Leveraging big data approaches can help make the much-needed intelligence-driven security model a reality
Action needed from the highest levels of companies, as well as practitioners, governments and vendors
AT the first RSA Conference held 22 years ago, 50 cryptographers gathered together to discuss the need for privacy and confidentiality in the online world that was rapidly emerging.
As farsighted as they were, they couldn't have anticipated the sheer scale and pace of technology innovation and adoption that have since occurred.
During his opening keynote at the inaugural Asia Pacific edition of the annual security conference, held in Singapore, Art Coviello (pic), executive vice president of EMC Corporation and executive chairman of RSA, said that in the face of growing and sophisticated cyber attacks, many organisations are “frustrated … angry and often confused.”
However, he noted that this was largely due to a fear of the unknown, adding that one can be in a better position to address such threats with not just awareness, but also knowledge.
“To really understand the problem and what to do about it, you need perspective on three things: The attack surface, the threat environment and how security models must evolve,” he said.
According to Coviello, IT security models that rely heavily on perimeter-based defences make it impossible to anticipate or spot unknown threats, while an intelligence-driven security model – which leverages big data analytics for pervasive monitoring, threat information-sharing and intelligent controls – is designed to allow for more rapid detection of attacks and shortening an attacker’s dwell time within a breached enterprise.
“Fundamentally, big data is the ability to extract meaning to sort through the masses of data elements and find the hidden patterns, the unexpected correlation or the surprising connection,” he said.
“It is about analysing vast and complex data sets at high speed that, in our case, will allow us to spot the faint signal of an attack – because at some point, no matter how clever the attackers, they must do something anomalous,” he added.
The main driver for this rising need to evolve the way organisations approach their security is the rise of the ‘third platform era,’ identified by research firm IDC as an ecosystem driven by mobile, social, cloud and big data.
This is a shift from the second platform, defined by LAN/ Internet, Client Server and the PC era, which was preceded by the Mainframe Terminal era, the first platform.
“It was only in 2007 that the iPhone was launched. Today, we have full mobile ubiquity and by 2020, thanks to the expansion of the Internet enabled by IPv6 (Internet Protocol version 6), we will have hundreds of millions of devices connected to the Internet,” said Coviello.
He said these ‘third platform’ trends have already taken away the primary element of the historical model for cyber-security, the perimeter defence.
“We are in a hyper-connected word that has facilitated access and productivity for ourselves, with the unintended consequences of doing the same for our adversaries,” he said.
“And if that weren’t enough, with the advent of social media, we are making it easier and easier for those adversaries to trick, spoof and assume our digital personas,” he added.
The most troubling evolution, according to Coviello, is the shift from traditional intrusive attacks aimed at fraud and IP theft to disruptive attacks such as the on-going DDoS (Distributed Denial of Service) attacks against American banks in addition to the Saudi Aramco attack that used the Shamoon virus to wipe out thousand of desktops and hard drives of internal systems.
He also distinguished between the disruptive attacks that are currently becoming more commonplace, which create the potential for economic loss and a loss in public confidence, and destructive attacks.
“The evolution to disruptive attacks is a serious escalation because they are the precursor, the pathway, to those long anticipated destructive ones,” he said.
However, Coviello noted that such attacks are still next to impossible to carry out solely from the Internet without manual intervention. But as the transition to IPv6 continues with the creation of the Internet of Things which enable more elements of physical infrastructure, attacks on digital systems that result in physical destruction will finally become a reality.
Next page: RSA makes urgent call for greater collaboration