Top 5 takeaways from RSA Conference 2016
To beat external hackers and disgruntled insiders, security vendors, their customers, and law enforcement must boost innovation, partnerships, and awareness about evolving threats. Now. That was a key message at the RSA Conference, whose 25th edition last week drew almost 40,000 attendees hungry to learn how to best protect their organizations from cybercriminals.
In addition to a parade of shiny new products from 500 exhibitors, the event featured dire warnings about weak links in information security technology and glaring gaps in enterprise IT’s preparedness. The bottom line at this year's show: The industry must do a better job if it hopes to reduce the alarming incidence of headline-grabbing hacks in which bad guys ransack systems, steal corporate secrets, and loot customer data.
Here are top takeaways from RSA Conference 2016:
1. Unleash your security pros
Security analysts need the freedom to innovate and be bold, as well as permission from their employers to proactively hunt down malicious hackers, Amit Yoran, president of RSA, EMC’s security division, said in the conference’s opening keynote. “Our problem isn't a technology problem. Our adversaries aren't beating us because they have better technology,” he said. “They're beating us because they're being more creative, more patient, more persistent. They’re single-minded. They have a target and no prescribed path to get there, no overarching rules limiting them.”
He cited troubling findings from a new RSA survey of 160 respondents regarding their organizations’ ability to detect cyberthreats. For example, only 24 percent of the organizations surveyed reported being satisfied with their threat-detection and investigation capabilities. Specifically, only 8 percent of respondents indicated being able to detect threats very quickly, and only 11 percent said they’re able to investigate threats very quickly.
The survey, which polled companies worldwide from various industries that ranged in staff size from under 1,000 employees to more than 10,000, shows that the respondents are unprepared to protect themselves from advanced threats, partly because they’re not collecting and integrating data effectively, said Yoran.
2. Aim for relentless and radical innovation in security
Other speakers advocated the need for an urgent exploration of alternative security methods, saying the status quo is unacceptable.
Martin Fink, executive vice president and CTO of Hewlett Packard Enterprise, said during a keynote on Wednesday: “We’re fighting an escalating battle, and things are only getting worse. We’re not going to be able to protect ourselves using today’s technology. We need to do something different."
"We need to do something different." — Martin Fink, HPE
Organizations must build security into the entire IT infrastructure, not just at the perimeter, and they must be able to recover from attacks right away, Fink said, adding that HPE's The Machine was being developed as a new kind of hardware system to address these requirements using big data analytics.
“Somebody will get in. It is no longer a matter of if. It is just a matter of when. We have to think about business continuity on a whole new level,” said Fink, whose talk was titled "Turning the Tables: Radical New Approaches to Security Analytics."
Mark McLaughlin, president and CEO of Palo Alto Networks, articulated his worry about a continued erosion of the public’s trust in the digital infrastructure. If attacks continue unabated, we may hit a tipping point in which society will start regressing to less efficient analog methods of doing business, seriously harming economic activity. “We could really take a huge step backward from a productivity perspective,” he said in his keynote, titled "The (Inevitable?) Decline of the Digital Age."
Efforts should center on some key principles, including prevention technology, sharing of threat information, and cyber education. “We have to maintain trust in the digital infrastructure, and we have to restore trust that has been lost, and there’s been a lot of trust lost in the last number of years on this,” he said.
"[We] have to restore trust that has been lost, and there’s been a lot of trust lost in the last number of years on this." — Mark McLaughlin, Palo Alto Networks
At a panel discussion titled "Lessons Learned from Real World CISOs," Tom Baltis, CISO of Blue Cross Blue Shield, told of his company’s efforts in this respect after a rogue employee sold client data to identity thieves. "The level of trust our customers have in us has eroded," said Baltis in a conference blog post. "We're spending a lot of time engaging with our customers to ensure we have a continuing dialogue with them."
"The level of trust our customers have in us has eroded." — Tom Baltis, Blue Cross Blue Shield
3. Collaborate more across orgs, law enforcement
Another idea floated at the conference was the importance of collaboration among good actors: security vendors, businesses, government agencies, and law enforcement. “I would like to see security companies agreeing to work much closer together to strengthen cybersecurity postures for all customer organizations by collaborating on initiatives like threat information sharing,” McLaughlin said in an RSA blog post.
Along these lines, Intel announced an expansion of its cybersecurity partnerships, trumpeting collaboration deals with BT and Siemens, and saying that its Intel Security Innovation Alliance had added 30 new members, to bring the total to more than 150.
Of course, increased cooperation sounds perfectly reasonable in theory, but these efforts can get complicated in real life. This was clear from the controversy between Apple and the FBI over the San Bernardino terrorists’ iPhone. This issue over whether Apple should or shouldn’t assist the FBI in accessing the iPhone’s data was debated at the conference.
Microsoft’s president and chief legal officer Brad Smith sided with Apple, as did a panel of cryptography experts. Meanwhile, Adm. Michael S. Rogers, director of the NSA, didn’t address the Apple controversy specifically but did make a plea for increased and improved cooperation between government and the private sector. Meanwhile, U.S. Attorney General Loretta Lynch expressed support for the FBI and was critical of Apple’s stance.
4. Wearables are all the rage, so take cover
As wearables adoption grows, so will infosec risks. Security vendor Centrify conducted an on-site survey at the conference that found hair-raising practices by attendees with regards to their wearable gizmos. For example, the poll found that almost 70 percent of wearable owners don’t protect access to their devices via passcode, password, or biometric methods, even though more than half (56 percent) use the devices to tap into business apps.
“As wearables become more common in the enterprise, IT departments must take serious steps to protect them as carefully as they do laptops and smartphones,” Bill Mann, Centrify’s chief product officer, said in a press release.
5. Innovation in security technology is key
Among many companies demonstrating at the show, Nuix executives Keith A. Lowry and Christopher Pogue demoed two upcoming products to TechBeacon that bring a law enforcement approach to the enterprise. Insight Adaptive Security, which the company describes as “a continuous-protection platform for end-to-end (point) threat prevention, detection, response, and remediation”; and Nuix Insight Analytics & Intelligence, which it calls “a four-dimensional security intelligence platform for breach investigations, deep-dive forensics, and analysis.”
Startup Terbium Labs was at the show announcing the closing of its Series A funding round ($6.4 million) and talking about its MatchLight product, which is designed to alert clients whenever their stolen data appears on the so-called dark web. Founder and CEO Danny Rogers told TechBeacon that the technology, aimed at early discovery of breaches, might best be described as "Lojack for data."
Armorway was at the show promoting its Trust product, which uses artificial intelligence and is designed to address, investigate, and respond to internal threats. Armorway co-founder and CEO Zare Baghdasarian told TechBeacon that his technology was innovative in the use of game theory to enhance behavioral analytics. Behavioral analytics is important because it allows for greatly narrowing results in big data sets, making big data analytics less cumbersome.
The harsh reality of this year's RSA Conference was perhaps best embodied by one product at the show. Vysk spokesman Hector Nieto said his company's products operated under the assumption that your phone has been compromised. Aimed at big enterprise and government, Vysk's products are hardware (cases) and software (apps) that work in tandem to encrypt all data and communications.