BOSTON -- Threat intelligence sharing must reach across industries rather than individual sectors to reduce the time an attacker spends on a network and contain the damage, according to RSA President Tom Heiser.
The reality is that nation-states and cybercriminals have a better network for sharing information than we have.
Tom Heiser, president, RSA, The Security Division of EMC
Heiser delivered the opening message to college professors, government officials and business executives at the second annual Advanced Cyber Security Center conference held last week at the Federal Reserve Bank. The event, meant to foster cooperation between the government, private sector security start-ups and academia, focused on ways enterprises can better protect intellectual property, defend against financially motivated cybercriminals and develop technologies to secure critical infrastructure.
Heiser said he is seeing more organizations participate in small, collaborative forums to share intelligence. He pointed out that Information Sharing and Analysis Centers (ISACs) have helped foster more discussion about threats but the effectiveness of intelligence sharing can be improved.
"I think we do need that kind of vertical discussion and we also need to cut across horizontally and share this information across industries," Heiser said. "We must achieve balance to ensure we are operating at the same quality and level as our adversaries."
Advanced Cyber Security Center conference
Research projects focusing on embedded device security, system resiliency and security metrics are gaining the most attention, experts say.
Heiser was appointed president of RSA, The Security Division of EMC, in February 2011 in an executive shuffle that moved industry veteran Art Coviello to the role of executive chairman. The company has been advocating the need to build protections that defend against advanced persistent threats, after it suffered a serious data security breach which exposed the intellectual property of its SecurID two-factor authentication tokens. Heiser and other RSA executives say the attack was likely nation-state sponsored and meant to conduct cyberespionage on a much broader scale using the stolen data.
"The reality is that nation-states and cybercriminals have a better network for sharing information than we have," Heiser said. "We must find ways of sharing information and increasing the visibility of our networks."
Enterprises need to reduce the "dwell time" an attacker has once they have penetrated the corporate network, Heiser said. Doing so requires a mixture of threat intelligence gathering and more powerful analytical systems. "The quicker you find them, the quicker you can kick them out and the quicker you can address what they have done," he said.
One financial services CISO said his company is phasing out older, commoditized technologies in favor of a more proactive defense approach, closely monitoring the network and systems to better detect anomalous activities that could signal trouble, Heiser said.
"They're rebidding and taking money out of… older technologies applied 10-15 years ago, and repurposing those funds to build out higher analytics and new security analytics centers," Heiser said. "They're doing it because effectiveness of antivirus and perimeter based approaches are no longer what they once were."
While reports suggest intellectual property theft and cybercriminal attacks are increasing, Heiser said he is encouraged that the discussion about cybersecurity issues is happening at all levels of organizations. Heiser said boards of directors, senior executives and CIOs in the past year have raised the discussion about the threat landscape and how to protect critical data. "We need to speak in terms of risk mitigation," Heiser said. "We don't need to talk our language we need to talk through our lens."