Johannesburg, 18 Apr 2012
In the face of the massive wave of new IT security threats, organisations can turn the tide on their vulnerability by changing their approach.
This is according to Eddie Schwartz, CISO of RSA, the security division of EMC. Schwartz, who will speak at the upcoming ITWeb Security Summit in May, says organisations need to move towards "intelligence-driven" security systems, which take an adversary-focused/risk-based approach to thinking about an organisation`s material assets.
He says: "Security systems also must be agile to cope with constant changes to the threat landscape and must be context-aware to provide critical answers to any question that might arise. Intelligence-driven security is key to lowering security risks in a world where compromise is inevitable, but losses can be effectively managed to an acceptable level."
Schwartz feels that the biggest security risks today are associated with the way most organisations think about security management and conduct security operations.
"Infosec technology in many organisations is way past its expiration date, and the ongoing focus of security investments is flawed, too. Most organisations spend the lion`s share of their capital and operating expenses on preventative security technologies, hoping they will be protected and will not be breached. The last few years have shown clearly that this approach is painfully defective in the face of advanced adversaries such as cyber criminal groups, hacktivists, and nation-sponsored attackers," he says.
Fixing the flaws in information security requires a transformation commitment that creates a proper equilibrium between the right amount of preventative and control investments, and strong security operations designed to provide deep situational awareness and intelligence-driven threat management, RSA says.
Schwartz notes that the information security threat landscape is changing. "Since 2010, there has been a constant drumbeat of high-profile, massive attacks against commercial enterprises and government organisations. This trend shows no signs of abating."
The culprits are a new breed of cyber criminals, hacktivists and rogue nation states, he explains. With increased speed, agility and cunning, they`re exploiting security gaps resulting from disparate, complex security technologies and outdated, unfocused security management processes that are slow to recognise the potency of emerging threats. The adversaries are better co-ordinated and have developed better cyber intelligence.
As a result, traditional security operations and perimeter security defences, such as anti-virus software and intrusion detection systems, can no longer fully protect organisations. However, he says: "Fortunately, there are plenty of innovative practices and technologies enterprises can implement to bring the fight to the enemy."
Highlighting strategies that have worked abroad, Schwartz says leading organisations have implemented programs focused on managing advanced threats - capturing and analysing massive volumes of internal information, and achieving the situational awareness we discussed.
"But, in addition to deep analysis of an organisation`s data, it`s also about `big data` and information sharing and collaboration. Together, these concepts fuel an intelligence-driven approach to cyber security. Leading security teams are taking it upon themselves to act now. Grassroots networks of like-minded communities are emerging to share security intelligence about all kinds of adversaries and their attack vectors. These networks are being formalised industry by industry. And they`re going viral."
"Networks of networks" are forming with the various Information Sharing and Analysis Centres (ISACs), which are collaborating with the US Department of Homeland Security to act as clearing houses for the flow of intelligence.
"But more must be done so our industry can give security practitioners the tools they need to identify and eradicate threats more quickly. RSA and others in both the public and private sectors are working to reduce legal barriers so we can give the IT security industry the structures it needs to share information," Schwartz says.
The ITWeb Security Summit, taking place from 15 to 17 May, at the Sandton Convention Centre, is tailored to address the current IT security concerns of SA`s CISOs and strategic decision-makers. The 2012 Summit features two days of informative sessions presented by leading international and local security experts, and a full day of interactive workshops. For the first time, SANS Institute training will be in South Africa and is brought to you alongside the Security Summit programme. You will be able to assess and compare new tools and services within the IT security space at the Security Summit exhibition. Equip yourself with the latest IT solutions, and benefit from commentary on new trends and threats, which may inform your security strategy.
For more information, visit www.securitysummit.co.za.
Share