Risk
3/9/2012
08:45 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

RSA Chief Rallies Industry to Improve Trust In The Digital World, After Year Filled With Cyberattacks

"Our mindset must shift away from playing defense and tracking meaningless individual events," said Art Coviello

SAN FRANCISCO, Feb. 28, 2012 /PRNewswire/ -- RSA Conference 2012 -- In his RSA Conference 2012 keynote address, Art Coviello, Executive Vice President of EMC and Executive Chairman of RSA, The Security Division of EMC (NYSE: EMC), called on the industry to rethink traditional methods of security - imploring security leaders, vendors and practitioners to rapidly advance security strategies beyond signature and perimeter-based defenses and to work together to develop and adopt new intelligence-based approaches to information security.

Coviello noted that up until recently, IT security has succeeded in making the internet safe enough to transform the world, but times are changing, and trust in the digital world is in jeopardy.

"New breeds of cybercriminals, hacktivists, and rogue nation states have become as adept at exploiting the vulnerabilities of our digital world as our customers have become at exploiting its value," said Coviello. "With increased speed, agility and cunning, attackers are taking advantage of gaps in security resulting from the openness of today's hyperconnected infrastructures and the industry's slow response to recognize the potency of the emerging threat landscape."

Coviello remarked that security systems must evolve from the current patchwork of controls serving up too much data and not enough intelligence to models that provide advanced monitoring capabilities, high-speed analytics and intelligent controls.

"Our mindset must shift away from playing defense and tracking meaningless individual events," said Coviello. "We need the capability to sift through massive amounts of information lightning fast, creating predictive and pre-emptive counter-intelligence to spot the faint signals that may be all that's visible in a sophisticated, stealthy attack."

In his keynote, Coviello observed that the security industry has been going through "hell" over the past year with the recent epidemic of attacks. Referring to the attack on RSA in March of 2011, Coviello stated, "Never has our responsibility to you been as firmly etched in our minds. We have a sense of urgency as never before to take the lessons we learned first-hand, and the privileged insight we obtain from other attacks to use them to drive our strategy, our investments and product roadmaps. In the final analysis, we hope that the awareness from our attack will strengthen the sense of urgency and resolve of everyone."

Coviello called for the industry to rally together to take the following actions:

-- Change how we think about security. The security industry must stop thinking linearly, "...blindly adding new controls on top of failed models. We need to recognize, once and for all, that perimeter-based defenses and signature-based technologies are past their freshness dates, and acknowledge that our networks will be penetrated. We should no longer be surprised by this," Coviello said. -- Transition to intelligence-driven security systems that are risk-based, agile, and contextual. Organizations must do a better job at evaluating risk from the inside out and the outside in - combining both broad and deep understanding of their material assets and internal environments with a wide range of external intelligence sources. Security frameworks must be based upon agile, predictive analytics and continuous monitoring. Finally, organizations need to develop systems that provide real-time access to the entirety of relevant information via advanced, Big Data-based security systems driven by the power of multi-source intelligence in order to achieve a contextual understanding of threats. -- Collaborate and Share information. The IT industry must do a better job of sharing its collective intelligence in real time "for the benefit of all," Coviello said. This is already beginning to happen, as grassroots networks of likeminded communities are sharing security intelligence as never before. -- Train a new generation of security analyst to combat the rising tide of Advanced Attacks. The new breed of analyst must have analytical and intelligence skills, 'big picture' thinking, people skills, a focus on offense (not just defense), and the ability to react with speed and precision. "We are in combat with a host of adversaries and it's time for us to fight back with creativity and innovation," Coviello concluded. "By doing so we can ensure that the balance of control of our digital world remains in the hands of security practitioners."

See Additional News this week from RSA, The Security Division of EMC:

-- New Research Reveals Cyber Risk Still Not Getting Adequate Attention from Boards and Senior Executives -- RSA Expands Industry-leading Capabilities in Threat Information Sharing -- RSA Collaborates with Mobile Technology Partners to Help Assure Trust for Mobile Business -- RSA and Zscaler Teaming Up to Deliver Trusted Access for Cloud Computing Additional Resources:

-- Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA Speaking of Security Blog and Podcast. About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations solve their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention, Continuous Network Monitoring, and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.EMC.com/RSA.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
rodell jr640
50%
50%
rodell jr640,
User Rank: Apprentice
3/15/2012 | 3:51:35 PM
re: RSA Chief Rallies Industry to Improve Trust In The Digital World, After Year Filled With Cyberattacks
There are advanced codes that will pre-eliminate the risked programs by the time that these hackers may have viewed something of interest, they may have already created a Vortex for Our suystems to hack them into their unknown vulnerabilities. They don't even know that those-Šexist in their world at all. It's really a little too late for some of the oldest hackers in the Business too, for they can never re-invent the Fact that they are not legal or unvulnerable because of some of the simplest facts like, "They are not the sharpest tools in the box even though they may have an ego that won't ever fit in Our ToolBoxes at all." So the enemy that may think they are within Us may have found that we were inside their Heads and really caused themselves more Problems that-Š they can afford for the Unforseeable future. That does not evolve as they may have once thought. Simply Speaking Intelligent Designed is always Created from a Higher Authority than something that crawls up out of the Premordial Oose. God Bless Our Best Thinking because there is always more to learn. Admiral O'Dell' Birdwell here wishing everyone a Happy St. Patricks Day. God is Green with Creation.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2963
Published: 2014-07-10
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

CVE-2014-3310
Published: 2014-07-10
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

CVE-2014-3311
Published: 2014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

CVE-2014-3315
Published: 2014-07-10
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

CVE-2014-3316
Published: 2014-07-10
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.