RSA President calls for the region’s organisations to re-think their approach to cyber defence
SINGAPORE | Amit Yoran, president of RSA, The Security Division of EMC Corporation (NYSE:EMC) issued a call for South East Asian companies and governments to re-think their traditional approaches to cyber defence as they increasingly turn to mobile and cloud technologies to store and access data and systems.
Addressing his comments to government and private industry cybersecurity experts in Singapore at the RSA Conference Asia Pacific & Japan on 23 July 2015, Yoran discussed how the rapid growth of mobile and cloud technologies in Asia represents a boon to the organisations and industries of the region but it is also a significant threat to their legacy security operations.
Compounding this failure is the current practice of relying on SIEM (security information and event management) and other signature-based tools that require historical experience to detect advanced threats, which oftentimes have no precedent. This combination of antiquated technologies and misguided practices is the root of the vast majority of today’s security failings.
As mobile and cloud technologies decentralise organisations’ digital environments, the perimeter on which traditional cyber defences are based is disappearing.
____________________________________________________________
Featured Course
Ethical Hacker and Penetration Tester
Tactical Bootcamp
____________________________________________________________
Despite this, Asian businesses (and businesses around the world) continue to rely primarily on perimeter protection technologies like firewalls, anti-virus and intrusion detection systems to prevent breaches, only to see those tools invariably fail under the onslaught of today’s advanced attacks, Yoran said.
Compounding this failure is the current practice of relying on SIEM (security information and event management) and other signature-based tools that require historical experience to detect advanced threats, which oftentimes have no precedent. This combination of antiquated technologies and misguided practices is the root of the vast majority of today’s security failings.
Yoran asked the audience to re-think their approach to security, using the dramatic digital evolution of Singapore Post and the region’s other postal services, as an example of the level of change required in cybersecurity.
The single most common and catastrophic mistake made by security teams today is under-scoping an incident and rushing to clean up compromised systems before understanding the broader campaign.
He then went on to outline a new approach to security, focused on faster detection of and more effective response to cyber threats, in a series of five principles:
Acceptance that even advanced protection is insufficient for today’s threats – “No matter how high or smart the walls, focused adversaries will find ways over, under, around and through.”
Deep, pervasive visibility from the endpoint to the network to the cloud is necessary – “The single most common and catastrophic mistake made by security teams today is under-scoping an incident and rushing to clean up compromised systems before understanding the broader campaign.”
Effective management of identities matters more than ever – “In a world with no perimeter and with fewer security anchor points, identity and authentication matter more than ever . . . At some point in every successful attack campaign, the abuse of identity is a stepping stone the attackers use to impose their will.”
Organisations must leverage external threat intelligence – “[Threat intelligence] should be machine-readable and automated for increased speed and leverage. It should be operationalised into your security programme and tailored to your organisation’s assets and interests so that analysts can quickly address the threats that pose the greatest risk.”
Security programmes must be guided by an understanding of risk – “You must understand what matters to your business and what is mission critical. You have to . . . defend what’s important and defend it with everything you have.”
This is not a technology problem. This is a mindset problem.
Yoran concluded by reminding the audience that technologies already exist for companies to move to a more effective approach to security focused on faster detection and response to security threats. What is lacking is the will. “This is not a technology problem. This is a mindset problem,” Yoran said.
Two other related announcements relating to cybersecurity were also made at the RSA Conference mentioned above. Highlights from these include :
1. New RSA® ECAT Release Engineered to Extend Ability to Rapidly Detect and Block Advanced Threats on Endpoints
RSA® ECAT is designed to enable active endpoint defense against advanced threats by rapidly detecting and blocking or quarantining suspicious files and processes without the need for signatures;
Now it is engineered to enable real-time visibility, detection, and response on endpoints even while outside the corporate network;
Newly introduced intelligent risk scoring system is built to enable analysts to respond and take action based on highest priority incidents; and
New capabilities, when combined with RSA Security Analytics, are designed to enable SOC teams to detect and respond to advanced attacks more quickly and precisely by delivering complete visibility across the entire enterprise – from the endpoint to cloud.
2. RSA® Via Lifecycle and Governance Identity Solution Enhances Cyber Defense While Improving Compliance, Business Efficiency and Performance
RSA® Via Lifecycle and Governance is designed to contribute critical new and enhanced capabilities to aid detection of advanced attacks, automatically alerting users to unauthorised access changes, including privilege escalations frequently performed by malicious actors who have compromised user identities;
Integration with RSA Archer® Governance, Risk, and Compliance is engineered to improve visibility for incident handlers through sharing of identity context, and connects access governance and lifecycle processes to the enterprise risk model;
Helps accelerate business processes for onboarding new users, and streamlining user interface configuration tasks; and
Scalability, reliability and performance enhancements helps ensure IT can effectively govern and administer thousands of applications in an organisation.
Don’t just like this – share it!
Additional Resources
Download Amit Yoran’s RSA Conference Asia Pacific & Japan keynote transcript
Watch Amit Yoran’s keynote
Find keynotes videos, schedules, events and sessions at RSA Conference Asia Pacific & Japan
Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA Speaking of Security Blog and Podcast.
RSA’s Intelligence Driven Security solutions help organisations reduce the risks of operating in a digital world. Through visibility, analysis, and action, RSA solutions give customers the ability to detect, investigate and respond to advanced threats; confirm and manage identities; and ultimately, help prevent IP theft, fraud and cybercrime. RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other company and product names may be trademarks of their respective owners.
This release contains “forward-looking statements” as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (iv) competitive factors, including but not limited to pricing pressures and new product introductions; (v) component and product quality and availability; (vi) fluctuations in VMware, Inc.’s operating results and risks associated with trading of VMware stock; (vii) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (viii) risks associated with managing the growth of our business, including risks associated with acquisitions and investments and the challenges and costs of integration, restructuring and achieving anticipated synergies; (ix) the ability to attract and retain highly qualified employees; (x) insufficient, excess or obsolete inventory; (xi) fluctuating currency exchange rates; (xii) threats and other disruptions to our secure data centers or networks; (xiii) our ability to protect our proprietary technology; (xiv) war or acts of terrorism; and (xv) other one-time events and other important factors disclosed previously and from time to time in the filings of EMC Corporation, the parent company of RSA, with the U.S. Securities and Exchange Commission. EMC and RSA disclaim any obligation to update any such forward-looking statements after the date of this release.
The hooded bandit image courtesy Troy Stoi@freeimages.com.
The post Five Key Principles of a Next Generation Approach to Security Outlined in Effort to Bolster Cyber Defence in Asia appeared first on Vertical Distinct.