RSA reports security shift toward monitoring and response capabilities

A big shift in security spending has begun with increasing investment in monitoring and response capabilities, says RSA's Tom Heiser

A big shift in security spending has begun, with an increasing number of businesses investing in monitoring and response capabilities beside pure defence, according to RSA, the security division of EMC.

“Many of the attacks that have been in the news lately are in the advanced category and use zero-day vulnerabilities, which means signature-based security will not work,” said Tom Heiser, RSA president.

Customers' habits are maturing in the face of 100,000 new malware threats a day. The scale of this threat is impossible to manage unless businesses can improve their ability to understand what is happening in their networks, Tom Heiser told Computer Weekly.

The need to get ahead and improve understanding of new and emerging threats is what is driving RSA product offerings, he said.

Voice of experience

“Since our breach some 23 months ago, RSA has applied what it has learned to enable customers to do a better job of being proactive,” said Heiser.

This has led directly to new product offerings such as RSA’s next generation security operations centre (SOC) services and RSA Security Analytics.

Read more on RSA

“These offerings are along the continuum of proactive incident response and trying to get ahead of things by understanding new threats,” said Heiser.

He believes the analytics offering will be transformational in the security industry and claims that no-one else in the industry has anything like it.

“As Art Coviello, RSA executive chairman said in his keynote, we have not won the war, but we have not lost it either because we have a better understanding of what these advanced threats are,” said Heiser.

The security analytics offering combines big data, logs, full packet capture and analytics to provide context, he said.

“And now we are integrating Archer into that to give better policy management and dashboarding capabilities; this is something I can get very excited about, that customers are excited about and in that regard we are extremely bullish. This is our future,” said Heiser.

Fighting the predictable with old defences

Moore’s Law, which observes that the number of transistors on integrated circuits doubles approximately every two years, makes it possible to predict semiconductor performance, power and growth.

“The security industry is the antithesis of that. Our adversaries are doing everything they can to be unpredictable. They are constantly changing their tactics, which means that we have to innovate. It puts a lot of responsibility on our shoulders to constantly innovate and stay fresh,” said Heiser.

Consequently, there are a lot of components of the security industry which companies still spend money on, despite the fact that they are designed for threats that are 10 to 20 years old, he said.

However, Heiser said market figures show spending is shifting to things like network security monitoring and governance, risk and compliance (GRC) tools, which have very high growth rates.

“Businesses are becoming dissatisfied with paying a lot in return for very little," he said.

Rise in security information and event management

According to market research firm IDC, legacy perimeter and static controls like intrusion detection systems (IDS), intrusion prevention systems (IPS), anti-malware and Firewalls - which are all very big industries - are growing at very slow rates.

Growth in the firewall market is expected to grow at 0.3% compound annual growth rate (Cagr) in the US between 2011 and 2016, and anti-malware at negative 11.4%.

In contrast, advanced authentication is expected to grow at 12.6% Cagr, security information and event management (Siem) is expected to grow at 11.3% Cagr, and forensics and incident investigation is expect to grow at 20.2% Cagr.

“Combine the last two, which is our security analytics, and those are very high growth rates. That, to me, tells a big story about a shift to address today’s threats versus yesterday’s threats,” said Heiser.

“Siem is a $1bn market and has a good growth rate that is above the industry growth rate, but it has largely been unfulfilled,” he said.

In user maturity, Siem provided logging and was largely for category 2 businesses that are typically compliance-driven, said Heiser. He pointed out that compliance is one of the first places adversaries look for loopholes and potential vulnerabilities.

Most companies with Siem systems installed are looking to get more out of that investment, he said. Most are looking to move up the maturity curve towards understanding risk and having enterprise risk as part of the mindset that ensures security is part of every design process.

“Security analytics provides context. It combines real-time, full-packet capture, big data and analytics to give businesses better visibility into what is actually going on in their network and that is a big change. We are coupling it with Siem, putting it together and that is its strength,” said Heiser.

Heiser said RSA will continue to work in the areas of cloud delivery and mobility.

“With will continue in these areas with our strength in addressing advanced threats and using and harnessing big data analytics; those are the areas we are investing in organically through our development,” he said.

Read more on Hackers and cybercrime prevention