Big data approach can help shore up cyber-defence: RSA: Page 2 of 2
By Gabey Goh June 6, 2013
Wake-up call
In line with this expanding and increasingly complex attack surface, RSA, the security division of EMC Corporation, called for urgent action by organisations to implement the right security model, beginning with attaining the right level of understanding and knowledge which can only come with more collaboration between public, private and vendor organisations.
“Not surprisingly, the new model of security that we are advocating is an intelligence-driven one to replace the ineffective, reactive and perimeter-based model,” Coviello said.
The model is predicated on three requirements: A thorough understanding and evaluation of risk; the use of dynamic agile controls to replace outdated static and perimeter-orientated ones; and lastly, a management system that has the ability to analyse vast streams of data from numerous resources to produce actionable information.
A key transformation that has to first happen in organisations is the way they spend their security budgets.
“We spend 80% of our funding focused on preventing the intrusion from happening in the first place and as a result, not enough on visibility to detect and understand the attacks in our environment – and even less to respond and prevent loss or disruption,” said Coviello.
“Breaches are probable; we are spending in the wrong places. Our investment strategy and our model is clearly broken,” he added.
He went on to offer prescriptive recommendations in a rally call for understanding and action on the part of company boards of directors and C-level executives.
“Recognise your responsibility to be educated on the topic so you have a clear level of understanding. You should set the tone for the evaluation and management of risk and ensure it is managed on a more granular basis throughout the organisation.
“And lastly be in a position to make intelligent decisions so that appropriate resources are available to your security organisation,” he said.
For security practitioners, Coviello offered five recommendations:
- Create a transformational security strategy – Practitioners must look critically at their budgets and design a plan that transitions the existing infrastructure to an intelligence-driven approach that incorporates big data capabilities.
- Create a shared data architecture – Due to the many sources and formats of data, create a single architecture to allow all information to be captured, indexed, normalised, analysed and shared.
- Migrate to big data controls – Migrate from point products to a unified security architecture using open and scalable big data tools.
- Strengthen data science skills – Security leaders should add data scientists or outside partners to manage the organisation’s big data requirements.
- Leverage external threat intelligence – Augment internal analytics programs with external threat feeds from as many sources as possible to help get a composite view of threats.
Coviello also called on governments to unite and facilitate information sharing, as they are in a position to play the key role of acting as a central repository to exchange pertinent security information about current threats and attacks, as well as to set the tone for international cooperation.
“Governments should extend their information sharing among networks of countries. This will facilitate the tracking and capture of our adversaries,” he said.
“Also, develop rules of conduct around intellectual property and create enforcement mechanisms to ensure all nations adhere.
“Finally, and most important, eliminate the prospect of destructive attacks and cyber warfare. This will be a far more difficult genie to keep in the bottle and it’s showing signs of escaping,” he added.
Coviello called upon security vendors to help close the technology and skills gap for defending against attacks, which has been created as a result of the growing attack surface and the escalating threat environment.
He urged vendors to strive for broader cross-vendor interoperability of their products and to help customers migrate to an intelligence-driven security model.
He added that these approaches can help enable the industry to manage cyber-security risk to acceptable levels so that all societies around the world can reap the benefits and meet the goal of a more trusted digital world.
“I don’t mean to imply that we are headed to some security utopia,” Coviello said.
“But, we should be able to keep pace with our adversaries and, in many instances, get ahead of them – even in the face of uncertainty, but only if all constituencies work together.”
Gabey Goh reports from RSA Conference Asia Pacific in Singapore at the invitation of RSA. See also:
Adaptive identities coming to forefront of security: RSA
RSA to help create next generation of Singaporean cyber-security pros
RSA Silver Tail enlists big data analytics for cyber-defence
Related Stories:
Big data picking up pace rapidly across Asia Pacific
Big data powered network security from Sourcefire
HP introduces intelligent security solutions
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.