RSA: security investment priorities need to change
Investment needs to focus more on detection and response than traditional point protection
IT security budgets need to shift focus from prevention technologies to solutions to handle detection , monitoring and incident response, according to RSA.
Ahmed Abdella, regional manager, RSA Turkey, Emerging Africa and Middle East said that companies are putting too much emphasis on traditional preventative measures such as anti-virus, which fails to recognise that traditional perimeter defence does not adequately deal with today's security risks.
"We are still seeing a lot of people spending maybe 60-70% of their funds on prevention technologies, whereas only 10-15% on detection and monitoring, and only 5-10% on incident response - which is the equivalent of not investing in a fire department to put out a fire," Abdella said.
"We are encouraging people to adopt a more balanced approach towards spending. It specifically applies to technology like anti-virus. In general with technology, you find that with time, you get more out of technology, and you pay less. Anti-virus is one of those technologies where you get less and less every year, when it first came out, it used to 30-40,000 variants of malware, and signature definitions were able to keep up. There is about 80 million variants last year alone, and at best it is estimated that the effectiveness of anti-virus is 40-50%. Every year you get less and less, and you can continue to invest."
RSA is promoting a data and analytics driven approach to security, to help detect anomalous behaviour and react to risks, as they happen. The approach requires more emphasis on monitoring, and on ‘intelligence driven' security solutions.
Alaa Abdulnadi, regional pre-sales manager for RSA explained that traditional point tools are unable to provide the full context of an attack in time, and only work against known threats. For new attacks, intelligent monitoring of the IT infrastructure will give organisations a chance to detect unusual behaviour and act against it.
The company is developing its RSA Security Analytics platform, which aggregates intelligence from multiple sources, and uses a big data analytics approach to detect threats and share the information with customers.
RSA Security Analytics is being integrated into RSA's four key areas of activities in identity, advanced threats, online risk and intelligence, and GRC, Abdulnadi said, and the company has around 12 customers in the region who have adopted security analytics so far, in finance, telecoms and government sectors.
Adoption of a security analytics approach will take time, Abdella added, but RSA is supporting customers with solutions, training programs and professional services to understand and utilise the intelligence.
"It is not going to happen overnight, it requires not just an investment in technology, but investment in people, hiring the right skillsets but also putting in place the right processes, a broken process is just as dangerous as a technology vulnerability," Abdella said.