Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

RSA Executive Keynote: “We All Have to Accept The Fact That Bad Guys Are in Our Network”

Art Coviello RSA Conference Europe 2012

Art Coviello, Executive Chairman at RSA, Addresses RSA Europe Attendees Tuesday in London. (Image Credit: RSA Conference)

Art Coviello RSA Conference Europe 2012

Art Coviello, Executive Chairman at RSA, Addresses RSA Europe Attendees Tuesday in London. (Image Credit: RSA Conference)

RSA Executives Call For Intelligence-driven Security Strategies, Security Budgets Better Aligned to Address New Threats

LONDON, UK – RSA CONFERENCE EUROPE 2012 – Information security professionals from across Europe gathered in London today for day one of RSA Conference Europe, which is being held this week at the Hilton London Metropole Hotel.

Kicking off the conference was a joint keynote from RSA executives Art Coviello and Tom Heiser who addressed outdated security models, practices and technologies holding back security teams from effectively protecting their organizations against evolving risks and advanced threats.

Coviello, RSA’s Executive Chairman, advocated for a rebalancing of risk priorities and security spending to increase the emphasis on more proactive, intelligence-driven security strategies.

He attributed current budget allocations, a skills shortage and the “perception versus reality gap” as key challenges holding back security organizations from keeping pace with today’s cyber risks and advanced threats.

“The implication of these forces is that security models are not moving fast enough to make the transition from perimeter-based to intelligence-based security while adversaries become more sophisticated,” Coviello said. “Confusion about what to do abounds because of this ‘perception versus reality’ gap as well as an increasing spread between sophisticated and naïve organizations, largely based on the aptitude of personnel.”

Coviello offered an intelligence-driven security model based on a thorough understanding and reprioritization of business risk that results in risk mitigation strategies that when implemented produce threat-resistant organizations that also meet compliance mandates. This model, Coviello says, requires agile controls based on pattern recognition and predictive analysis, and the use of big data analytics to give context to the large volumes of data collected from numerous sources.

Advertisement. Scroll to continue reading.

RSA President Tom Heiser agreed with Coviello that an intelligence-driven security model is key, and highlighted several examples of progress being made by organizations that employ a risk-based, intelligence-driven security strategy:

• Some organizations are evolving the traditional Security Operations Center into an advanced Security Analytics Center, delivering the situational awareness and threat analytics required for active defense.

• Organizations are putting increased focus on authentication and access management controls as they enable more access to networks and digital resources, especially in light of mobile, cloud and the Bring Your Own Device “user revolution.”

• Organizations are shifting the relationship between compliance and security to ensure that a strong security posture, with appropriate reporting, can lead to a strong compliance posture.

• Discussions about cyber risk and security are happening more at the board level as senior executives turn to their security teams to help them better understand the risks to their business.

“In an age of openness where successful breaches are to be expected, if not inevitable, the balance of security spending must shift,” Coviello said. “Without rebalancing this spend it will become increasingly difficult, if it isn’t already, for organizations to have the ability to timely detect a breach and have the capability to respond fast enough to avoid loss.”

Heiser concluded by explaining that the progress in security may seem to be met with new challenges but in aggregate, he sees evidence that mindsets are changing.

Perimeter–centric approaches to security are being replaced by a more mature model that if done right can offer organizations confidence in their ability to defend today’s open, hyper-connected and distributed digital infrastructures, Heiser explained.

“More companies every day are acknowledging that in order to survive in this new era of attacks we all have to accept the fact that bad guys are in our network. Period,” Heiser said.

Heiser did, however, say that he is seeing more companies move past the “knee-jerk reaction” that a breach of any sort is a “catastrophic failure”.

“Customers, more executives and more boards of directors are starting to understand that accepting the fact that intrusions will occur is not the same as accepting that losses of sensitive information, malicious vandalism or other harm have to occur,” he said. “They are adopting new tools and new tactics to balance broad, easy access to information with agile, effective security.”

According to data released by Gartner last month, worldwide spending on security is expected to rise to $60 billion in 2012, up 8.4 percent from $55 billion in 2011. While weak economic conditions have put pressure on IT budgets overall, Gartner expects the increase in security-related IT spending to continue, reaching $86 billion in 2016.

Sessions scheduled for tomorrow (Wednesday, Oct. 10) include Dr. Marnix Dekker, Security Expert and Information Security Officer, ENISA discussing his latest Cloud Security research. His discussion will be followed by a fast-paced and interactive panel featuring RSA Conference Program Committee Chairman Hugh Thompson leading a conversation with Wolfgang Kandek, CTO at Qualys, and Josh Corman, Director of Security Intelligence at Akamai.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem