"You can't always get what you want" is literally the theme of this year's RSA Security conference in San Francisco. "With increased speed and cunning, hackers are taking advantage of the openness of today's infrastructures," said EMC's executive vice president Art Coviello, Jr. And exacerbating the problem, he said, is the fact that despite openness and open architectures, people aren't banding together for solutions.
This at a conference that officially opened Tuesday morning to a gospel choir prophesying the coming of the age of Getting What You Need. Hopefully Aretha Franklin received a cut of the royalties when one soloist, breaking from script, sang her original lyrics instead of the ones inscribed on the big-screen closed caption: "I-N-F-O-S-E-C, find out what it means to me."
Though today's theme is a subtle, and maybe honest, admission of the current state of affairs in security technology, it would actually come as a shock if the vice chairman of RSA were to announce how much the world had stayed the same over the last year. "Quite frankly, we are at serious risk of failing... In my 17 years in the industry, I've never sold on the basis of fear, and I'm not about to do that now." This after a warning of the "harsh realities" that the world's security infrastructure has become "hell," citing RSA being a major target of attacks itself in March 2011. "We hope the attacks on us will strengthen the resolve of everyone. But the fact is, we are not alone. Never have we witnessed so many high-profile attacks in one year."
"We need to understand that an attack on one of us is an attack on all of us," said Coviello, echoing Pres. George W. Bush just after 9/11, in a tone that could have used the gospel / Rolling Stones treatment from 20 minutes earlier.
He started to integrate messages of resilience, of understanding that networks will be penetrated and resources will be exploited. "We shouldn't be surprised by this easier. However, accepting the inevitability of compromise does not mean we have to accept the inevitability of loss... We can reduce the window of vulnerability to all attacks, and return control firmly to the hands of security practitioners."
This requires a mindset shift, Coviello suggested, from investigating individual events to utilizing analytics tools that "spot faint signals." "Right now, more often than not, they [the attackers] are winning," he said, citing a Verizon report that 91% of data breaches led to compromise within a few days, if not hours. "We need to take the advantage of time away from our adversaries. But we cannot do this with the conventional, silo-oriented point products we have today. Some of these products, we just need to dis-invest in."
Three properties of new security infrastructure: One is that systems must be risk-based. "We must learn to evaluate risk at more substantive and granular levels... There's risk, and then there's risk." Second, systems must be agile. Today's systems, he said, are patchwork quilts of updates that are expected to provide a priori knowledge of threat signatures. "This static model breaks. It does not bend. It provides no resiliency."
The solution to that problem is something that detects patterns of regular user behavior better, in order to detect irregular behavior when it comes along. "Ultimately, we'll have to automate these capabilities and responses. But fortunately, products [along these lines] are already available. We must accelerate their adoption."
The third property he suggested was contextual. "The ability to succeed depends on having the best information available." Log data will not be enough. "Organizations need to adopt a big data model." He defines this as the gathering of security-relevant data sets at massive scale and multiple formats. Data must then be correlated using high-speed analytics, to arrive at actionable information. Coviello believes that intelligence-driven model will leverage big data to shrink the window of vulnerability.
"We need to tap more military experience and military intelligence," Coviello added, citing from a colleague's blog and utilizing a stock photo image of a security geek to illustrate the point that engineers need to be less civilian, less culturally siloed, and more like Gen. Patton.
"To date, information sharing has been almost a cliché for failure. Its success has been limited by distrust, technology gaps, and legal constraints." This has given rise to grass-roots networks of security information sharing, that are developing outside organizations and outside governments. Slowly they're being formalized, going more viral, collaborating with the Dept. of Homeland Security, and presumably looking less and less like a stock photo of a security geek.
Throughout the duration of his keynote speech, the XVP of EMC invoked G.W. Bush ("If you're not with us, you're against us"), Winston Churchill ("If you're going through hell, keep going") and Twisted Sister ("We're not going to take it anymore.")
More news from the RSA Conference in San Francisco throughout the day on ReadWriteWeb.