RSA 2009: Automation, Integration Key to Fighting Cyber Crooks

Security vendors who compete with each other now have no choice but to collaborate against increasingly clever bad guys, according to security industry leaders at RSA Conference 2009

SAN FRANCISCO -- A familiar theme is taking shape at this year's RSA security conference: With cyber cooks growing more clever and insidious, security vendors who compete with one another have no choice but to come together to fight a common enemy.

Arthur Coviello, president of RSA, the security division of EMC, has been making the point for the last few RSA conferences. This year, he used the analogy of the bad guys operating as an ecosystem; one with a sophisticated supply chain, collaboration and operations that are not bound by the same restraints the good guys follow.

"Technically adept, their fraud ecosystem is marked by innovation and agility and is highly opportunistic," he told attendees during his opening keynote. "Unlike you, they are not bound by any rules of law. They are not bound by service-level agreements beyond the 'honor among thieves' they share." [See Botnets: 4 Reasons It's Getting Harder to Find and Fight Them]

The breakthrough in fighting these criminals will come when different security products are made to act together in one infrastructure, he said, adding, "You want to know that you're entire security system is working, not just the individual products.

He said most security products perform four basic functions:

  • Policy management for defining and managing security rules that describe how our system should be governed.
  • Policy decision points that determine whether and where security policies are at risk of violation.
  • Policy enforcement for applying controls to prevent policy violations.
  • And policy audit for real-time monitoring and proof of policy compliance.

The problem, he said, is that delivering and replicating these functions within individual point products hampers the "dynamic management of risk" and prevents the security community from applying security in the context of behavior, content and real-time knowledge of the risk environment.

"One of the reasons fraudsters are so successful is they poke at the infrastructure until they find a weakness in the system," Coviello said. "Today's security products tend to protect an element of the infrastructure from a defined set of threats, so what do fraudsters do? They just work around those products."

That, he said, is why vendors must work together on a common infrastructure. To drive home the point, he was joined onstage by Brett Galloway, senior vice president of the wireless/security technology group at Cisco Systems, and Scott Charney, corporate vice president of Trustworthy Computing at Microsoft. Coviello noted that the two IT companies compete on many levels, but have also come together in a common purpose.

"We in fact are working together, beyond the obvious joint product areas and standards," Galloway said. "We've been working together toward better interoperability for some time, and there are lots of opportunities for security vendors' products to be integrated with our technology."

Charney added: "We have a common enemy. You see industry organizations getting together to share best practices, and there are huge opportunities to reinvent public/private partnerships."

Enrique Salem, president and CEO of Symantec Corp. delivered a similar message, saying the current security model isn't working and that it's time for security to become more "operationalized."

"Attackers are moving away from mass distribution in favor of micro distribution, and anyone can be a victim," he said. "Before you know it, you can lose your identity." Citing the most recent Symantec threat research, he noted that 90 percent of attacks last year targeted information. IT administrators often sets policies from within a silo that's inconsistent with the top-down, policy-based approach that's needed, he said.

"Security is often done piecemeal," he said. "Admins want products that work together, they want to have automation, integration, and the ability to respond more quickly to attacks."

In his keynote, Charney outlined Microsoft's strategy toward this end; specifically the software giant's End-to-End Trust initiative, which was first introduced by Microsoft Chief Research and Strategy Officer Craig Mundie at last year's RSA conference.

Charney gave an update on the initiative, which the company has billed as an effort to engage industry, consumers and policy makers in a serious discussion of online security problems. [See Microsoft's RSA Message: Internet Needs Trust to Grow and Microsoft Security on Display at RSA]

Copyright © 2009 IDG Communications, Inc.

The 10 most powerful cybersecurity companies