SAN FRANCISCO--The sheer volume of attacks against enterprises and governments in 2011 showed that security is critical, but the security industry is "in serious risk of failing" to protect organizations, said Arthur Coviello, executive chairman of RSA, during his opening keynote address at the 2012 RSA Conference.
Signature-based and perimeter-heavy defenses no longer work, and the industry needs to shift attention to new types of security defenses, said Coviello, who kicked off the show Feb. 28. Organizations have to assume their networks will be penetrated and put in protections to minimize data theft or damage as a result of the compromise, Coviello told attendees who gathered at the Moscone Center here for the conference.
Security technology that organizations should be considering should have three elements, said Coviello.
The first is being risk-based, which allows IT managers to look at what is going on within their environment and properly prioritize what needs to be fixed. Managing risk is critical, he said.
The second element is being agile, as the platform of choice needs to be situational aware and be able to react immediately when something goes wrong. Today's security is often a "patchwork of controls" spewing out "too much data and not enough intelligence," said Coviello.
Finally, there is context-awareness--and this is critical. There needs to be a way to tell when a certain activity is an anomaly and not part of user behavior despite it seeming harmless.
All these elements together allow organizations to respond in real time to threats.
Organizations "have gone through hell" in the 12 months since last year's conference, said Coviello, and that includes RSA.
Coviello was referencing the incident where unknown perpetrators--who still have not been unmasked a year later--breached RSA Security servers and managed to steal data related to the SecurID two-factor authentication technology. RSA shared the pain of regaining customer trust and trying to secure its systems that other breached organizations felt, said Coviello.
"An attack on one of us is an attack on all of us," he said.
RSA also experienced a sense of urgency to apply the lessons learned from the breach to make its systems stronger as well as to share the information with the rest of the industry. The attack influenced how the company shares data, its investments and its overall strategy.
The types of attacks have also changed, as last year was the first time there were so many "stepping stone" attacks, said Coviello, referring to incidents where an organization was breached to steal information that could be used to launch a more complex and potentially more rewarding attack.
The SecurID breach was one such attack, as there is evidence the attackers used the stolen information to launch attacks against Lockheed Martin, a defense contractor. The attacks against certificate authorities, such as the one against DigiNotar, a Dutch certificate authority, is another, as the perpetrators were focused on stealing security certificates that could be used to masquerade as legitimate Websites.
Coviello hopes that the increasing number of attacks will strengthen the sense of urgency within the industry to work on methods to improve organization defenses.