RSA Chief Rallies Industry to Improve Trust In The Digital World, After Year Filled With Cyberattacks"Our mindset must shift away from playing defense and tracking meaningless individual events," said Art Coviello
SAN FRANCISCO, Feb. 28, 2012 /PRNewswire/ -- RSA Conference 2012 -- In his RSA Conference 2012 keynote address, Art Coviello, Executive Vice President of EMC and Executive Chairman of RSA, The Security Division of EMC (NYSE: EMC), called on the industry to rethink traditional methods of security - imploring security leaders, vendors and practitioners to rapidly advance security strategies beyond signature and perimeter-based defenses and to work together to develop and adopt new intelligence-based approaches to information security.
Coviello noted that up until recently, IT security has succeeded in making the internet safe enough to transform the world, but times are changing, and trust in the digital world is in jeopardy.
"New breeds of cybercriminals, hacktivists, and rogue nation states have become as adept at exploiting the vulnerabilities of our digital world as our customers have become at exploiting its value," said Coviello. "With increased speed, agility and cunning, attackers are taking advantage of gaps in security resulting from the openness of today's hyperconnected infrastructures and the industry's slow response to recognize the potency of the emerging threat landscape."
Coviello remarked that security systems must evolve from the current patchwork of controls serving up too much data and not enough intelligence to models that provide advanced monitoring capabilities, high-speed analytics and intelligent controls.
"Our mindset must shift away from playing defense and tracking meaningless individual events," said Coviello. "We need the capability to sift through massive amounts of information lightning fast, creating predictive and pre-emptive counter-intelligence to spot the faint signals that may be all that's visible in a sophisticated, stealthy attack."
In his keynote, Coviello observed that the security industry has been going through "hell" over the past year with the recent epidemic of attacks. Referring to the attack on RSA in March of 2011, Coviello stated, "Never has our responsibility to you been as firmly etched in our minds. We have a sense of urgency as never before to take the lessons we learned first-hand, and the privileged insight we obtain from other attacks to use them to drive our strategy, our investments and product roadmaps. In the final analysis, we hope that the awareness from our attack will strengthen the sense of urgency and resolve of everyone."
Coviello called for the industry to rally together to take the following
-- Change how we think about security. The security industry must stop
thinking linearly, "...blindly adding new controls on top of failed
models. We need to recognize, once and for all, that perimeter-based
defenses and signature-based technologies are past their freshness
dates, and acknowledge that our networks will be penetrated. We should
no longer be surprised by this," Coviello said.
-- Transition to intelligence-driven security systems that are risk-based,
agile, and contextual. Organizations must do a better job at evaluating
risk from the inside out and the outside in - combining both broad and
deep understanding of their material assets and internal environments
with a wide range of external intelligence sources. Security frameworks
must be based upon agile, predictive analytics and continuous
monitoring. Finally, organizations need to develop systems that provide
real-time access to the entirety of relevant information via advanced,
Big Data-based security systems driven by the power of multi-source
intelligence in order to achieve a contextual understanding of threats.
-- Collaborate and Share information. The IT industry must do a better job
of sharing its collective intelligence in real time "for the benefit of
all," Coviello said. This is already beginning to happen, as grassroots
networks of likeminded communities are sharing security intelligence as
-- Train a new generation of security analyst to combat the rising tide of
Advanced Attacks. The new breed of analyst must have analytical and
intelligence skills, 'big picture' thinking, people skills, a focus on
offense (not just defense), and the ability to react with speed and
"We are in combat with a host of adversaries and it's time for us to fight back with creativity and innovation," Coviello concluded. "By doing so we can ensure that the balance of control of our digital world remains in the hands of security practitioners."
See Additional News this week from RSA, The Security Division of EMC:
-- New Research Reveals Cyber Risk Still Not Getting Adequate Attention
from Boards and Senior Executives
-- RSA Expands Industry-leading Capabilities in Threat Information Sharing
-- RSA Collaborates with Mobile Technology Partners to Help Assure Trust
for Mobile Business
-- RSA and Zscaler Teaming Up to Deliver Trusted Access for Cloud Computing Additional Resources:
-- Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA
Speaking of Security Blog and Podcast.
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations solve their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention, Continuous Network Monitoring, and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.EMC.com/RSA.