Security Experts:

RSA Chairman: Spend Less Time and Energy Trying to Identify Attackers

SAN FRANCISCO - RSA CONFERENCE 2013 - The security industry needs to stop spending time and energy trying to identify the perpetrators behind the attacks and start focusing on using big data analytics to beef up defenses, RSA Security's executive chairman said in the opening keynote for the RSA Conference.

RSA's Art Coviello told attendees on Tuesday morning that as more organizations embrace big data analytics, they will also be able to share the security intelligence with other companies to enhance everyone's overall security posture.

While the industry shouldn't give up trying to uncover the perpetrators entirely, the focus needs to be much less, Coviello said. When a company admits to being attacked, much of the attention on trying to figure out exactly who did it, but it winds up being a distraction to the company from actually preventing attacks.

“Do we really need to see a smoking gun to know there's a dead body lying on the floor?” Coviello asked the audience. “For the most part, we know who they are,” he said.

The bigger question is what the government is going to do about the attack, he said. “What are we going to do to better defend ourselves?” Coviello wanted to know. Criminals share information, but for some reason, the industry hasn't really moved towards a model for information sharing, Coviello pointed out.

“The past six years have shown that already multiple nation states are targeting multiple other countries, and that no one is not at risk,” Coviello said.

Businesses need to move to intelligence-based security systems that will detect and respond to attacks in a much more rapid manner. The industry needs to share threat intelligence generated by mining the information buried in structured and unstructured data. With access to actual threat intelligence, organizations can prepare for the next attack, Coviello said. The problem is that companies are reluctant to admit they had been breached. “There is no shame in being breached. The shame is in not evolving security infrastructures to detect and respond to new types of attack,” Coviello said.

Organizations need to develop a better understanding of the security risks they face and revamp security controls to fit the new threat landscape. In the past, security controls were isolated and static. Now, organizations have to switch to controls that are agile, predictive, and able to identify anomalous activities and behaviors, Coviello said.

“If we adopt this approach, we could keep pace with and even get ahead of attackers, which is critically important,” he said.

This isn't the first time Coviello talked about intelligence-driven security, as he discussed how it can change security during the opening keynote at last year's conference. This year, however, he said the concept has become conventional wisdom, but the industry needs to expand the scope of the data being shared. There also needs to be more sources of data available.

“The more information sources, the better,” he said.

“We need to accumulate data in a way that security information and event management systems can't. Security management itself has to be big data-oriented,” Coviello said.

Many members of the press believe the security industry is over-hyping the cyber-security threat, Coviello warned, creating a “PR gap." The industry has to bear some of the blame for the gap, however, because of “FUD-oriented marketing,” Coviello said. Using phrases such as 'cyber Pearl Harbor' may gain attention, raise awareness, and make for great headlines, “but do nothing to improve the broader understanding of the situation,” he said.

Coviello touched a little bit on geopolitics, calling out countries that sponsor cyber-attacks. “It's clear to me as it is to all of you that...all nations need to be governed by rule of law and respect for property, not just in word, but in deed,” Coviello said as the room burst into applause.

Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.