SAN FRANCISCO, April 21, 2015 /PRNewswire/ -- RSA
CONFERENCE 2015 --
News Summary:
- RSA President Amit Yoran says
continuing challenges of the security industry are a mindset
problem; not a technology problem
- Yoran explains that any security approach based on predictable
tools and even malware detection will fail against today's attack
campaigns
- Yoran lays out five recommendations to address industry's
shortcomings and better combat advanced threats
- Download Video of the keynote and a copy of Yoran's
remarks
Full Story:
In front of a record number of computer security professionals
attending RSA's signature conference, Amit
Yoran, president of RSA, The Security Division of EMC (NYSE:
EMC), challenged the industry to relinquish its legacy
approaches to combatting cyber attacks; approaches that have failed
but continue to give organizations a false sense of security.
"2014 was yet another reminder that we are losing this contest,"
Yoran said in his keynote remarks to more than 30,000 cyber
industry executives. "The adversaries are out-maneuvering the
industry ... and winning by every measure."
He compared the industry's current approach to a mindset stuck
in the Dark Ages, whereby companies employ security strategies and
solutions that no longer map to the business and threat environment
we face. "To keep the barbarians away, we're simply building taller
castle walls and digging deeper moats. Taller walls won't solve our
problem."
Yoran argues that the industry continues to seek a technology
solution to what is fundamentally a problem of strategic approach;
that an iterative approach to improving our defensive strategy is
incapable of beating threat actors who are able to evolve their
tactics far faster than we can build new walls. Based on his
decades of experience ranging from his time with the Department of
Defense to his leadership today of one of the world's leading
security companies, Yoran outlined his vision for a path
forward:
- Stop Believing that Even Advanced Protections Are
Sufficient
"No matter how high or smart the walls, focused
adversaries will find ways over, under, around, and through." Many
of the advanced attacks last year did not even use malware as a
primary tactic.
- Adopt a Deep and Pervasive Level of True Visibility
Everywhere – from the Endpoint to the Cloud
"We need
pervasive and true visibility into our enterprise environments. You
simply can't do security today without the visibility of both
continuous full packet capture and endpoint compromise assessment
visibility."
- Identity and authentication matter more than ever
"In a world with no perimeter and with fewer security anchor
points, identity and authentication matter more than ever . . . At
some point in [any successful attack] campaign, the abuse of
identity is a stepping stone the attackers use to impose their
will."
- External threat intelligence is a core capability
"There are incredible sources for the right threat intelligence . .
. [which] should be machine-readable and automated for increased
speed and leverage. It should be operationalized into your
security program and tailored to our organization's assets and
interests so that analysts can quickly address the threats that
pose the most risk."
- Understand what matters most to your business and what is
mission critical.
"You must understand what matters to your business and what is
mission critical. You have to . . . defend what's important
and defend it with everything you have."
Yoran noted that RSA, as a company, is re-aligning to map itself
to this new paradigm. "As an industry, we are on a journey that
will continue to evolve in the years to come through the efforts of
all of us here today." He continued, "We have sailed off the map,
my friends. Sitting here and awaiting instructions isn't an
option. And neither is what we've been doing – continuing to
sail on with our existing maps even though the world has
changed."
Yoran concluded that many of the technologies exist to provide
true visibility, proper threat intelligence and systems that help
manage digital and business risk. "This is not a technology
problem," he said. "This is a mindset problem."
Additional Resources
- Download Amit Yoran's RSA
Conference 2015 keynote transcript
- Watch Amit Yoran's keynote
on-demand: http://www.rsaconference.com/us15/rsa
- Find keynotes videos, schedules, events and sessions at RSA
Conference 2015
- Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and
the RSA Speaking of Security Blog and Podcast.
About RSA
RSA's Intelligence Driven Security solutions help organizations
reduce the risks of operating in a digital world. Through
visibility, analysis, and action, RSA solutions give customers the
ability to detect, investigate and respond to advanced threats;
confirm and manage identities; and ultimately, help prevent IP
theft, fraud and cybercrime. For more information on RSA,
please visit www.rsa.com.
EMC and RSA are registered trademarks of EMC Corporation in
the United States and other
countries. All other products and/or services referenced are
trademarks of their respective companies.
This release contains "forward-looking statements" as defined
under the Federal Securities Laws. Actual results could
differ materially from those projected in the forward-looking
statements as a result of certain risk factors, including but not
limited to: (i) adverse changes in general economic or market
conditions; (ii) delays or reductions in information technology
spending; (iii) the relative and varying rates of product price and
component cost declines and the volume and mixture of product and
services revenues; (iv) competitive factors, including but not
limited to pricing pressures and new product introductions; (v)
component and product quality and availability; (vi) fluctuations
in VMware, Inc.'s operating results and risks associated with
trading of VMware stock; (vii) the transition to new products, the
uncertainty of customer acceptance of new product offerings and
rapid technological and market change; (viii) risks associated with
managing the growth of our business, including risks associated
with acquisitions and investments and the challenges and costs of
integration, restructuring and achieving anticipated synergies;
(ix) the ability to attract and retain highly qualified employees;
(x) insufficient, excess or obsolete inventory; (xi) fluctuating
currency exchange rates; (xii) threats and other disruptions to our
secure data centers or networks; (xiii) our ability to protect our
proprietary technology; (xiv) war or acts of terrorism; and (xv)
other one-time events and other important factors disclosed
previously and from time to time in the filings of EMC Corporation,
the parent company of RSA, with the U.S. Securities and Exchange
Commission. EMC and RSA disclaim any obligation to update any
such forward-looking statements after the date of this
release.
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/amit-yoran-calls-for-security-industry-to-throw-out-old-maps-chart-new-course-300069304.html
SOURCE RSA