Truth be told, I haven't always agreed with Art Coviello's take on the security industry's future. One of the best examples came from RSA Conference 2007, when he predicted in his keynote that the stand-alone security industry would cease to exist within three years. Six years later, we've seen many security companies integrated into the larger IT providers. But there are still many stand-alone security companies.
But I give the man full credit for this: His reaction to the threat landscape has always been balanced and reasonable.
He scored some more points in my book Tuesday when, during a press event for the rollout of RSA Security Analytics, he said:
"I abhor the term Cyber Pearl Harbor. It's not security awareness we need, but a higher level of understanding. Language like 'Pearl Harbor' doesn't get us that understanding."
He added that while the outright destruction of the Internet from an attack is unlikely, "you don't need destruction to have a serious problem." In the case of banks and other businesses, the problem is the downtime caused by DDoS attacks, which translates into serious revenue losses.
That's the right message. We shouldn't be predicting outright doom and destruction, otherwise known as FUD. We should be focusing on the potential damage individual companies could face from DDoS-based downtime, and ways to mitigate the risks. In Coviello's case, the proposed solution was to buy RSA Security Analytics, the company's big push into the Big Data security market. Fair enough. The event was a product launch, after all.
[Also see: Big goals for Big Data]
In my opinion, cooler heads and lots of data will always be the best approach to managing risk. Vendor-based FUD only scares companies into buying so-called all-in-one solutions that don't really get the job done.
Having seen a lot of that in the last decade, I found Coviello's talk refreshing.