Real-Time Endpoint Threat Detection and Response

We’re Losing – Big Time: The Cyber Security Reality

Posted by Nate Buell    Feb 29, 2012 5:48:00 PM

“The reality today is that we are in a race with our adversaries, and right now, more often than not, they are winning,” said RSA chief Art Coviello in front of a massive crowd during the RSA Conference kickoff keynote yesterday.

It’s no longer a question of “Will I be attacked?” but instead, “When?”

“People in our line of work have been going through hell in the past 12 months," he said. "Our networks will be penetrated. We should no longer be surprised by this."

Today’s attackers are determined, they know exactly what they want and are willing to work and wait for it.

"Never have the attacks been as targeted, with the aim of breaching one organization as a stepping stone to breaching others," he said. And according to Verizon’s soon-to-be-released 2012 Data Breach Investigations Report, almost 80 percent of cyber security breaches weren’t discovered until weeks – or even months later. 

Coviello continued to explain that traditionally, organizations have tried to build the biggest, strongest defenses possible to keep attackers out – but this Maginot Line-style approach is static, complex, layered and expensive – and simply won’t work.

An excellent LiquidMatrix Security Digest article this week summarizes why we are losing – big time – in the race to stop the existing threats and adversaries we face, noting that:

  • Technology evolves at an alarming rate and to secure it you have to stay in front of it, unfortunately there are probably new technologies you probably don’t even know of as users adopt new tech at stupefying rates, the technology that mattered yesterday may be irrelevant tomorrow;
  • We are always applying imperfect defenses to protect a fundamentally flawed system, the proverbial wrong cure for an unacknowledged disease;
  • The pool of things we have to defend are growing at geometric and sometimes exponential rates (there is no linear) but even worse these things have complexity as both a planned and emergent property. The threats we protect against are continuously improving in capability while growing in number;
  • Our capacity to create and move data grows in leaps and bounds but our capacity to protect it does not; and
  • Our defenses are only tested to defend against the weakest attackers and our compliance driven approach focuses on only doing enough.

In order to protect their most critical assets, Coviello explained, organizations must fundamentally change their approach to security. They must become as agile and well-informed as their attackers to successfully defend against today’s advanced persistent threats. They must build intelligence-led security programs that leverage ways to monitor, gather, analyze and act on real-time information to detect and combat these attacks.  

Furthermore, Coviello said, “We need to tap more military experience and military intelligence experience. The new breed of analysts I'm talking about need to be offensive in their mindset."

This level of expertise, he said, is critical in combating increased attacks from criminals, hacktivists and "irresponsible nation states.”

Blog covers topics related to detecting and monitoring in-progress cyber attacks for IT security operations teams.

Subscribe to Email Updates