RSA, The Security Division of EMC (NYSE:EMC), released new insights from a group of the world's leading chief security officers, designed to help corporations and governments dramatically improve visibility into advanced threats ranging from industrial espionage and disruption of business and financial operations to sabotage of corporate infrastructure.
The research report is the ninth in a series from the Security for Business Innovation Council (SBIC), and provides both business and technology executives with specific recommendations on how to develop an intelligence-driven approach to counter advanced threats.
Based on the real-world experiences of 17 top global information security leaders, the report provides a playbook for enterprise security executives who wish to leverage the universe of intelligence data available to help detect, predict and mitigate cyber attacks.
“The day-to-day use of cyber risk intelligence is no longer just for government agencies - it's a required competency for corporate survival,” said Art Coviello, Executive Chairman of RSA. “The tempo and serious nature of recent attacks calls for urgent and bold countermeasures that position organisations not only to detect advanced threats, but also to predict how attacks may occur so they can take steps to help mitigate risk and impact. Combating advanced threats requires a new security mindset and vastly improved practices for gathering, sharing and acting on cyber risk intelligence.”
Intelligence-driven security: new defence doctrine for advanced threats
The SBIC is a group of top security leaders from Global 1000 enterprises convened by RSA to discuss top-of-mind security concerns and opportunities. In the group's latest report: “Getting Ahead of Advanced Threats: Achieving Intelligence-Driven Information Security”, the council advocates for a new defence doctrine for combating advanced threats. Called “intelligence-driven information security”, this collaborative, big data approach includes:
* The consistent collection of reliable and actionable cyber-risk data from a range of government, industry, commercial, and internal sources to gain a more complete understanding of risks and potential exposures.
* Ongoing research on prospective cyber adversaries to develop knowledge of attack motivations, favoured techniques and known activities.
* The growth of new skills within the information security team focused on the production of intelligence.
* A process for efficient analysis, fusion, and management of cyber-risk data from multiple sources to develop actionable intelligence.
* Full visibility into actual conditions within IT environments, including insight that can identify normal versus abnormal system and end-user behaviour.
* Informed risk decisions and defensive strategies based on comprehensive knowledge of the threats and the organisation's own security posture.
* Best practices to share useful threat information such as attack indicators with other organisations.
“It can be hard to digest having to develop a multi-year plan to learn who your adversaries are and how they're going to steal from you,” said Tim McKnight, Vice-President and Chief Information Security Officer, Northrop Grumman. “Quarter-by-quarter, you may not see any losses. It could be years until you see the losses - when all of a sudden, out of the blue, a company in another part of the world becomes the leader in your space, having subsidised itself with your R&D investments.”
The council's new report lays out a six-step roadmap to achieving intelligence-driven information security:
* Step 1: Start with the basics
Inventory strategic assets, strengthen incident-response processes and perform comprehensive risk assessments.
* Step 2. Make the case
Communicate the benefits of an intelligence-driven security program to executive management and key stakeholders. Identifying “quick wins” to prove value out of the gate is essential for gaining broad organizational support, including funding.
* Step 3. Find the right people
Look for professionals who can blend technical security acumen with analytical thinking and relationship-building skills.
* Step 4. Build sources
Determine what data from external or internal sources would help detect, predict or lessen the chances for a targeted attack; evaluate sources on an ongoing basis.
* Step 5: Define a process
Codify a standardised methodology to produce actionable intelligence, ensure an appropriate and timely response and develop attack countermeasures.
* Step 6: Implement automation
Find opportunities to automate the analysis and management of large volumes of data from multiple sources.
PDF copies of “Getting Ahead of Advanced Threats: Achieving Intelligence-driven Information Security” are available for download from the Security for Business Innovation Council Web site at http://www.RSA.com/securityforinnovation.
Security for Business Innovation Council
The Security for Business Innovation Council is a group of Global 1000 security executives committed to advancing information security worldwide by sharing their diverse professional experiences and insights.
Council members contributing to this report include:
* Marene N Allison, Worldwide Vice-President of Information Security, Johnson & Johnson
* Anish Bhimani, Chief Information Risk Officer, JPMorgan Chase
* William Boni, Vice-President and Chief Information Security Officer, Corporate Information Security, T-Mobile USA
* Roland Cloutier, Vice-President, Chief Security Officer, Automatic Data Processing
* Dave Cullinane, Chief Information Security Officer and Vice-President, Global Fraud, Risk & Security, eBay
* Dr Martijn Dekker, Senior Vice-President, Chief Information Security Officer, ABN Amro
* Professor Paul Dorey, Founder and Director, CSO Confidential and Former Chief Information Security Officer, BP
* Renee Guttmann, Chief Information Security Officer, The Coca-Cola Company
* David Kent, Vice-President, Global Risk and Business Resources, Genzyme
* Petri Kuivala, Chief Information Security Officer, Nokia
* Dave Martin, Chief Security Officer, EMC Corporation
* Timothy McKnight, Vice-President and Chief Information Security Officer, Northrop Grumman
* Felix Mohan, Senior Vice-President and Chief Information Security Officer, Airtel
* Robert Rodger, Group Head of Infrastructure Security, HSBC Holdings
* Ralph Salomon, Vice-President, IT Security & Risk Office, Global IT, SAP
* Vishal Salvi, Chief Information Security Officer and Senior Vice-President, HDFC Bank
This report also includes expertise from guest contributor William Pelgrin, President & CEO, Center for Internet Security; Chair, Multi-State Information Sharing and Analysis Center (MS-ISAC); and Chair, National Council of ISACs (NCI).
Share
RSA
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organisations solve their most complex and sensitive security challenges. These challenges include managing organisational risk, safeguarding mobile access and collaboration, proving compliance and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption and key management, SIEM, data loss prevention, continuous network monitoring, and fraud protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.
EMC
EMC Corporation (NYSE: EMC) is the world's leading developer and provider of information infrastructure technology and solutions that enable organisations of all sizes to transform the way they compete and create value from their information. Information about EMC's products and services can be found at www.EMC.com.
RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other company and product names may be trademarks of their respective owners.
Editorial contacts