RSA's Art Coviello kicked off this week's RSA Conference 2009 with a simple message to security vendors: Come together.
Coviello in a keynote address at the San Francisco security conference called on his peers across the IT security industry to collaborate with each other and build a common technology development process. The aim is to combat the growing threat of organized cybercriminals, Coviello said.
 |
| Art Coviello at RSA Conference 2009 |
"Cybercriminals have unique advantages: They're not bound by any rule of law, they aren't bound by service agreements beyond honor among thieves and they aren't bound by governance and compliance," said Coviello, executive vice president of EMC and president of RSA, EMC's security division. "They control massive armies of bots, and they collaborate offline to build their attacks and online to launch them. This is what we're up against."
To successfully combat the ecosystem of cybercriminals, security vendors need to work to embed security functionality into the overall IT infrastructure rather than build overlapping functionality into point products, Coviello said.
"For us to succeed against such an advantaged adversary, vendors must take the lead ... We are the only ones in a position to build a security ecosystem," Coviello said. "My call to action is to build a common development process that ensures we're faster and more flexible than the cybercriminals."
Functionality such as policy management, policy decisions, policy enforcement and policy audit should be decoupled from point products and embedded throughout the infrastructure, Coviello said.
"The real breakthrough ... comes when you decouple individual functionality. This allows products to act as a complete system," he said. For example, an integrated security infrastructure could enable policy control based on context, with a data loss prevention system triggering desktop file encryption or digital rights management based on content or type of risk, he said.
Coviello called for vendors to collaborate on standards, share technology and enhance technology integration, pointing to several RSA initiatives as examples. On the standards front, RSA, Bedford, Mass., is working with Hewlett-Packard and IBM on the Key Management Infrastructure standard for enterprise encryption. RSA at the conference also launched the RSA Share Project, through which it is offering the BSAFE Share encryption toolkit to application developers for free. In addition, RSA is working with Cisco Systems and Microsoft to embed its data loss prevention technology into their infrastructure products, Coviello said.
"When you have a common enemy, which is what cybercrime is, it galvanizes organizations to work together," said Scott Charney, Microsoft's corporate vice president of Trustworthy Computing, who, along with Cisco Senior Vice President of Wireless and Security Technology Brett Galloway, joined Coviello on stage.
When asked for his response to naysayers who claim that security vendors won't or can't work with each other, Galloway offered, "I'd say they're wrong. It's happening now."
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
