SAN FRANCISCO -- It's time for the information security community to stop pointing fingers at malicious actors and emphasizing the burgeoning threat landscape, and instead begin evolving enterprise information security strategy and infrastructure to emphasize big data
We make the mistake of trying to design durable entities, when we should be designing systems that prove to be anti-fragile.
Art Coviello, RSA
That was the overarching message from Art Coviello, executive vice president of RSA, the security division of EMC, during his keynote address Tuesday to open the 2013 RSA Conference.
Coviello offered blunt criticism of those who -- following a brazen series of recent nation-state-driven attacks highlighted by the breach at Apple Inc., Facebook Inc. and the New York Times Co. -- remain focused on identifying the perpetrators of each attack, when the attackers' identities are either fairly obvious or largely irrelevant.
"Do we really need to see a smoking gun to know there's a dead body lying on the floor?" asked Coviello. "I'd rather ask, 'What are our governments going to do about it, and what are we going to do to better defend ourselves?'
"There's a whole host of geopolitical issues here that are well above my pay grade," Coviello added. "But it's clear to me, as it is to all of you that … all nations need to be governed by rule of law and respect for property, not just in word, but in deed."
Coviello also condemned what he called the "PR gap" in information security, with many in the press believing the cybersecurity threat is over-hyped. As an example, he referenced the Wired magazine article published last year that criticized former White House cybersecurity official Richard Clarke for calling U.S. critical infrastructure highly vulnerable, largely known to be true within the industry.
Yet some of the blame for that gap between perception and reality, Coviello said, lies with security professionals.
"FUD-oriented marketing, fingers tossed around, terms like 'cyber Pearl Harbor'…may raise awareness, but do nothing to improve the broader understanding of the situation," Coviello said.
Practitioners' ongoing defense efforts are further complicated by the continued rapid growth of stored digital data and Internet-connected devices, Coviello said.
According to Coviello, stored digital content is doubling every two years, reaching 1 zettabyte last year, the equivalent of 4.9 quadrillion books; unstructured data is already five times larger than the amount of existing structured data, and is growing three times faster.
At the same time, Coviello said, estimates suggest the total number of Internet-connected devices is expected to approach 1 billion this year -- including devices like vending machines, smart meters and automobiles -- and by 2020 as many as 200 billion devices could be online.
"We are at a critical crossroads," Coviello said. "We are at the next evolution of the information age, with this convergence of big data, mobile, cloud, and as we face an equally evolving threat landscape, it's clear our cause is new and we must act anew."
To that end, Coviello discussed the concept of intelligence-driven security systems that he touted in his 2012 RSA Conference keynote, but drew from the title of the Nicholas Taleb book, Antifragile, to describe how enterprise security architectures must possess the capacity to become stronger or smarter in response to attacks or disorder.
"We make the mistake of trying to design durable entities," Coviello said, "when we should be designing systems that prove to be anti-fragile."
He said that model should allow for rapid detection and response to attacks, applying big data analysis to security management and the application and development of individual security controls.
"Because sources of security data are almost limitless, the requirement for security management is going to go well beyond traditional SIEM," Coviello said. "We've reached the limits of that technology."
In outlining his action plan for enterprises, Coviello called for what he described as a "transformational security strategy" that transitions security infrastructures into intelligence-driven systems, incorporating big data capabilities as they become available.
Specific pillars of Coviello's plan include: creating a shared data architecture that allows security information to be captured, normalized, analyzed and shared; migrating from point products to a unified security architecture using open, scalable tools; strengthening data sciences skills by adding data analysts or outside partners to manage big data capabilities; and augmenting internal threat analysis with external threat intelligence feeds from as many sources as possible.
"We must operate independent of and in concert with the threat environment and other environmental changes," Coviello said. "I don't mean to imply we're headed to some security utopia, but … this model is future proof, even if the operation of it isn't."
View all of our RSA 2013 Conference coverage.