Big Data Could Bolster Security Models, But It's Early: RSA Chairman
Big data security analytics could be the foundation of a new, more agile security model, catching up to cybercriminals hell-bent on stealing information, taking down corporate networks or penetrating and disrupting critical infrastructure facilities, said Art Coviello, executive vice president of EMC and executive chairman of RSA, EMC's security division.
Kicking off the 2013 RSA Conference in San Francisco, Coviello told thousands of attendees that integrating powerful analytics on internal security and business data and external threat intelligence information is only just emerging, but over time it could help businesses gain new insight into attacks targeting their systems. It could help businesses keep pace with attackers and some well-funded cybercriminal groups, he said.
"As of now we are only at the dawn of big data," Coviello said. "Big data truly has the potential to transform our lives for the better, our health, environment and livelihoods; almost every aspect of our daily lives."
[Related: 8 Ways Big Data Will Change Our Lives ]
A unified, intelligence-driven security architecture would offer true defense in depth, Coviello said. The model depends on an emphasis on threat-intelligence sharing by security vendors, government agencies and businesses, he said.
"I'm not talking about perfect security," Coviello said. "I'm talking about a model that evolves and learns from change -- a model that allows us to detect attacks quickly and respond quickly, a model based on big data."
Coviello and other security executives here are hitting the ground talking up the recent string of data breaches, punctuated by the targeted attack on The New York Times and other breaches, many of which are the result of stolen account credentials. In addition to financially motivated cybercriminals out to steal credit card data and other sensitive data, hacktivists are attempting to disrupt networks, and targeted attackers are out for intellectual property, Coviello said.
Nation-state driven attacks are also a serious concern, Coviello said. A recent report from security incident response firm Mandiant connected more than 100 attacks globally to a single hacking group based in China, with evidence linking it to the Chinese government. The report said there could be up to 20 such groups.
Meanwhile, the federal government is attempting to lay the groundwork to gain better visibility and control over the security of critical infrastructure facilities, the vast majority of which are owned by private networks. Coviello warned that while the risk is low, attacks on digital systems that result in physical destruction will no longer require manual intervention.
NEXT: Financial Industry Facing Potentially Serious Problems
Distributed denial-of-service (DDoS) attacks, which have been targeting many U.S. financial institutions, have the potential to be ramped up, causing more of a serious problem than the risk posed by potentially destructive attacks against critical infrastructure, Coviello said. Experts are predicting an escalation on such attacks. Economic losses would be severe or even catastrophic, he said.
"The escalation is about the source and severity with which they are being carried out," Coviello said. "Disruptive attacks will be the prelude, the pathway to destructive attacks."
Using threat intelligence on top of security data has been the central message coming from RSA and many of its competitors. Both RSA and IBM made announcements integrating the Hadoop big data analytics framework into their security products. RSA is integrating the Hadoop with its NetWitness network monitoring and EnVision security information and event management appliances. Both security firms acknowledged that the emerging technology only will be used by a handful of early adopters.
This week, RSA also announced an expanded partnership with Juniper Networks in which the networking security vendor will provide its new threat intelligence global hacker database service to the RSA Live threat intelligence feeds.
Juniper Networks announced its new global hacker database, which is being created by using a technology that fingerprints attacker devices rather than their IP address. The Junos Spotlight Secure, announced at the conference, is based on the Mykonos Software technology that Juniper acquired last year. RSA also partners with Juniper in mobile interoperability testing to enable the firm's mobile authentication technologies to support Juniper's SSL product.
Following Coveillo's keynote presentation, one information security executive at a Fortune 1000 company called the approach being advocated by Coviello and others extremely promising but also potentially dangerous if big data repositories fall into the wrong hands and are abused by dangerous people. "It's everything we've been talking about for years and it's slowly coming to fruition," he told CRN, declining to give his name. "But it comes with serious implications if the wrong person is controlling that data."
Coviello and other RSA executives call the announcements, and many like it from other security vendors at the conference, the beginning stages of changing the way security is applied at organizations. "It's about using the massive amounts of data being collected to make better decisions," he said.
"We need to recognize that this is the trend line that we are working on and that it all means we need to take a much different approach to security," Coviello told reporters at a press conference Monday. "A couple of years ago we talked about a reactive approach; now we're talking about an intelligence-driven approach. Some of you will be cynical about whether, or if, we will be capable to carry this out, but my job is to do the best we can to provide this kind of capability."
PUBLISHED FEB. 26, 2013