RSA Conference: Art Coviello calls on industry to collaborate in fight against major attacks

A ought to stay alongside of adversaries, hiring the proper people and advances in technology were the secret themes of the RSA Conference's opening keynote.

In his presentation in San Francisco, Art Coviello, executive vice-president of EMC Corporation and executive chairman of RSA, walked on stage to the Rolling Stones' You Can't Always Get What You Want and walked off to Twisted Sister's We're Not Gonna Take It. In between he talked of the necessity to match adversaries following a year of incredible change.

He claimed that trust inside the digital world is in jeopardy despite public advances as "new breeds of cyber criminals, hacktivists and rogue nation states became as adept at exploiting the vulnerabilities of our digital world as our customers became at exploiting its value".

Coviello blamed a "slow response to recognise the potency of the emerging threat landscape and our inability to band together", which he said has allowed adversaries to be better co-ordinated, develop better intelligence and simply outflank traditional perimeter defences.

He later pointed to the consumerisation of IT, saying that the industry was past the tipping point where personal and professional lives may be separated and, just because it organisations must discover ways to manage what they cannot directly control, security organisations must discover ways to secure what they can't directly control.

“The result's our industry is being challenged as never before. We need much more from security because we're at serious risk of failing. Today's security models are only inadequate and, with current trends, will only become more so,” he said.

“In my 17 years within the security industry, i haven't sold at the basis of fear. i'm not about to do this now. As security professionals, we've demonstrated time and time again a long-lasting resiliency and talent to innovate to offer others the boldness to understand the potential for the info age. But, I let you know, we are facing some harsh realities.”

He then addressed the attack on RSA, which occurred since last year's conference, saying that the industry was through hell and he and his colleagues "feel this as personally as anyone else during this room".

Coviello said: “Never has our responsibility to you been as firmly etched in our minds. We has been devoted to regaining and maintaining your confidence since our breach. We have a feeling of urgency, as never before, to use the teachings we learned first-hand and use the privileged insights that we obtained from other attacks.

“We were sharing them and using them to drive our strategy, our investments and product roadmaps. In the overall analysis, we are hoping that the attention from our attack will strengthen the sense of urgency and resolve of everyone. Because if truth be told, we aren't alone.”

He went directly to say that the amount of attacks beforehand year is unprecedented, with targeting more sophisticated than ever, and the industry should remember that "an attack on one in all us is an attack on every person".

Calling at the industry to be told together from these experiences and emerge from this “hell” smarter and stronger, Coviello said "it is time for us to fight back with creativity and innovation".

He said "we need to stop being linear thinkers, blindly adding new controls on top of failed models" and want to recognise that perimeter-based defences and signature-based technologies are outmoded; he added that educating IT users about how one can harden security is essential, but we must always appreciate that folk will make mistakes.

“However, accepting the inevitability of compromise would not mean that we've got to simply accept the inevitability of loss. We will be able to manage risk to an appropriate level. We will not stop every individual attack, but we will reduce the window of vulnerability from all attacks, and put the balance of control back firmly within the hands of security practitioners,” he said.

“Just as our adversaries have taken benefit of the sheer speed and availability of knowledge on the net, we have to do an identical. We will unearth the wealth of intelligence which is buried in those exact same infrastructures and use that intelligence to our advantage.

“Our mindset must shift from playing defence and tracking meaningless individual events. We want the aptitude to sift through massive amounts of knowledge lightning fast, creating pre-emptive and predictive counter-intelligence to identify the faint signals which may be all that's visible in a complicated, stealthy attack.

“The reality today is that we're in a race with our adversaries â€" they win after they can spot weaknesses and exploit them faster than we are able to identify the attack patterns and stop them.”

Looking to the longer term, he said RSA sees intelligence-driven systems as having three distinct properties: the system should be risk-based and users must learn how to evaluate risk at more substantive and granular levels; an intelligence-driven security system should be agile as existing approaches to managing security operations lack the situational awareness, deep visibility and environmental agility had to detect and thwart sophisticated attacks; and it should have contextual capabilities as an agile system of controls and monitoring capabilities is efficacious only when a safety event is delivered with complete context around it.

Coviello went directly to say that the protection industry is "woefully in need of the human resources to hold out this vision" and a brand new breed of cyber-security analyst ought to be championed, with more military experience and intelligence utilised and fewer deal with traditional IT security technical experience.

“This new breed of analyst have to have the proper analytical skills, big-picture thinking and far-needed collaborative people skills to make sure smooth information sharing with multiple stakeholders,” he said.

“But major, they should be offensive of their mindset: constantly evaluating external intelligence, tweaking security data models and finding new easy methods to identify and intercept threats at the horizon.”

He concluded by saying that it's time to interact to "make sure that the balance of control of our digital world remains within the hands of security practitioners".

“We can provide our industry the structures it should share intelligence in order that we will be able to all be on this fight together, and that knowledge gained by any individual folks becomes power for every person,” he said.