Security needs fresh direction and perspective and five areas to resolve it have been identified.
Speaking in the opening keynote at RSA Conference in San Francisco, RSA President Amit Yoran referred to the character Morpheus from the Matrix, who said there is a “difference between knowing and walking the path”, and the path forward requires knowing but not changing how we operate.
Identifying five key areas on navigating the new terrain, Yoran listed these as:
Stop believeing that advanced protections work, as they will fail. He said: “A focused adversary will get into your environment. Is this another castle wall that will be breached? No matter how high or smart our walls are, an advanced adversary will find a way.”
Second was to adopt a deep and pervasive level of visibility everywhere. Yoran said that many organisations are blind to the adversary and need pervasive and true visibility into their environments.
He said that this was describing “what SIEM meant and ought to be”, as you cannot do security without full packet visibility and knowing what systems are connecting with and what, and ultimately content itself to determine what is happening.
“This is a core requirement for any security programme,” he said. “The single most common mistake made is under-scoping an incident and without fully understanding an attacker you are tipping them off to what you are doing.”
Third was authentication and identity mattering more, not less. “Today’s anti-malware solutions are great and buy them, but do not confuse it for an advanced threat strategy,” he said. “The use of identity is a stepping stone for lateral movement and who is accessing what. Identify attack campaigns in the kill chain and move from mistake to disaster, do not make the mistake of trusting the trusted.”
Fourth was to use external threat intelligence. Yoran named several providers of threat intelligence and called them “credible sources” and encouraged the audience to leverage it for increased speed so that security analysts can respond to increased threats.
Finally, he said understand what is most important and what matters most to your organisation as categorisation is not exciting, but it is critical as it helps you prioritise for your organisation. “Focus on accounts, data, apps and devices and know what to defend and do it with all you have,” he said. “I have seen the difference it makes to organisations.”
In conclusion, Yoran said that we “are on a path to changing the paradigm that security has been on for decades”, and this was also starting at RSA.
He said: “We have sailed off the map and awaiting instruction is not an option. It is not a technology problem, is a mindset problem and the world has changed and it is not the terrain that is wrong.”