Some Thoughts from RSA about the Future of Threat Management
March 2, 2012 Leave a comment
- Thinking outside of the box is required to dispatch the new types of threats attacking enterprise IT.
- That type of thinking is not likely to come from traditional security vendors.
It is clear that security professionals understand that their defenses are bound to be breached, and some recognize that the attackers are relentless in pursuing anything worth stealing. The blinders are coming off for many organizations that thought they had nothing worth stealing, and enterprises are looking around to find more effective weapons to defend their company valuables. Sadly, what they are seeing by and large from traditional threat management suppliers are extensions to existing product lines, new features and clever marketing designed to pass off such incremental improvements as innovation. While the need for thinking outside the box has never been greater than it is right now, there is little incentive for traditional threat management suppliers to do that, given their investment in existing technologies.
Though dominant security suppliers such as Cisco are advancing new architectures and initiatives to leverage their strengths while addressing the issue of securing the growing legion of smartphones and tablets invading the enterprise, such initiatives take time. Cisco’s SecureX initiative is a perfect example of how long it can take to accomplish the competing goals of leveraging existing technology and solving new and increasingly urgent problems introduced by the BYOD phenomena. Of course, such foot-dragging opens the door to new startups with no agenda but to apply new thinking to an increasingly urgent problem. This year’s RSA served up a lot of the former from well-established security companies, but there were also a few gold nuggets representing the latter that were buried in the hinterlands of the show floor, as well as in the hotel room suites surrounding the Moscone Center.
Startup Mykonos Software is one such nugget, advancing the concept of an ‘intrusion deception system’ that takes a more proactive approach to spotting and thwarting attacks by rendering the attacker’s automation useless, thereby requiring more brute force efforts until it becomes evident the attack attempt is more work than it is worth. Cisco rival Juniper Networks found the technology so compelling that it bought the startup for $80 million just a couple of weeks ago. Other nuggets at RSA include Damballa, which uses machine learning algorithms to understand how malware evades detection and unearths the communication between bots and their command and control servers. Another promising area worth investigating is the application of big data management techniques to security and contextual information analysis. At RSA 2012, ‘analytics’ was the new ‘plastics’ (a la The Graduate), the byword to describe where the best opportunities for threat management are. In that vein, a new startup called Click Security made its debut, with a new approach to real-time threat detection. These are just a few examples of new and innovative thinking, and that is exactly the type of thinking required of security professionals if they are to succeed in responding effectively to the new threat environment.