Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 3 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

RSA President – Five ways that security can be saved

by The Gurus
April 21, 2015
in Editor's News
Share on FacebookShare on Twitter

Security needs fresh direction and perspective and five areas to resolve it have been identified.
Speaking in the opening keynote at RSA Conference in San Francisco, RSA President Amit Yoran referred to the character Morpheus from the Matrix, who said there is a “difference between knowing and walking the path”, and the path forward requires knowing but not changing how we operate.
Identifying five key areas on navigating the new terrain, Yoran listed these as:
Stop believeing that advanced protections work, as they will fail. He said: “A focused adversary will get into your environment. Is this another castle wall that will be breached? No matter how high or smart our walls are, an advanced adversary will find a way.”
Second was to adopt a deep and pervasive level of visibility everywhere. Yoran said that many organisations are blind to the adversary and need pervasive and true visibility into their environments.
He said that this was describing “what SIEM meant and ought to be”, as you cannot do security without full packet visibility and knowing what systems are connecting with and what, and ultimately content itself to determine what is happening.
“This is a core requirement for any security programme,” he said. “The single most common mistake made is under-scoping an incident and without fully understanding an attacker you are tipping them off to what you are doing.”
Third was authentication and identity mattering more, not less. “Today’s anti-malware solutions are great and buy them, but do not confuse it for an advanced threat strategy,” he said. “The use of identity is a stepping stone for lateral movement and who is accessing what. Identify attack campaigns in the kill chain and move from mistake to disaster, do not make the mistake of trusting the trusted.”
Fourth was to use external threat intelligence. Yoran named several providers of threat intelligence and called them “credible sources” and encouraged the audience to leverage it for increased speed so that security analysts can respond to increased threats.
Finally, he said understand what is most important and what matters most to your organisation as categorisation is not exciting, but it is critical as it helps you prioritise for your organisation. “Focus on accounts, data, apps and devices and know what to defend and do it with all you have,” he said. “I have seen the difference it makes to organisations.”
In conclusion, Yoran said that we “are on a path to changing the paradigm that security has been on for decades”, and this was also starting at RSA.
He said: “We have sailed off the map and awaiting instruction is not an option. It is not a technology problem, is a mindset problem and the world has changed and it is not the terrain that is wrong.”

FacebookTweetLinkedIn
Tags: AuthenticationCyber Securityinformation securityinfosecProtectionRSARSA ConferenceRSACVisibility
ShareTweetShare
Previous Post

RSA – Better visibility and less reliance on technology is required to get out of the dark ages

Next Post

RSA – Department of Homeland Security head talks of continuous struggle with encrypted traffic

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information