RSA: Collaboration Key To Victory Over Cybercriminals
Coviello in a keynote address at the San Francisco security conference called on his peers across the IT security industry to collaborate with each other and build a common technology development process. The aim is to combat the growing threat of organized cybercriminals, Coviello said.
"Cybercriminals have unique advantages: They're not bound by any rule of law, they aren't bound by service agreements beyond honor among thieves and they aren't bound by governance and compliance," said Coviello, executive vice president of EMC and president of RSA, EMC's security division. "They control massive armies of bots, and they collaborate offline to build their attacks and online to launch them. This is what we're up against."
To successfully combat the ecosystem of cybercriminals, security vendors need to work to embed security functionality into the overall IT infrastructure rather than build overlapping functionality into point products, Coviello said.
"For us to succeed against such an advantaged adversary, vendors must take the lead ... We are the only ones in a position to build a security ecosystem," Coviello said. "My call to action is to build a common development process that ensures we're faster and more flexible than the cybercriminals."
Functionality such as policy management, policy decisions, policy enforcement and policy audit should be decoupled from point products and embedded throughout the infrastructure, Coviello said.
"The real breakthrough ... comes when you decouple individual functionality. This allows products to act as a complete system," he said. For example, an integrated security infrastructure could enable policy control based on context, with a data loss prevention system triggering desktop file encryption or digital rights management based on content or type of risk, he said.
Coviello called for vendors to collaborate on standards, share technology and enhance technology integration, pointing to several RSA initiatives as examples. On the standards front, RSA, Bedford, Mass., is working with Hewlett-Packard and IBM on the Key Management Infrastructure standard for enterprise encryption. RSA at the conference also launched the RSA Share Project, through which it is offering the BSAFE Share encryption toolkit to application developers for free. In addition, RSA is working with Cisco Systems and Microsoft to embed its data loss prevention technology into their infrastructure products, Coviello said.
"When you have a common enemy, which is what cybercrime is, it galvanizes organizations to work together," said Scott Charney, Microsoft's corporate vice president of Trustworthy Computing, who, along with Cisco Senior Vice President of Wireless and Security Technology Brett Galloway, joined Coviello on stage.
When asked for his response to naysayers who claim that security vendors won't or can't work with each other, Galloway offered, "I'd say they're wrong. It's happening now."