Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:45 PM
Dark Reading
Dark Reading
Products and Releases

RSA Chief Rallies Industry to Improve Trust In The Digital World, After Year Filled With Cyberattacks

"Our mindset must shift away from playing defense and tracking meaningless individual events," said Art Coviello

SAN FRANCISCO, Feb. 28, 2012 /PRNewswire/ -- RSA Conference 2012 -- In his RSA Conference 2012 keynote address, Art Coviello, Executive Vice President of EMC and Executive Chairman of RSA, The Security Division of EMC (NYSE: EMC), called on the industry to rethink traditional methods of security - imploring security leaders, vendors and practitioners to rapidly advance security strategies beyond signature and perimeter-based defenses and to work together to develop and adopt new intelligence-based approaches to information security.

Coviello noted that up until recently, IT security has succeeded in making the internet safe enough to transform the world, but times are changing, and trust in the digital world is in jeopardy.

"New breeds of cybercriminals, hacktivists, and rogue nation states have become as adept at exploiting the vulnerabilities of our digital world as our customers have become at exploiting its value," said Coviello. "With increased speed, agility and cunning, attackers are taking advantage of gaps in security resulting from the openness of today's hyperconnected infrastructures and the industry's slow response to recognize the potency of the emerging threat landscape."

Coviello remarked that security systems must evolve from the current patchwork of controls serving up too much data and not enough intelligence to models that provide advanced monitoring capabilities, high-speed analytics and intelligent controls.

"Our mindset must shift away from playing defense and tracking meaningless individual events," said Coviello. "We need the capability to sift through massive amounts of information lightning fast, creating predictive and pre-emptive counter-intelligence to spot the faint signals that may be all that's visible in a sophisticated, stealthy attack."

In his keynote, Coviello observed that the security industry has been going through "hell" over the past year with the recent epidemic of attacks. Referring to the attack on RSA in March of 2011, Coviello stated, "Never has our responsibility to you been as firmly etched in our minds. We have a sense of urgency as never before to take the lessons we learned first-hand, and the privileged insight we obtain from other attacks to use them to drive our strategy, our investments and product roadmaps. In the final analysis, we hope that the awareness from our attack will strengthen the sense of urgency and resolve of everyone."

Coviello called for the industry to rally together to take the following actions:

-- Change how we think about security. The security industry must stop thinking linearly, "...blindly adding new controls on top of failed models. We need to recognize, once and for all, that perimeter-based defenses and signature-based technologies are past their freshness dates, and acknowledge that our networks will be penetrated. We should no longer be surprised by this," Coviello said. -- Transition to intelligence-driven security systems that are risk-based, agile, and contextual. Organizations must do a better job at evaluating risk from the inside out and the outside in - combining both broad and deep understanding of their material assets and internal environments with a wide range of external intelligence sources. Security frameworks must be based upon agile, predictive analytics and continuous monitoring. Finally, organizations need to develop systems that provide real-time access to the entirety of relevant information via advanced, Big Data-based security systems driven by the power of multi-source intelligence in order to achieve a contextual understanding of threats. -- Collaborate and Share information. The IT industry must do a better job of sharing its collective intelligence in real time "for the benefit of all," Coviello said. This is already beginning to happen, as grassroots networks of likeminded communities are sharing security intelligence as never before. -- Train a new generation of security analyst to combat the rising tide of Advanced Attacks. The new breed of analyst must have analytical and intelligence skills, 'big picture' thinking, people skills, a focus on offense (not just defense), and the ability to react with speed and precision. "We are in combat with a host of adversaries and it's time for us to fight back with creativity and innovation," Coviello concluded. "By doing so we can ensure that the balance of control of our digital world remains in the hands of security practitioners."

See Additional News this week from RSA, The Security Division of EMC:

-- New Research Reveals Cyber Risk Still Not Getting Adequate Attention from Boards and Senior Executives -- RSA Expands Industry-leading Capabilities in Threat Information Sharing -- RSA Collaborates with Mobile Technology Partners to Help Assure Trust for Mobile Business -- RSA and Zscaler Teaming Up to Deliver Trusted Access for Cloud Computing Additional Resources:

-- Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA Speaking of Security Blog and Podcast. About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations solve their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention, Continuous Network Monitoring, and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.EMC.com/RSA.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
rodell jr640
rodell jr640,
User Rank: Apprentice
3/15/2012 | 3:51:35 PM
re: RSA Chief Rallies Industry to Improve Trust In The Digital World, After Year Filled With Cyberattacks
There are advanced codes that will pre-eliminate the risked programs by the time that these hackers may have viewed something of interest, they may have already created a Vortex for Our suystems to hack them into their unknown vulnerabilities. They don't even know that those-exist in their world at all. It's really a little too late for some of the oldest hackers in the Business too, for they can never re-invent the Fact that they are not legal or unvulnerable because of some of the simplest facts like, "They are not the sharpest tools in the box even though they may have an ego that won't ever fit in Our ToolBoxes at all." So the enemy that may think they are within Us may have found that we were inside their Heads and really caused themselves more Problems that- they can afford for the Unforseeable future. That does not evolve as they may have once thought. Simply Speaking Intelligent Designed is always Created from a Higher Authority than something that crawls up out of the Premordial Oose. God Bless Our Best Thinking because there is always more to learn. Admiral O'Dell' Birdwell here wishing everyone a Happy St. Patricks Day. God is Green with Creation.
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...