Security supplier RSA has called on the security industry to work together to win the war against threats to information...
Trust in the internet and IT systems is in jeopardy, according to Art Coviello, executive chairman of RSA, the Security Division of EMC.
The time for perimeter-based defence and signature-based malware detection is over, he told RSA Conference 2012 in San Francisco.
In the face of tremendous infrastructure change, mobile computing, cloud computing and the consumerisation of IT, security organisations are having to secure what they do not control and IT teams are having to manage what they do not control.
"I have never sold security on fear and I am not about to start now, but we face harsh realities collectively; people in our line of work have been going through hell in the past 12 months," said Coviello.
Alluding to RSA's own data breach in March 2011, he said the company's responsibility to its customers was uppermost in employees' minds.
"We have a sense of urgency to apply what we have learned first-hand and use it to drive our strategy, and we hope the attack on RSA will strengthen the sense of urgency and resolve of everyone in the industry," he said.
In a rallying call, Coviello said an attack on one security company is an attack on all. "Together we can learn and emerge stronger and smarter than before," he said.
Coviello said the way forward was to copy adversaries in taking advantage of the speed and power of cloud computing. He said this could be used to create intelligence-led security systems that draw data from all parts of an organisation and combine it with external intelligence to spot stealthy attacks.
"We are in a race with our adversaries, but they are winning with 79% of data breaches taking weeks to discover, according to the latest Verizon data breach report," Coviello said.
RSA believes the way to turn the tide is to move towards security systems driven by multi-source intelligence. These systems must be risk-based, agile and context-aware, said Coviello.
Key to bringing security risks down to a manageable level is the ability to draw information from across an organisation and correlating that using high-speed analytics to produce actionable data, he said.
"With big data analysis capabilities, organisations will be able to stop wasting money on obsolete controls and instead get the answers they need to shrink the window of vulnerability," said Coviello.
RSA is also looking at building tools to make it easier for organisations to share threat information by automating governance and compliance checks to eliminate these constraints.
"Co-operation around intelligence-sharing completes our vision of intelligence-led security systems," said Coviello.
But the potential of such systems will not be realised by one company alone, he said. Only collectively and with determination can the security industry put up a meaningful fight.