No modern network or IT system can withstand the onslaught of a skilled adversary, given focus and time, says Amit...
Yoran, general manager and senior vice president at RSA, the security division of EMC.
“Only those organisations that can see advanced threat actors can sleep soundly at night,” he told the RSA Europe 2013 conference in Amsterdam.
Businesses will face spectacular failure if they do not embrace change, he said, warning of the inevitable failure of traditional protective measures.
Yoran said monitoring for the signatures of malware is unable to provide the visibility organisations need into activities by adversaries.
“Businesses need a more complete visibility of their networks through integrated information from endpoints, applications and businesses processes,” he said.
In the face of increasingly sophisticated and targeted attacks, commercial organisations need an architecture that can expand to massive volumes of data and the ability to analyst that data.
“This is the only way businesses can identify many threats they are facing and get a deeper understanding of the true scope of an incident to avoid launching an ill-informed incident response,” said Yoran.
For this reason, he said, commercial organisations should be mandating transformative security programmes that will deliver visibility and speed in the ability to respond to attacks.
“Such programmes should include the ability to adjust and control things like firewalls and access systems with finer granularity,” he said.
More on intelligence-led security
RSA believes that the introduction of dynamic, agile security controls will have the knock-on effect of making other existing controls more effective.
“But gaining insight is only effective if there are systems and procedures in place that can transform that insight into action – this is the evolution most organisations still have to go through,” said Yoran.
Most organisations are starting with Siems (security information event management systems) that provide only limited visibility and need to progress to more integrated and automated information sharing, he said.
But intelligence-based security systems should not be limited to internal information, said Yoran. They should also be able to exchange machine-readable information with outside sources.
“Protecting networks and data also means protecting privacy, and if we do this, a world of benefits and opportunities will open up,” he said.
In a trusted digital world, Yoran said businesses can collaborate at the speed of light, innovation is enabled by a network of colleagues and political reform is enabled.
But in an untrusted digital world, none of this is possible. Communication will be forced offline and research and innovation will be difficult.
“We must create a trusted digital world where security and privacy can co-exist,” he said.
Echoing RSA’s executive chairman Art Coviello’s call to arms, Yoran called on the security industry and security practitioners to do all in their power to transform security into a more intelligent profession.