“Big data” has the potential to transform businesses through the growing ability to extract meaning, but it will also increase exposure to cyber attack, says Art Coviello, executive chairman of security firm RSA.
This is to be one of the themes of his keynote address at RSA Conference 2013 in San Francisco.
“Currently, less than 1% of data is analysed and less than 20% of it is protected,” Coviello said ahead of the official opening of the conference.
Big data analysis and the ability to access this intelligence from anywhere will enable tremendous advances in the way businesses operate, but adversaries will potentially be able to do the same, he said.
“The past six years have shown that already multiple nation states are targeting multiple other countries, and that no-one is not at risk,” said Coviello.
He said it was a worrying trend that some national states are co-operating with cyber criminals, but an even bigger concern is the move from intrusive attacks to disruptive attacks.
“We have seen disruptive attacks on the financial services industry in the past few months, which represents an escalation in the degree of severity,” said Coviello.
He emphasised that while this did not necessarily mean the end of the world as we know it, businesses needed to take note of this trend and adapt their approach to security accordingly.
“We need to begin preparing for the likelihood that with the move to IPv6 that will enable billions of devices to be connected, we will see more automated attacks that are destructive,” said Coviello.
For this reason, he said, businesses need to move to intelligence-based security systems that will detect and respond to emerging attacks more quickly.
“There is no shame in being breached. The shame is in not evolving security infrastructures to detect and respond to new types of attack,” said Coviello.
A key element of an intelligence-based security model, he said, is a better understanding of the security risks facing an organisation.
Read more on big data:
A 'big data' veteran talks fundamentals of big data infrastructure
Big data trends: Big things in store for 2013
Other elements include revamping security controls that, traditionally, have been isolated and static to ensure they are agile, predictive and able to identify anomalous activities and behaviours, said Coviello.
“We need to accumulate data in a way that security information and event management (SIEM) systems can’t. Security management itself has to be big data-oriented,” he said.
According to Coviello, an intelligence-driven security strategy that uses the power of big data analytics will put advantage back on the side of information security professionals.
“If we adopt this approach, we could keep pace with and even get ahead of attackers, which is critically important.,” he said.
Coviello said the security industry needs to do the best it can to provide organisations with the capability to defend against attacks and take advantage of all their existing investments in security technology.
Using external intelligence on security threats is an important part of this intelligence-based strategy, he said. “If criminals can share information, why can’t we do the same,” said Coviello.
To this end, he said RSA and Juniper Networks have expanded their technology partnership to help businesses to detect and prevent advanced threats by sharing threat information to make big data analysis more powerful.
The expanded collaboration will include sharing of threat intelligence contained in the new Juniper Networks Junos Spotlight Secure global attacker intelligence service and the RSA Live threat intelligence delivery system.
The combination of these two systems is aimed at helping IT security staff to reduce the time it takes to identify, assess, and respond to incidents.
Juniper Networks also intends to embed RSA mobile authentication technologies into the Juniper Networks Junos Pulse SSL Secure product to secure and streamline the mobile user experience when accessing corporate or cloud-based resources.
Coviello said that in time, RSA planned to share threat information with other security suppliers, pointing out that the company already shares information from its anti-fraud centre.
“The more information sources, the better,” he said. And because no customer information is involved, there is no potential conflict of interest and no need for new enabling legislation, he added.