RSA 2014 and the Need for Intelligence-Driven Security

By Charles King, Pund-IT, Inc.  April 9, 2014

Due to a crazier than usual travel schedule, I wasn’t able to spend as much time at the recent RSA 2014 security conference as I have in years past. But what I did see and hear there provided a lot to consider in the weeks since—enough to fundamentally alter some beliefs I’ve long held concerning the value and potential for success of traditional security technologies.

Anyone who follows the news in an even marginal way likely realizes that individual and organizational digital security are under continuous siege. It is abundantly clear that traditional security solutions are increasingly ineffectual and that vendors’ assurances are often empty promises.

Well-publicized disasters aren’t the only problem. While distressing, breaches like Target’s massive, “scammed-for-the-holidays” exposure of millions of customers’ credit card data are simply large scale examples of the inevitable result of inadequate security practices running head-on into traps set by clever, rapacious online criminals.

In a way, they are starkly similar to headline stories about 100-car pile-ups on interstate freeways. But the bigger and largely unreported problem lies in the hundreds of thousands of relatively minor yet all too common individual security incidents—online exploits and malware attacks, data hacking on public wi-fi networks, password and credit account thefts. These are the security equivalents of fender benders or the anonymous, sometimes malicious damage inflicted on cars in parking lots and other public places.

Due to the sheer number and relatively modest damages of these incidents, they are typically ignored by authorities, but their collective costs and related injuries can be staggering.

Intelligence-Driven Security

Can anything really be done about this? Perhaps. At RSA 2014, the company’s Intelligence-Driven Security strategy was a prime topic of conversation in keynote speeches, breakout sessions and one-on-one conversations.

In RSA’s view, traditional passive security practices, like setting and maintaining defensive security perimeters, simply don’t work against highly aggressive and adaptable threat sources, including criminal organizations and rogue states. In fact, company spokespeople argued that reliance on traditional methodologies is leaving rapidly growing groups, including mobile, BYOD and “shadow” IT users more or less defenseless. These groups, along with more conventional business employees and organizations, are the end users RSA means to protect.

What does the company mean by “intelligence-driven security” exactly? The basic approach focuses on proactive detection rather than passive prevention and understanding risk. That entails both increasing insight into potential threats and expanding visibility into existing vulnerabilities. In other words, accurately measuring threats and the likelihood of attacks in given environments, as well as the susceptibility and preparedness of potential targets.

When context is added to risk understanding, intelligence-driven security becomes possible. RSA approaches the problem not by building, manning and reinforcing walls around an organization’s virtual perimeter (as do the vast majority of conventional security vendors), but by expanding visibility into the physical and behavioral networks that define user interactions. So while the company’s solutions are certainly deployed across and closely monitor activity on wired and wireless network infrastructures, they also keep an eye on individualized connections to spot anomalies, determine whether they are malicious or threatening and act quickly and automatically to quash them.

A Pivotal Moment

To help achieve this, RSA and Pivotal (EMC’s Big Data organization) announced the availability of a reference architecture, providing insights into the visibility, analytics and actionable intelligence that organizations need to detect modern security threats. Along with supporting a scalable approach to deploying security analytics, the new reference architecture can also tie into a broader analytics of IT operations data.

According to RSA, Pivotal’s Hadoop technologies fit naturally within the scope of modern security strategies since they can span vast, scalable repositories of business information and support quick, responsive analytics processes to match patterns and likely outcomes in near-real time.

In a literal sense, using analytics to support security processes and goals is nothing new. But an unfortunate side effect of many such solutions has been the creation of data siloes for specific business units and use cases. In contrast, the goal of RSA’s new Big Data for Security Analytics reference architecture is to create individual, cross-company data warehouses (or “data lakes”) that can be accessed by and acted on by any and all interested parties.

Final Analysis

As technologies continue to proliferate and networks—wired, wireless and human—become ever-larger and more complex, we believe security threats will continue to grow apace. That will put additional pressure on traditional security solutions and strategies that are already buckling and thus increase the threats to already threatened end users.

Given that scenario, RSA’s Intelligence-Driven Security strategy and its Security Analytics solutions and reference architecture constitute a fresh approach in what has become an increasingly stale and stilted industry. While some competitors will likely natter on about addressing critical threats with a still young technology, we would turn the issue around and ask how fully-tested solutions will keep up in a race they are already losing.

The fact is that conventional thinking and thinkers will virtually always oppose new ideas. In 1972, when nearly 55,000 people were killed in car accidents, many car manufacturers and drivers vociferously resisted calls for mandatory seat belts to be installed in all new vehicles. That regulation was finally mandated in 1974 and vehicle fatalities dropped steadily afterward. Other safety technologies and advances faced similar resistance—Electronic Stability Control (ESC), airbags and anti-lock braking systems—and all resulted in safer driving and fewer injuries and fatalities.

We suggest that a similar point is at hand in regards to online security and the increasing inability of commonplace tools and products to deal with the modern threat landscape. With its Intelligence-Driven Security strategy and Security Analytics services and solutions, RSA clearly intends to move ahead of competitors by staying ahead of existing and evolving threats.

© 2014 Pund-IT, Inc. All rights reserved.