It’s time for security to leave the Dark Ages and seek its own Age of Enlightenment, said RSA president Amit Yoran in his opening keynote at RSA Conference 2015. The strategies and protective systems that security relies on, he said, are not working as desired: “The barbarians are already within the gate. Tall walls are not solving our problems.”
The defensive mindset of the Dark Ages – building castle walls to keep out adversaries – needs to evolve to a more intelligent strategy, Yoran argued. The legacy of 2014, year of the “mega breach”, is evidence of that, he stated.
“You don’t have to be much of a visionary to see that 2015 will become the year of the super-mega breach. 2014 was yet another reminder that we are losing this contest.”
He added that, “In security, the map doesn’t fit the terrain. The perimeter mindset is still with us. We have an irrational obsession with perimeters, but perimeters are limited by their experience. They have to have seen a threat before. They are incapable of detecting the threats that matter the most.”
Yoran backed this up with stats from the latest Verizon Data Breach Investigations Report that state that less than 1% of attacks in 2014 were spotted using SIEM.
“Things are different and we need to realize it. Stop believing that advanced protection works. A creative and focused adversary is going to get inside your environment,” he argued, adding that this realization should be a “catalyst” for change in the security mindset.
To appease those in the audience who may have felt Yoran was merely stating the obvious, he added a number of points he felt would drive security’s move towards ‘Enlightenment’:
- Pervasive and true visibility is integral. If you don’t this, Yoran argued, “You are only pretending to do security.”
- Authentication and identity must be leveraged more, and anti-malware solutions, while “great”, must not be mistaken for effective threat strategy.
- Strong authentication must be backed up with effective analysis of who is accessing what on the network. This is critical in identifying attacks in the early stage.
- Threat intelligence must be operationalized into the environment and tailored to meet company’s needs and allow analysts to work effectively.
- Organizations must prioritize what matters most, and selectively deploy their “limited and precious” security technology, so that they can operate with maximum effectiveness.
“I’m not saying we have all the answers,” Yoran concluded. “But we are trying to change the paradigm that security has been operating under.
“We have sailed off the map but awaiting instruction is not an option. This is not a technology problem; this is a mindset problem. The world has changed and it’s not the terrain that’s wrong.”