Offense must be the new defense, RSA chief says
- By William Jackson
- Feb 28, 2012
SAN FRANCISCO — Warning that “we are at serious risk of failing,” RSA Executive Chairman Art Coviello said the IT security industry needs to go on the offensive.
“The harsh reality is that people in our line of work are going through hell in the last 12 months,” Coviello said Feb. 28 in his opening keynote at the annual RSA Conference.
Rather than the usual upbeat assessment of challenges and accomplishments in IT security that typically open the large cybersecurity conference, the tone for this year was set by the lyrics of the musical production number that opened the conference, a rendition of the Rolling Stones’ “You Can’t Always Get What You Want” (including the line “but...you get what you need”).
Intelligent security and other unsolved mysteries targeted at RSA
Advanced threats: The enemy is already within
The security landscape today has been dominated over the past year by the assumption that IT systems already are or will be compromised and security efforts must shift to detecting and mitigating compromises and protecting data in compromised systems.
Coviello called for intelligence-driven security systems that leverage large amounts of security data to create a proactive defense, so that the inevitability of compromise does not necessarily mean the inevitable loss of data. He called current defensive postures a patchwork of point solutions and regulatory-based policies that need to be replaced with actionable intelligence.
RSA had a share of security hell when its systems were breached last year in a high-profile attack that resulted in the loss of some critical information about its security tools. “We hope that the attack on us will strengthen the sense of urgency and resolve for all of us,” Coviello said.
That resolve will be required to enable the data sharing needed to create actionable security intelligence. “The age of big data has arrived in security,” Coviello said.
Making use of that data remains a challenge, said Scott Charney, Microsoft’s corporate vice president of Trustworthy Computing. “The problem is we have too much security data and we don’t know what to make of it,” he said at the conference. He added that the emergence of cloud computing could help in gathering analyzing that data to provide actionable intelligence.
Right now the bad guys are outpacing the security and IT industries with their flexible, cooperative models of operations. Security analysts need to adopt an offensive mindset in sharing and using data, Coviello said. He said there have been promising developments with the evolution of grassroots information-sharing networks.
Charney, in outlining advances made over the past decade at Microsoft in its Trustworthy Computing Initiative, laid out a similar vision in his look ahead at the future of the initiative. The future of security and privacy in a world in which vulnerabilities and exploits are inevitable lies in protecting data through the use of metadata associated with policies that will let creators and owners control data, he said.
The growth and change in security challenges facing the IT industry come at a time when cybersecurity is more important than ever, Coviello said.
“We are well past the tipping point where the real and digital worlds can be separated,” he said. “But trust in our digital world is at risk.”
That risk is increasing because of the slow response of the IT industry and its inability to act together, he warned.