Blogs

Günter Ollmann

Günter Ollmann is chief security officer at Vectra. He has nearly 30 years of experience in information security in an array of cyber security consultancy and research roles. Before joining Vectra, Günter was CTO of Domain Services at NCC Group, where he drove strategy behind the company’s generic Top Level Domain (gTLD) program. He was also CTO at security consulting firm IOActive, CTO and vice president of research at Damballa, and chief security strategist at IBM. Günter is a widely respected authority on security issues and technologies and has researched, written and published hundreds of technical papers and bylined articles. Originally, Günter had wanted to be an architect but he lost interest after designing retaining walls during a three-month internship. After that, he qualified as a meteorologist but was lured to the dark side of forecasting Internet threats and cyber attacks. His amazing ability to see dead people stoked an interest in history and first-millennium archaeology. Günter holds a Bachelor of Sciences degree in Applied Physics and Mathematics and a Master of Sciences degree in Atmospheric Physics from the University of Auckland.
Find me on:

Recent Posts

Security automation isn't AI security

Posted by Günter Ollmann on Jan 17, 2017 2:11:52 PM

This blog was orignially published on ISACA Now.

In many spheres of employment, the application of Artificial Intelligence (AI) technology is creating a growing fear. Kevin Maney of Newsweek vividly summarized the pending transformation of employment and the concerns it raises in his recent article "How artificial intelligence and robots will radically transform the economy."

In the Information Security (InfoSec) community, AI is commonly seen as a savior – an application of technology that will allow businesses to more rapidly identify and mitigate threats, without having to add more humans. That human factor is commonly seen as a business inhibitor as the necessary skills and experience are both costly and difficult to obtain.

As a consequence, over the last few years, many vendors have re-engineered and re-branded their products as employing AI – both as a hat-tip to their customer’s growing frustrations that combating every new threat requires additional personnel to look after the tools and products being sold to them, and as a differentiator amongst “legacy” approaches to dealing with the threats that persist despite two decades of detection innovation.

The rebranding, remarketing, and inclusion of various data science buzzwords – machine intelligence, machine learning, big data, data lakes, unsupervised learning – into product sales pitches and collateral have made it appear that security automation is the same as AI security.

Read More »

Topics: cyber security, machine learning, cybersecurity, artificial intelligence, security automation


InfoSec skills shortage: The No. 1 threat to Internet security

Posted by Günter Ollmann on Nov 15, 2016 12:00:00 PM

When asked a poorly bounded question such as “What is the biggest threat to Internet security?”, the majority of quick-fire answers can likely be represented by the flags of a handful of nation states. Certainly the front-of-mind answer – identifying a cluster of hackers – represents a constant and escalating threat to business continuity and potential compromise.

Yet, if we introspectively examine the nature of our industry, we can easily argue that the biggest risk that Internet security faces is in fact our general inability to respond and counter the attacks launched by adversaries from around the world.

It is estimated that today there are over 1 million InfoSec positions unfilledgrowing to over 1.5 million by 2019 – and more than 200,000 of those vacancies are in the U.S. This global shortage of expertise and experience lies at the very heart of the InfoSec world’s ability to respond to cyber attacks – affecting vendors and consumers alike.

Read More »

Topics: it-security, cybersecurity, InfoSec


Exploiting the firewall beachhead: A history of backdoors into critical infrastructure

Posted by Günter Ollmann on Sep 28, 2016 11:00:00 AM


Sitting at the edge of the network and rarely configured or monitored for active compromise, the firewall today is a vulnerable target for persistent and targeted attacks

Read More »

Topics: Detection, Datacenter, firewall, backdoors, infrastructure, Data Center


From the Iron Age to the “Machine Learning Age”

Posted by Günter Ollmann on Aug 30, 2016 8:00:00 AM

It is likely self-evident to many that the security industry’s most overused buzzword of the year is “machine learning.” Yet, despite the ubiquity of the term and its presence in company marketing literature, most people – including those working for many of the vendors using the term – don’t actually know what it means.

Read More »

Topics: cyber security, machine learning, cybersecurity


DPI goes blind as encryption adoption increases

Posted by Günter Ollmann on Jun 1, 2016 10:49:05 AM

Governments and businesses that have traditionally relied upon deep packet inspection (DPI) or content-level inspection technologies to identify threats or control access across the perimeter of their networks are at the cusp of a dramatic and non-reversible sea change. Month on month organizations have observed the silent shift to encrypted communications, and with that, their visibility and control of network traffic has incrementally diminished.
 
As the encryption of North-South corporate network traffic reaches levels of 60% or more in most environments, organizations are finding themselves in the uncomfortable position of having to plan for the abandonment of the DPI-based perimeter defenses they’ve depended upon for a decade and a half. It would seem that IDS, IPS, DLP, and ADS are rapidly turning dark.
Read More »

Topics: cybersecurity, Deep Packet Inspection


Canary in the ransomware mine

Posted by Günter Ollmann on Mar 30, 2016 2:06:10 PM

 

A quick no-frills solution to ransomware inside the enterprise

Ransomware is clearly the scourge of 2016. Every week there is a new and notable enterprise-level outbreak of this insidious class of malware – crippling and extorting an ever widening array of organizations.

For a threat that is overwhelmingly not targeted, it seems to be hitting large and small businesses with great success.

The malware infection can come through the front door of a failed “defense-in-depth” strategy or the side door of a mobile device latched to the corporate network on a Monday morning.

Read More »

Topics: cybersecurity, Ransomware


Plan on losing visibility of your network traffic: Steps to take control

Posted by Günter Ollmann on Mar 8, 2016 11:49:57 AM

The ongoing Apple versus the FBI debate has me thinking more about the implications of encryption. Whether or not national governments around the globe choose to go down the path of further regulating encryption key lengths, requiring backdoors to encryption algorithms, mandating key escrow for law enforcement purposes, or generally weakening the implementations of encrypted communications and data storage in consumer technologies, the use of encryption will increase – and in parallel – network visibility of threats will decrease.

Read More »

Topics: Malware Attacks, SSL Encryption


Apple vs. the FBI: Some points to consider

Posted by Günter Ollmann on Feb 17, 2016 4:30:00 PM

In light of Apple’s response to the FBI’s request to gain access to San Bernardino shooter Syed Farook’s iPhone, I thought I would share some of my thoughts on this. It appears that there is some confusion in the connection of this request from the FBI with the bigger government debate on providing backdoors and encryption.

Let me attempt to break this down a little in the hopes of clearing some of that confusion:

  • Apple has positioned the request from the FBI to be a request to install a “backdoor” in their product. This is not correct. The FBI request is pretty specific and is not asking for a universal key or backdoor to Apple products.
  • The FBI request should be interpreted as a lawful request to Apple to help construct a forensics recovery tool for a specific product with a unique serial number.
  • The phone in question is an Apple 5C, and the method of access requested by the FBI is actually an exploitation of a security vulnerability in this (older) product. The vulnerability does not exist in the current generation of Apple iPhones. 
Read More »

Topics: Cyberattacks, network security, cybersecurity


The Chocolate Sprinkles of InfoSec

Posted by Günter Ollmann on Feb 2, 2016 10:30:33 AM

In the rapidly expanding world of threat intelligence, avalanches of static lists combine with cascades of streaming data to be molded by evermore sophisticated analytics engines the output of which are finally presented in a dazzling array of eye-candy graphs and interactive displays. 

For many of those charged with securing their corporate systems and online presence, the pressure continues to grow for them to figure out some way to incorporate this glitzy wealth of intelligence into tangible and actionable knowledge. 

Read More »

Topics: Cyberattacks, IDS, network security, cybersecurity


Who is watching your security technology?

Posted by Günter Ollmann on Jan 28, 2016 12:00:00 PM

It seems that this last holiday season didn’t bring much cheer or goodwill to corporate security teams. With the public disclosure of remotely exploitable vulnerabilities and backdoors in the products of several well-known security vendors, many corporate security teams spent a great deal of time yanking cables, adding new firewall rules, and monitoring their networks with extra vigilance.

It’s not the first time that products from major security vendors have been found wanting. 

It feels as though some vendor’s host-based security defenses fail on a monthly basis, while network defense appliances fail less frequently – maybe twice per year. At least that’s what a general perusal of press coverage may lead you to believe. However, the reality is quite different. Most security vendors fix and patch security weaknesses on a monthly basis. Generally, the issues are ones that they themselves have identified (through internal SDL processes or the use of third-party code reviews and assessment) or they are issues identified by customers. And, every so often, critical security flaws will be “dropped” on the vendor by an independent researcher or security company that need to be fixed quickly. 

Read More »

Topics: Cyberattacks, network security, cybersecurity


Subscribe to the Vectra Blog



Follow us