RSA chief to security pros: Stop addressing the wrong problems

Security pros need to stop using old frameworks for addressing security and deal with today's reality because the old view of security is no longer useful, attendees at RSA Conference 2015 were told.

IT pros need to stop using old frameworks for addressing security and deal with today's reality because the old view of security is no longer useful, attendees at the RSA Conference 2015 in Las Vegas were told on Tuesday.

It is as if security pros are explorers who have reached the farthest reaches of their known world, said RSA President Amit Yoran during his keynote address.

+ ALSO ON NETWORK WORLD Hot security products at RSA 2015 +

"We have sailed off the map, my friends," Yoran says. "Sitting here and awaiting instructions? Not an option. And neither is what we've been doing continuing to sail on with our existing maps even though the world has changed." He laid out a five-point plan for security executives to start addressing the right problems.

First, accept there is no security that is 100% effective. "Let's stop believing that even advanced protections work," he says. "They do, but surely they fail too."

RSA President Amit Yoran

Second, security architectures need pervasive visibility of endpoints, the network and the cloud. "You simply can't do security today without the visibility of both continuous full packet capture and endpoint compromise assessment," he says. "These aren't nice to haves, they are fundamental core requirements of any modern security program."

One of the problems of current security is that once an intrusion is detected, it is dealt with as quickly as possible, but without considering whether it is part of a larger attack scheme. "Without fully understanding the attack, you're not only failing to get the adversary out of your networks, you're teaching them which attacks you are aware of and which ones they need to use to bypass your monitoring efforts," he says.

Third, pay more attention to authentication and identity because they are used as elements in many attacks and as stepping stones to more critical assets. "The creation of sysadmin or machine accounts or the abuse of over-privileged and dormant accounts facilitates lateral movement and access to targeted systems and information," he says.

Fourth, make use of threat intelligence from commercial vendors and from Information Technology Information Sharing and Analysis Centers (ISAC). The feeds should be machine-readable so responses can be automated to improve response times when threats are confirmed. At the same time, businesses should stop using email as the platform for communicating response plans among those working on the plans. "In fact, we've seen adversaries compromise mail servers specifically to monitor sysadmin and network defender communications," he says.

Fifth, inventory the organization's assets and rank them in order to set priorities on where security dollars will be spent. "You have to focus on the important accounts, roles, data, systems, apps, devices and defend what's important and defend it with everything you have," he says.

Probably not coincidentally, RSA announced at the conference a blending of authentication, identity governance and identity and access management (IAM) into a single platform called RSA Via. It is designed to centralize identity intelligence and give it awareness of the current environment so defense isn't based on pre-set, static rules. The first offering in the RSA Via family is Via Access, software as a service that enables using multiple authentication methods that may already be in place on an organization's mobile devices.

Also, RSA Security Analytics - which provides the context of what malicious activity may be at play on the network by giving visibility from endpoints, across the network and into the cloud resources that may be part of the overall enterprise has new features. It gives a view of attacks against mobile and customer-facing Web applications.

Join the CSO newsletter!

Error: Please check your email address.

Tags RSA 2015security

More about RSATechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place