RSA Chief Art Coviello Says Industry Needs to Share Information and Develop a New Generation of Security Analysts to Combat Rising The Tide of Advanced Cyber Attacks
San Francisco – RSA Conference 2011 – RSA’s Executive Chairman Art Coviello called on the industry to rethink traditional methods of security during his keynote speech this morning at the RSA Conference taking place in San Francisco this week.
Coviello told an audience gathered at the Moscone center in San Francisco that security vendors and practitioners need to shift their strategies beyond signature and perimeter-based defenses and collaborate to develop and adopt new intelligence-based approaches to information security.
“New breeds of cybercriminals, hacktivists, and rogue nation states have become as adept at exploiting the vulnerabilities of our digital world as our customers have become at exploiting its value,” Coviello said. “With increased speed, agility and cunning, attackers are taking advantage of gaps in security resulting from the openness of today’s hyperconnected infrastructures and the industry’s slow response to recognize the potency of the emerging threat landscape.”
Times are changing, Coviello said, and trust in the digital world is in jeopardy. He added that security systems must evolve from the current patchwork of controls serving up too much data and not enough intelligence to models that provide advanced monitoring capabilities, high-speed analytics and intelligent controls.
“Our mindset must shift away from playing defense and tracking meaningless individual events,” said Coviello. “We need the capability to sift through massive amounts of information lightning fast, creating predictive and pre-emptive counter-intelligence to spot the faint signals that may be all that’s visible in a sophisticated, stealthy attack.”
Coviello said the security industry has been going through “hell” over the past year with the recent epidemic of attacks. Referring to an attack on its own systems in March of 2011, Coviello stated, “Never has our responsibility to you been as firmly etched in our minds. We have a sense of urgency as never before to take the lessons we learned first-hand, and the privileged insight we obtain from other attacks to use them to drive our strategy, our investments and product roadmaps. In the final analysis, we hope that the awareness from our attack will strengthen the sense of urgency and resolve of everyone.”
Coviello called for the industry to rally together to take the following actions:
• Change how we think about security.
• Move to intelligence-driven security systems that are risk-based, agile, and contextual.
• Collaborate and Share information
• Train a new generation of security analyst to combat the rising tide of Advanced Attacks.
“We need to recognize, once and for all, that perimeter-based defenses and signature-based technologies are past their freshness dates, and acknowledge that our networks will be penetrated. We should no longer be surprised by this,” Coviello said.
“We are in combat with a host of adversaries and it’s time for us to fight back with creativity and innovation,” Coviello concluded. “By doing so we can ensure that the balance of control of our digital world remains in the hands of security practitioners.”
