is not going to give up and say, ‘Well, we’re out of the cyber-espionage business.’ What you really want is for a cyberattack to be very costly and risky, so it is used only rarely and only against really high-value targets. 

Today security companies look for malware and software exploits, but they change constantly. And new ones are launched by the hundreds of thousands each day. At CrowdStrike we look for traces of the adversary and try to find out who the adversary is, what they are after, and what their tradecraft is. We also disseminate that information to enable collective action. It doesn’t have to just be every company for themselves—they can band together and maybe join with government to put pressure on the enemy. We’re starting to see that with some of the public disclosures about China, including ones I’ve done, leading the U.S. administration to start talking openly about the problem. That helped lead to Obama raising the issue at his summit with the Chinese president.

We use data from many sources to detect traces of adversaries and uncover everything we possibly can about them. Our customers can find out who is targeting them and how. We’ve showed how we could see the Chinese navy crafting spear-phishing e-mails so we could warn targets before they even received one.

We call this new strategy ‘active defense.’ We respect the law, but we’re in discussions with Congress about making changes because most relevant laws were written in 1986. We should enable the private sector to engage in self-defense in the cyber world, like we do in the physical world. Mall cops protect property the government doesn’t have the resources to protect. A cyber-world equivalent could be allowing some licensed cybersecurity companies or individuals to take certain actions in defense of a network. That should not involve retaliations; hacking back to destroy the other guy’s machine has no useful purpose and should be illegal. But if you see your data going to some other network, why can’t you go into that network for the purpose of getting your data back, or take data off that machine to mitigate the damage? Allowing the private sector to do things like that can help companies make themselves a much less attractive target.”

—as told to Tom Simonite



Credits: Illustration by Golden Cosmos, photo courtesy of Dmitri Alperovitch

Tagged: Business, Web, Mobile, EmTech2014

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me