SAN FRANCISCO -- Security pros need mechanisms to sift security event data and predict attackers’ next moves, creating an intelligence-driven program that’s more agile than current signature-based defenses. That was the message delivered by Art Coviello, executive vice president of RSA, the security division of EMC, during his keynote address Tuesday at RSA Conference 2012.
Security teams will have the power to recognize the enemy within quickly, isolate compromised elements of infrastructure, protect information assets, and render attacks harmless.
RSA Security Division of EMC
Coviello painted his vision for the future based on an infrastructure that analyzes security data and is enhanced by information sharing and cooperation within the security industry. Coviello urged security pros to stop blindly adding new controls to failed models, specifically mentioning signature-based technologies that are “past their freshness date.”
“Today we have an uncoordinated set of product silos,” Coviello observed. “We need to stop investing in these.”
Coviello said security pros have been through hell over the past 12 months. To put the balance of control back in the hands of security practitioners, Coviello prescribed a multi-source, intelligence-driven security system. Such a system, according to Coviello, must be risk-based, agile and contextual.
Coviello believes today’s security systems have been stalled by security pros spending too much time sifting through too much data. The context around that data has been limited to SIEM platforms that rely primarily on internal information. To resolve these problems, Coviello urged security teams to adopt a big data model, including data sets from external sources. “With big data, security teams can stop wasting time tracking meaningless events,” he said.
“[Security teams] will have what they really need to be most effective in their jobs – ready answers to the most difficult questions about advanced threats, compliance, fraud and other risks,” Coviello said. “Security teams will have the power to recognize the enemy within quickly, isolate compromised elements of infrastructure, protect information assets, and render attacks harmless.”
Coviello’s keynote address, Sustaining Trust in a Hyperconnected World, started out on a positive note. He reviewed global data transfer, online commerce and Internet banking, noting these advancements were made possible by security that is “safe enough.” However, the talk quickly turned bleak as Coviello spoke of security threats that are faster and more targeted than ever before.
“Quite frankly, our slow response and our inability to work together puts us at serious risk of failing,” Coviello warned.
Coviello took a moment to acknowledge his own company’s version of hell, referring to the widespread SecurID breach suffered by RSA last March. Coviello attempted to put a positive spin on the experience. “We are using what we learned. We hope the attacks on us will strengthen the urgency of all.”
Coviello conceded that information sharing among security pros has been a failure to date, due to mistrust and legal constraints among enterprises, but pointed hopefully to grass root efforts of groups of security pros. These groups are sharing security intelligence and actionable information.
For RSA’s part in fostering information sharing, Coviello pointed to Getting Ahead of Advanced Threats: Achieving Intelligence-Driven Information Security(.pdf), a report by the Security for Business Innovation Council (SBIC), sponsored by RSA, with contributions from CISOs from a number of industries.
“Cooperation can give us the intelligence-driven security system we need,” Coviello concluded. “Together we can emerge from this hell.”
View all of our RSA 2012 Conference coverage.