RSA: Security industry going through 'hell'

SAN FRANCISCO--The security industry has "gone through hell in the last 12 months", with the rising sophistication of cybercriminals outflanking traditional perimeter defenses and organizations not keeping up with technology savvy employees. 

That was the view of Art Coviello, executive vice president of EMC and vice president of RSA in his opening keynote at RSA Conference on Tuesday.

According to him, the security industry was facing "harsh realities", and was being challenged "like never before", especially over the past year that saw many attacks both on high-profile organizations and security vendors, including RSA. Attacks had also been so targeted that the breach of one organization was used as a stepping stone to attack another, he added.

The RSA veteran also noted that this was due to the new breed of hacktivists, cybercriminals and nation states that have become adept at exploiting the vulnerabilities of the digital world.

Coviello added that the slow response in recognizing the potency of the threats has given them the opportunity to coordinate and develop better intelligence to outflank traditional perimeter defenses.

Adding to the challenge is the adoption of new technology, such as social networking tools and mobile devices, which has been faster than what governments and enterprises can catch up with, he added, citing that there are currently 5.9 billion mobile phone subscribers worldwide and the number of people from China online has tripled over the past several years. Employees were used to using their own personal devices and have been bypassing the control of their IT departments, he said.

This view was reinforced by Enrique Salem, president and CEO of Symantec, who noted in a following keynote address that the workplace has changed with the entrance of the "digital native"--defined as someone born in the 1990s and "don't know a time without the Internet".

As they begin to enter the workforce, they will want a workplace with constant connectivity through their mobile devices and wired to social networks, blurring the line between business and personal lives, he said. Salem also acknowledged that "digital natives" will not think about security like the previous generation does, and will even prize having instant access to information and connectivity above security.

Organizations must recognize that perimeter based defenses and signature based technologies are "past their freshness date" and acknowledge that their networks will be penetrated, Coviello advised.

"In our interdependent world, we need to understand that an attack on one of us is an attack on all of us. But together, we can all learn from these experiences and emerge from this hell smarter and stronger than we were before," he said, pointing to a Winston Churchill quote--"If you're going through hell, keep going".

Need for intelligence-driven security
Coviello called for an intelligence-driven security system to cope with these trends.

"The security mindset of organizations must change from plain defense and tracking large volumes of meaningless individual advances, to acquiring the capabilities to sift through massive information lightning fast," he explained. "They must create predictive and pre-emptive counter intelligence to spot the faint signals that are all that's visible in a sophisticated stealthy attack."

He also pointed out that this security system required three capabilities.

The first was being risk-based, which will allow it to recognize the full potential impact and extent of the attack and expose threats early enough. He added that in the age of advanced threats, risk must be evaluated inside out and outside in, and that one must really "know [their] enemy".

The second trait was to be agile, Coviello said. "Existing approaches to managing security operations lack situational awareness, deep visibility and environmental agility needed to detect and thwart sophisticated attacks," he noted.

"What is needed is a security model which provides for intelligent control and advanced monitoring capabilities that understand patterns of user behavior and the flow of information so high risk anomalies in advance can be spotted in advace," surmised Coviello.

Lastly, contextual capabilities were needed. Coviello explained that an agile system of control and monitoring capabilities was effective only when a security event was delivered with complete context around it. The ability to succeed is dependent on having the best information available and intelligent based security systems need to rely on more than log data provided by traditional security management, he said.

RSA attack a humbling experience
In an interview on the sidelines of the event, the RSA executive told ZDNet Asia that the attack last March had felt like "a child being ripped from your arms". Nevertheless, being a security vendor which had been attacked, it had been a "humbling experience", he noted.

He reiterated that since the breach, the company had been working to regain customers' trust and confidence through "massive outreach efforts" such as talking to customers in forums and work with them on remediation steps.

Subsequently, the company did not suffer any further attacks and customers realized that the threat was "not as large as they thought it was" and that the remediation steps had been substaintial enough, Coviello explained.

He also added that the company was now able to apply lessons learnt "first hand" and use the insight obtained from the attack to drive strategy, investment and product roadmaps.

The intelligence-based security put forth during the keynote was also RSA's business strategy and direction after the attack, Coviello revealed.

According to him, physical world crimes are solved through the gathering of intelligence and forensics and the same can be done with online crime. However, online crime had the advantage of having far more evidence in the online world, he noted, citing that if a credit card is stolen in the physical world, "nobody knows where to find it". On the other hand, if someone steals credit card information and performs online fraud, they will be able to trace the IP address.

Ellyne Phneah of ZDNet Asia reported from the RSA Conference 2012 in San Francisco, USA.