RSA Conference 2012: Need for a New Approach to IT Security

Giving a call to the security industry to unite against the cyber criminals, Arthur Coviello, Jr., EVP, EMC Corporation, and executive chairman, RSA, the security division of EMC, said that they (the IT security industry) are not going to take it anymore.

“An attack on one of us is an attack on all of us,” he said, emphasizing the need for the security industry to unite to present a strong opposition to the emerging threat landscape in the cyber world.

“The era of siloed line up of point products is over,” he said in his keynote address, Sustaining trust in a hyperconnected world, at the Mascone Centre in San Francisco on Tuesday (28 Feb). His opening speech kicked off The RSA Conference 2012 here today.

“We must ensure that the balance of control lies in the hands of the security practitioners,” he said, referring to the position of control currently being enjoyed by the faceless and nameless cyber attackers, hackers, and data thieves. “We are in a race with our adversaries. Right now, they are winning.”

“We must fight back with creativity and new thinking,” he said.

Today’s security models are outdated

“Today’s security models are just too inadequate,” he said. Hackers and cyber criminals are taking advantage of gaps in security and our inability to band together, he added.

Citing a research finding, Coviello said that 79 percent of online breaches take weeks to discover. This is very slow compared to the rate at which cyber criminals are able to use or monetize the stolen data. They cash out the stolen data within days or hours of an attack.

In the changing circumstances, the RSA chief said that security companies will have to shun failed models and governments and companies will have to learn to secure what they can’t control.

He said that the security breach that RSA experienced last year has imbued the company with a sense of urgency and they are trying to their best to win the trust of their customers. “We have to learn from our own mistakes,” he said.

Need for intelligence-driven security

“Educating IT users is important but people will make mistakes,” he said, underlining the need for a new security management paradigm.

The security industry will have to be able to spot the faint signals in the cyber space, he said.

Coviello advocated a new approach to handling IT security -multi-source intelligence-driven security.

This new approach will be built on three pillars-risk-based security; agility (that is, the system should not lack situational awareness), and contextual capabilities.

According to Coviello, this new approach could work now owning to the enormous data available to security professionals today. Big data can help enhance security like never before and systems could use data sets, analytics and actionable info to provide better security to user communities, he said.

The new security professionals will have to have an offensive mindset to intercept threats, he added.

The RSA conference will continue until March 2 when former British Prime Minister Tony Blair is scheduled to give his remarks.

(The writer traveled to attend the RSA Conference 2012 in San Francisco as a guest of RSA)