In the face of the massive wave of new IT security threats,
organisations can turn the tide on their vulnerability by changing their
Eddie Schwartz, CISO of RSA, the SECURITY division of EMC. Schwartz, will speak AT the upcoming ITWeb SECURITY Summit, taking place FROM 15 -17 May AT the Sandton Convention Centre.
This is according to Eddie Schwartz, CISO of RSA, the security division of
EMC. Schwartz, who will speak at the upcoming ITWeb Security Summit in May, says
organisations need to move towards “intelligence-driven” security systems, which
take an adversary-focused/risk-based approach to thinking about an
organisation`s material assets.
He says: “Security systems also must be agile to cope with constant changes
to the threat landscape and must be context-aware to provide critical answers to
any question that might arise. Intelligence-driven security is key to lowering
security risks in a world where compromise is inevitable, but losses can be
effectively managed to an acceptable level.”
Schwartz feels that the biggest security risks today are associated with the
way most organisations think about security management and conduct security
“Infosec technology in many organisations is way past its expiration date,
and the ongoing focus of security investments is flawed, too. Most organisations
spend the lion`s share of their capital and operating expenses on preventative
security technologies, hoping they will be protected and will not be breached.
The last few years have shown clearly that this approach is painfully defective
in the face of advanced adversaries such as cyber criminal groups, hacktivists,
and nation-sponsored attackers,” he says.
Fixing the flaws in information security requires a transformation commitment
that creates a proper equilibrium between the right amount of preventative and
control investments, and strong security operations designed to provide deep
situational awareness and intelligence-driven threat management, RSA says.
Schwartz notes that the information security threat landscape is changing.
“Since 2010, there has been a constant drumbeat of high-profile, massive attacks
against commercial enterprises and government organisations. This trend shows no
signs of abating.”
The culprits are a new breed of cyber criminals, hacktivists and rogue nation
states, he explains. With increased speed, agility and cunning, they`re
exploiting security gaps resulting from disparate, complex security technologies
and outdated, unfocused security management processes that are slow to recognise
the potency of emerging threats. The adversaries are better co-ordinated and
have developed better cyber intelligence.
As a result, traditional security operations and perimeter security defences,
such as anti-virus software and intrusion detection systems, can no longer fully
protect organisations. However, he says: “Fortunately, there are plenty of
innovative practices and technologies enterprises can implement to bring the
fight to the enemy.”
Highlighting strategies that have worked abroad, Schwartz says leading
organisations have implemented programs focused on managing advanced threats –
capturing and analysing massive volumes of internal information, and achieving
the situational awareness we discussed.
“But, in addition to deep analysis of an organisation`s data, it`s also about
`big data` and information sharing and collaboration. Together, these concepts
fuel an intelligence-driven approach to cyber security. Leading security teams
are taking it upon themselves to act now. Grassroots networks of like-minded
communities are emerging to share security intelligence about all kinds of
adversaries and their attack vectors. These networks are being formalised
industry by industry. And they`re going viral.”
“Networks of networks” are forming with the various Information Sharing and
Analysis Centres (ISACs), which are collaborating with the US Department of
Homeland Security to act as clearing houses for the flow of intelligence.
“But more must be done so our industry can give security practitioners the
tools they need to identify and eradicate threats more quickly. RSA and others
in both the public and private sectors are working to reduce legal barriers so
we can give the IT security industry the structures it needs to share
information,” Schwartz says.
The ITWeb Security Summit, taking place from 15 to 17 May, at the Sandton
Convention Centre, is tailored to address the current IT security concerns of
SA`s CISOs and strategic decision-makers. The 2012 Summit features two days of
informative sessions presented by leading international and local security
experts, and a full day of interactive workshops. For the first time, SANS
Institute training will be in South Africa and is brought to you alongside the
Security Summit programme. You will be able to assess and compare new tools and
services within the IT security space at the Security Summit exhibition. Equip
yourself with the latest IT solutions, and benefit from commentary on new trends
and threats, which may inform your security strategy.
For more information, visit www.securitysummit.co.za.