RSA 2012: RSA takes market-leader position seriously, says Heiser

RSA takes its market-leader position seriously to pull together the IT security industry, says Tom Heiser, president of RSA.

RSA has the responsibility as a market leader to pull together the IT security industry to raise the level of the game, says Tom Heiser, president of RSA, the security division of EMC.

"We have a responsibility and an opportunity to take a leadership position and we are taking that very seriously," he told Computer Weekly.

At RSA Conference 2012, Art Coviello, executive chairman of RSA, issued a call to arms to the security industry. Only together, he said, could they win the race against their common enemy.

RSA's own data breach in March 2011 had lent the security supplier a sense of urgency to apply what it learnt first-hand, Coviello said: "We hope the attack on RSA will strengthen the sense of urgency and resolve of everyone in the industry."

This was not the first time Coviello has called for collaboration among IT security suppliers and RSA has made progress in this regard in the past year.

RSA's vision is of intelligence-led security systems capable of pulling information from across organisations, analysing it and turning it into actionable data.

To that end, the RSA has begun forming strategic relationships with other IT security suppliers, such as the initiative to provide higher levels of authentication for mobile users.

RSA's partners in the initiative include Good Technology, Zscaler, Citrix, VMware and Feed Henry.

"This is a good example of RSA taking a leadership position by pulling together several suppliers, including some competitors to enable better authentication in mobile platforms," said Heiser.

The past year has also given RSA the opportunity to work with partners on defining the most important problems to tackle, said Brian Fitzgerald, vice-president of marketing at RSA.

RSA has been leading such discussions between customers and more widely through more than 30 summits on advanced threats in the past year, including between the public and private sectors.

The company plans to use the recent appointment of Mike Brown – a retired rear admiral who served as the US Department of Homeland Security's liaison to the National Security Agency – to promote intelligence-sharing between the public and private sectors even further.

"Through working with partners and customers we have identified the need for a technology platform to share security intelligence," said Fitzgerald.

As a result, recent enhancements to RSA's Netwitness Live cloud-based threat intelligence platform include expanded capabilities to share threat intelligence.

RSA has identified a need to automate the sharing of threat intelligence and is working on a proof-of-concept to add governance and compliance capabilities, said Fitzgerald. "Although already in the pipeline, there is still a lot of work to be done on the policy side," he said.

In the year ahead, Heiser believes several more key security industry companies will join collective efforts on intelligence-led security.

"We are talking to several major players in the industry so you will see additional players and a deepening of different types of solutions. I am sure we will see collaboration around big data as well as cloud in addition to mobile, which are the strategic areas we are looking at," he said.

In the year since the data breach, RSA has moved from response to recovery and now to resurgence. The response was about remediation and recovery was about sharing information, said Heiser.

"Resurgence is about what we can do with all we have learned. There was a bloom of innovation for defensive reasons, which we can now use to benefit our customers," he said.

Read more on Network security strategy