RSA President Amit Yoran: The Security Industry Needs A Wake-Up Call
As companies start to talk about the move from prevention technologies to detection and response, they also need to walk the walk, RSA President Amit Yoran said in his keynote address opening the 2016 RSA Conference in San Francisco.
The comments follow Yoran's keynote last year, which called for the security industry to embrace a new approach to cybersecurity -- one that moved away from perimeter technologies to one that invests in visibility, analytics and threat intelligence.
In the past year, the industry has awoken to this trend, with many industry leaders pronouncing the "death of the perimeter." However, Yoran said, the security industry is still failing to put that knowledge into practice. Intellectually, the industry understands the need to move away from perimeter technologies, he said, but they haven't changed their behavior.
"Intellectually, we get it, but that's not translating into changed behavior fast enough. … Prevention is a failed strategy. But if you continue to invest solely in prevention, what good is [understanding] that?" Yoran said. "Are you leading your organization into security's future or clinging on to the past?"
Only about 10 percent of budgets today are spent on detection and response technologies, Yoran said, citing numbers from market research firm Gartner. But, he said, budgets are starting to shift, and Gartner predicts that by 2020, about 60 percent of IT security budgets will be spent on detection and response.
Yoran said security companies need to focus on what he called a "new world order," which places greater emphasis on monitoring and response, recognizing that ultimately, protection technologies will fail. Evidence of that in the past year includes the largest health-care breach in history, -- the Anthem breach in February -- and what was arguably the largest data breach of all time last summer at the U.S. Office of Personnel Management.
Some of the security capabilities and technologies in that new world include full visibility, mobile platforms, identity and access management, and cloud-based services. Yoran said the talent shortage in the cybersecurity industry also poses a significant obstacle to solving this problem, as there are more than 200,000 unfilled positions in the sector. Embracing automation technologies is key, he said, as is promoting a culture that gets creative about bringing in new talent.
"Let's reclaim our heritage of intellectual curiosity and rekindle the crazy spirit that brings diverse perspectives," Yoran said.
These technologies, if implemented correctly, will drive better analytics and business intelligence, he said, advances that Yoran said "hold incredible promise for transforming how we do security."
Bedford, Mass.-based RSA, for one, is working toward walking the walk in this area, Yoran said, striving to deliver technology with "unparalleled visibility." The company has been sharpening its focus on advanced security operations and incident response, authentication and identity management, and governance, risk and compliance. It has exited some of its businesses, as well, including DLP and crypto.
"You are how you behave," Yoran said. "Our industry needs to wake up. What are you going to do differently this year?"