The theme of this year’s RSA Conference was “Connect to Protect,” promoting connections among the information security community, IT and other parts of the enterprise, and private and public sectors. It was the 25th annual event, which saw 40,000+ attendees and more than 550 vendors in the expo hall showing off their wares.
Over a number of days, keynotes from industry leaders addressed the need to do something different. Debates focused on the Internet of Things, industrial control systems, encryption, artificial intelligence and machine learning, crowdsourcing, and more, with many reflecting on current industry news.
Here are some of the highlights and themes of the week that particularly interested me:
In the top 10 finalists battle for the title of the “Innovation Sandbox” session, each vendor had three minutes to pitch to a panel of judges why their solution will have the greatest impact on information security in 2016. Phantom was the contest winner, describing how a typical enterprise has over 50 security solutions and nothing interoperates. Their solution tries to solve this by offering an open and orchestrated security platform.
Many vendors were talking about the need for security orchestration and how, in light of the challenge to hire skilled talent, teams need help integrating security tools and workflows. The industry needs to work together to make it easier for security professionals to do their job. The other side to this is the need to consolidate security solutions into a platform and move away from siloed approaches to solving security challenges.
A very big theme that many vendors were talking about was threat intelligence. Whilst not new, it has evolved over the years to the point where many organisations are grappling with what to do with all of the data. We have seen various threat feeds being bundled into security solutions, web portals offering the latest security bulletins, indicators published on an ad hoc basis, and vendors trying to establish their own standards as opposed to aligning with industry- and community-based standards, such as STIX and TAXII. Whilst STIX and TAXII had evolved, security solutions and processes had not. Manual efforts were still required to be fed directly into the systems and, typically, required additional processing and analysis of raw information before being used.
The goal here is to provide as much end-to-end automation as possible, to collect the raw information from various sources, normalise the data as no one source looks the same, de-duplicate the data, age out the data, and the final piece is to use the data automatically in security solutions. As an industry we need to move away from manual analysis in processing the raw information. We need to be able to automate the enforcement to prevent an attack from taking place or the attackers from achieving their objective.
The shortage of skills was mentioned during keynotes and in a lot of sessions I visited. When we look at the continuing rise of successful cyberattacks, as well as the growing focus on cybersecurity in businesses today, this has created the need for more skilled security professionals. This is an area that is often debated and was no different at RSA, with many saying that there aren’t enough people entering the field with the required skills, that the education and required skills may not necessarily be taught, and that the required skills are not necessarily taught but rather learned on the job. Unlike many industries, security is not a stand-alone discipline; it is actually a discipline within the computer field. Treating it otherwise is a mistake.
At the same time, businesses need to learn to foster these types of skills to be taught, looking at developing new processes and even operational models. Businesses should look to have programs in place to identify competent professionals within their own organisation and offer them jobs and training that will arm them with the security expertise needed. Whilst throwing more people at the security challenges, it is time businesses look to leverage other ways they have built, run and managed security in their environments and look to automate as much as they can.
When relating these themes to Asia-Pacific, I see that we are no different to the rest of the world. These are global challenges; and, in Asia-Pacific, we need to all work through these challenges together. The cyber attackers don’t discriminate against industries and geographies. Organisations in Asia-Pacific need to automate as much as possible. We, like every other part of the world, have a skillset shortage challenge. Like many organisations and governments, we are working to solve that by funding from industry to build security curriculum to be taught in higher education, governments investing in internship programs, we need to think about doing things smarter. Automation is key here. We need to work on preventing attacks, detecting the unknowns and closing the time it takes to turn them into known threats and provide this timely threat intelligence to everyone else – across all industries in Asia-Pacific.
In keeping with the theme of RSA, we need to connect as many people and businesses together as we can to solve the security challenges facing all of us. Security needs to be a team sport. Collaboration is something we need to continue to do more of across industries and between the public and private sectors. Working in siloes and not sharing what we have learned will only slow us down in our mission: to defend our people, organisations and information.
[Palo Alto Networks Research Center]