Security suppliers can help improve overall internet security by embedding technologies in consumer-facing services,...
says RSA president Art Coviello.
"For example, by embedding risk-based authentication technology in online banking services, financial institutions can block risky transactions," he told the RSA Europe 2010 conference in London.
"If an online banker's IP address suddenly appears in Russia, or funds are being transferred to a bank account in Latvia, it is likely to be a fraudulent transaction," he said.
The security industry needs to help consumers by partnering with organisations such as banks, he said, because we know consumers are not qualified to protect themselves and we assume most of their machines are infected by malware.
Continuing his theme of integrated, correlated defence systems for his keynote, Coviello said, "We need to create ecosystems of good guys," to underscore a call for greater interoperability between suppliers.
"There will always be areas we can improve, and no security or infrastructure supplier will ever be able to go it alone and do it all," he said.
Systems that can provide the same protection for information as air traffic control systems do for thousands of flights daily, he said, is if they are able to take feeds from a wide variety of information consoles from different suppliers.
Asked about the significance of the Stuxnet worm, which targets critical infrastructure control systems, Coviello said it proves the possibility of something security professionals have been worried about for some time.
"For a piece of malware to be able to create mayhem in the physical world is disturbing," he said.
Another disturbing thing about Stuxnet, he said, is that it signals a whole new level of malware sophistication to come.
Coviello reiterated the need for collaboration, and said that was why RSA was forming strategic coalitions with companies such as VMware and Cisco to give enterprises the confidence they need in cloud computing.
"It is natural for security to become part of other systems, and by enabling security in the virtualised environment, we can free up security professionals from operational roles to focus on identifying risks and ways to mitigate them," he said.
The security industry will see more consolidation as enterprises move increasingly to virtualisation and cloud computing, either through acquisitions or coalitions, Coviello said.
EMC was ahead of the curve by acquiring RSA, he said, but others have followed, such as HP's acquisition of Arcsight and Intel's acquisition of McAfee, as organisations have understood that security needs to be part of the stack.
"Coalitions, collaboration and co-operation has to be the order of the day, and RSA will continue to seek partners outside the family," he said.