Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Is security really stuck in the Dark Ages?

Taylor Armerding | May 25, 2015
Amit Yoran’s colleagues didn’t agree with everything the RSA President said at his keynote last month. But most say he got the essentials right – things are bad and getting worse, and the industry needs a new mindset.

But, he said, "the good news is that RSA already has a robust software security approach. It's being run by Eric Baize, and he's doing a great job."

Gula and others say the industry is moving in the right direction, through compliance with regulatory regimes like SOX (Sarbanes-Oxley Act) and PCI DSS (Payment Card Industry Data Security Standard) that, "require least use of privilege, no admin accounts, etc. -- these are directed against insiders. Also, there is a move by many organizations with cloud assets to have centralized authentication, such as single sign-on, which is also a large deterrent and form of detection of insiders," he said.

But they also offered a few additional suggestions for what Yoran said should be the goal -- a new "Age of Enlightenment" in security.

Chuvakin said that good visibility should be supported by, "effective security incident planning."

According to Sudhakar, organizations should be using, "behavioral analytics and machine learning to uncover hidden threats and vulnerabilities."

He added that since IT security people are hard to find and retain, organizations should, "automate to the maximum degree possible so that you can do more with less. Automation can also change the internal dynamic, as IT security staff can become threat hunters instead of being the hunted."

Kraus also said planning is important. In war, he said, "does the U.S. simply give soldiers guns and point them to the battlefield? Or, is it more likely that they train their soldiers and appoint leaders to drive the battle to a successful outcome?"

Overall, as tough as the message was, it was welcome. Yoran said this week that while he had been uncertain about what the response to his keynote would be, "I was actually a bit surprised by seemingly unanimous support from colleagues and even competitors. Many people have come up to me or tweeted since that I said what needed to be said, and that they hoped that the speech served as a catalyst for necessary and significant change in the industry's mindset."

 

Previous Page  1  2  3  4 

Sign up for MIS Asia eNewsletters.