The only way to protect critical business data is to understand the behaviour of people, devices and data in an organisation, according to Art Coviello (pictured), executive chairman of RSA, the security division of EMC.
Traditional security controls are failing because they do not add value to each other and consequently do not provide a true picture of the threats, he told the RSA Europe 2013 conference in Amsterdam.
Reiterating a call to arms of previous RSA conferences, Coviello called on the IT security industry to help ensure the responsible flow of information on which the world economy depends.
“We in the IT security industry understand the technical challenges of ensuring privacy and security, so it is up to us to lead the way to the right policy and technology solutions,” he said.
Alluding to the fact that the Dutch were instrumental in setting up the European common market after the Second World War, Coviello said that initiative was about collaboration and compromise.
“That is the sort of thinking we need today from the security industry,” he said.
Traditional methods of defence no longer effective
In the face of increasingly sophisticated attacks, Coviello said traditional methods of defence are increasingly ineffective.
Intelligence-driven security works by spotting any anomalous behaviour in people, network traffic or devices
Art Coviello, RSA
“Traditional security controls are becoming obsolete and any business relying on them is in danger of being overwhelmed,” he said.
But Coviello said the good news is that some businesses are beginning to adopt intelligence-driven security systems.
This approach is based on a deeper understanding of risk, includes dynamic and agile controls that have built-in analytic abilities that enable context-based action.
“In this way, we will be able to transcend the reactive measures of the past and spot any intrusion in the midst of an increasingly noisy environment,” said Coviello.
“What makes intelligence-driven security future-proof is that it eliminates the need for prior knowledge of attack methods,” he said.
Instead, intelligence-driven security works by spotting any anomalous behaviour in people, network traffic or devices.
“Malware will allow criminals to masquerade as customers, but sooner or later, to achieve their goals, they need to do something out of the norm, which is when they can be stopped,” said Coviello.
More on context-aware security
- Computer Weekly Buyer's Guide to context-aware security
- How context-aware security can improve enterprise APT detection
- Security Think Tank: Context-aware security saves time
- Gartner: Context-aware computing
- Gartner: Prepare for context-aware security
This is achieved by better integration of security technologies to make sense of the data from across the network, he said.
However, Coviello said one of the biggest complications to achieving this is the catch-22 situation where businesses are afraid to deploy technology that would protect their privacy because it may violate employee privacy.
Coviello warned against pitting security against privacy. “Organisations need to realise that the same technology that can protect business information can protect the privacy of workers,” he said.
“We can have privacy and security if we align the two in an environment that can be trusted by everyone,” said Coviello.
The key to this, he said, is objectivity, transparency and strong governance.
“If we can strike a balance between big brother and anonymity with intelligence-driven technology wrapped in governance and transparency, we can have the best of all worlds,” said Coviello.