RSA president: IT security a 'mindset problem'
Amit Yoran kicks off RSA Conference Abu Dhabi with call to rethink cyber-security
The challenges facing IT security do not make for a technology problem, but rather a mindset problem, according to Amit Yoran, president of RSA.
Speaking at the opening keynote of this week's RSA Conference Abu Dhabi, Yoran explained that, rather than simply throwing technology at the problem of cyber-security, organisations needed to combine technology adoption with education and processes. Only by doing this would organisations have the best chance of protecting themselves from cyber-criminals, he said.
"We're on a very aggressive path to change the paradigm under which the security industry has acted for decades. We have sailed off the map," he said.
That said, Yoran did advocate the use of many security-based technologies, but he insisted that they should be used intelligently to gain network visibility for incident detection, and not used to create a perimeter defence.
"You need to know exactly what is happening in the environment in order to answer the difficult questions. These aren't nice to haves, these are fundamental building blocks. Without these core technologies, the job of incident response is even more difficult," he said.
Indeed, Yoran insisted that incident response is now more pertinent than ever, as cyber-criminals are able to access corporate networks so easily. Citing research from Verizon, he said that malware is the primary attack vector in less than half of advanced breaches; instead, 95% of the time, attackers use stolen credentials and simply walk right in.
Yoran also advised that, upon the discovery of a breach, organisations should think carefully before taking steps against it.
"The single most common and most catastrophic mistakes made by teams today is to detect an attack, and then rush to deal with it, rather than understand the broader goal of the campaign. You could also be tipping off your adversary," he said.
The next keynote speech was delivered by Ashok Sankar, senior director of cyber strategy at Raytheon/Websense, who advocated the use of technological innovations such as data analytics in order to stay ahead of cyber criminals. Underpinning these technologies, he said, should be rich data sets that provide insight into network activity.
"We need to monitor end user activity and determine their behaviour. We need to know who the risky users are and why," he said.
"Raw data alone is not enough - we need it in context. Contextual information that offers insight into what is happening around a particular event is very important. Information on user activity can help you."
When it comes to the analysis of that information, Sankar said that analytics should be put to use. He said that various automation techniques can help security professionals to "rummage through the haystack" and filter through the informational anomalies.
The RSA Conference Abu Dhabi is being held at the Emirates Palace Hotel and runs until tomorrow.