Connect with us

Hi, what are you looking for?


Management & Strategy

RSA Chairman: Spend Less Time and Energy Trying to Identify Attackers

SAN FRANCISCO – RSA CONFERENCE 2013 – The security industry needs to stop spending time and energy trying to identify the perpetrators behind the attacks and start focusing on using big data analytics to beef up defenses, RSA Security’s executive chairman said in the opening keynote for the RSA Conference.

SAN FRANCISCO – RSA CONFERENCE 2013 – The security industry needs to stop spending time and energy trying to identify the perpetrators behind the attacks and start focusing on using big data analytics to beef up defenses, RSA Security’s executive chairman said in the opening keynote for the RSA Conference.

RSA’s Art Coviello told attendees on Tuesday morning that as more organizations embrace big data analytics, they will also be able to share the security intelligence with other companies to enhance everyone’s overall security posture.

While the industry shouldn’t give up trying to uncover the perpetrators entirely, the focus needs to be much less, Coviello said. When a company admits to being attacked, much of the attention on trying to figure out exactly who did it, but it winds up being a distraction to the company from actually preventing attacks.

“Do we really need to see a smoking gun to know there’s a dead body lying on the floor?” Coviello asked the audience. “For the most part, we know who they are,” he said.

The bigger question is what the government is going to do about the attack, he said. “What are we going to do to better defend ourselves?” Coviello wanted to know. Criminals share information, but for some reason, the industry hasn’t really moved towards a model for information sharing, Coviello pointed out.

“The past six years have shown that already multiple nation states are targeting multiple other countries, and that no one is not at risk,” Coviello said.

Businesses need to move to intelligence-based security systems that will detect and respond to attacks in a much more rapid manner. The industry needs to share threat intelligence generated by mining the information buried in structured and unstructured data. With access to actual threat intelligence, organizations can prepare for the next attack, Coviello said. The problem is that companies are reluctant to admit they had been breached. “There is no shame in being breached. The shame is in not evolving security infrastructures to detect and respond to new types of attack,” Coviello said.

Advertisement. Scroll to continue reading.

Organizations need to develop a better understanding of the security risks they face and revamp security controls to fit the new threat landscape. In the past, security controls were isolated and static. Now, organizations have to switch to controls that are agile, predictive, and able to identify anomalous activities and behaviors, Coviello said.

“If we adopt this approach, we could keep pace with and even get ahead of attackers, which is critically important,” he said.

This isn’t the first time Coviello talked about intelligence-driven security, as he discussed how it can change security during the opening keynote at last year’s conference. This year, however, he said the concept has become conventional wisdom, but the industry needs to expand the scope of the data being shared. There also needs to be more sources of data available.

“The more information sources, the better,” he said.

“We need to accumulate data in a way that security information and event management systems can’t. Security management itself has to be big data-oriented,” Coviello said.

Many members of the press believe the security industry is over-hyping the cyber-security threat, Coviello warned, creating a “PR gap.” The industry has to bear some of the blame for the gap, however, because of “FUD-oriented marketing,” Coviello said. Using phrases such as ‘cyber Pearl Harbor’ may gain attention, raise awareness, and make for great headlines, “but do nothing to improve the broader understanding of the situation,” he said.

Coviello touched a little bit on geopolitics, calling out countries that sponsor cyber-attacks. “It’s clear to me as it is to all of you that…all nations need to be governed by rule of law and respect for property, not just in word, but in deed,” Coviello said as the room burst into applause.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.