Loud music, a spectacular video presentation and an auditorium full of info sec professionals. It’s that time of the year - the opening of RSA Conference.
Each year, the opening keynote offers something a little different. This year it was actor Jane Lynch from Glee and Two and Half Men, singing (or perhaps destroying) a cybersec version of the David Bowie classic Changes. And that is the big theme of this year’s conference - change.
The real opening keynote was delivered by RSA’s new president Amit Yoran. Yoran is a very different leader to his predecessor Art Coviello. Gone are the suits and ties, replaced with jeans and windbreakers and a more casual look. But that belies his purpose.
“The technology we’re charged with protecting has accelerated out society and our civilisation to heights we could never have imagined a few decades before. The information age has been heralded with incredible computational capability… at a speed of computation that boggles the mind,” he told the packed theatre at the Moscone Center in Sa Francisco.
Walking us through some recent changes in the IT landscape he highlighted that technology is now smarter than ever before. This was a theme we caught the beginning of last year but was overwhelmed by the revelations at the time of the NSA’s actions and Edward Snowden’s leaks. It was what Yoran called the “year of the mega breach”.
“2014 was yet another reminder that we’re losing the contest,” he said. "We can neither secure nor trust the pervasive complex, and worse, end-point participants in any large or distributed committing environment”.
Yoran pointed out that IT security has been stuck in a reactive mode. And that is the real challenge - in security we haven’t been able to find what we’re looking for. Or, our assumptions about how we should do security are wrong. Despite lots of discussion about how security perimeters are no longer relevant, most security systems still work from an assumption that we start at the perimeter.
Many detection systems, says Yoran, are based on signatures and “crude’ aggregations of data. He said it’s time for us to start doing things differently. Yoran challenged the audience to look at security in new ways.
He questioned whether advanced protections really help and said focused adversaries will find heir way through almost any defence. So, while edge protection is useful, it’s not nearly as effective as it was.
You can’t do effective security without visibility right across the enterprise with a full understanding of what systems you have, how they work together and perverse and true visibility of all the data. Otherwise you have no chance of identifying incidents. "The single greatest mistake made by security teams today is under-scoping an incident,” he says.
Identity and authentication mean more than ever before. Citing a recent Verizon report, Yoran noted that many attacks rely on stolen credentials - attackers simply walked in through the front door. By using strongly secured accounts alongside analytics that monitor how accounts are used, the risk of these breaches can be better mitigated.
There’s also a significant requirement to use external threat analysis to better understand what is happening in the world.
Yoran noted one of the “least sexy” but incredibly important actions infosec professionals need to take is to know what systems you have and to prioritise your efforts. It’s not possible to protect every single thing.
Yoran told the audience RSA is completely reengineering the business to better meet the changing needs of the world. As he put it, in the past when explorers reached the end of their maps, they needed to create new maps. In cybersecurity, we have reached the end of the map and we are in a new world. It’s time to write a new map.
Anthony Caruana travelled to RSA Conference as a guest of Symantec.