Learning From CyberCrooks

By Ericka Chickowski  |  Posted 04-22-2009

If security vendors are to truly help customers strengthen their infrastructure, they need to take a page from the cybercriminals, Art Coviello told the crowd at the RSA opening keynote this week. The adversaries have developed a collaborative ecosystem marked by innovation and agility, he explained, one which works as well as any interdependent system within the legal marketplace.

"This group has some unique advantages. Unlike you, they are not bound by rule of law, they are not bound by SLAs beyond a basic honor among thieves, and they are not bound by governance," Coviello said. "They collaborate, both offline to build their attacks and online in real time. And they've found ways to create relationships to build their supply chain."

In order to succeed against such adversaries, the security community needs to do a better job of working together to build a common security framework.

"Security technologies are still being applied piecemeal, cluttering the landscape and leaving perilous gaps," Coviello said, explaining that this approach sprung forth from IT's ad hoc development.

"If you think about it, our core business structures evolved with no overarching design or master plan,"  Coviello said. "As new technologies emerged, they were stacked one on another in what one IT executive in the audience referred to as a leaning tower of technology on the brink of collapse."

As a result, too many security products have been designed to only protect a single element of the infrastructure.

Coviello's vision of collaboration revolves around taking the four steps of security--policy  management, policy decisions, policy enforcement and policy audits--and decoupling them from the point products so that these steps are performed across the entire infrastructure in one cohesive step. As he explained it, such a decoupling shouldn't strip individual point products of function, but instead should allow them to work interdependently.

"No one wants to know if one particular point product is working; they want to know if the entire (security) infrastructure is working," Coviello said. "In the Web 2.0 world, we've seen the power of mashups. So why not in the security world?"

As he explained, the answer is not a single cohesive product from one vendor. Instead, it requires 'inventive collaboration' from a number of partners to interweave their solution into an adaptable ecosystem as good as the bad guys'.

Coviello outlined three ways the security vendor community can breathe life into this ecosystem. First, vendors must collaborate more on security standards.

Second, they have to be better about sharing technology with one another in order to improve their firepower against the criminals.

And last, they need to enhance technology integration in order to embed security into the infrastructure.
Security practitioners out in the field also have a role in this collaborative process, Coviello said: "Vendors must take the lead, but practitioners must demand this of us."