SAN FRANCISCO -- Following his keynote address at the RSA Conference this week, RSA Executive Chairman Art Coviello sat down with SearchSecurity.com to expand on his view of big data in the security industry. Picking up on one of the main themes of his keynote presentation, Coviello said that deriving intelligence from big data analytics "means we don't have to be just be responding to attacks anymore. It doesn't matter if we don't...
know exactly how they're going to attack us."
The whole game here is to shift away from a prevention regime -- big data will allow you to detect and respond more quickly.
RSA executive chairman
"The whole game here," Coviello continued, "is to shift away from a prevention regime -- big data will allow you to detect and respond more quickly."
While emphasis of the keynote was optimistic about big data, Coviello is nevertheless aware that it's equally true that the shortcomings of current mainstream security products are part of what drives interest in it. He said that a gap developed over the past few years between what security could offer and the number and complexity of the attacks their customers faced. He described much of the conventional perimeter and endpoint security technology as "tired."
One example of a "tired technology" is security information and event management (SIEM), he said. "There are lots of organizations that haven't even adopted SIEM, and it's already virtually obsolete -- not in the sense that it doesn't do what it purports to do, but because if all you're doing is collecting and correlating log data, it's not scaling." Add more data sources than log files, he said, and the scaling problem becomes that much worse.
Antivirus is even more of a problem, insofar as its failures undermine even better-than-average authentication approaches. "Now, SecurID still works very effectively," he said, referring to RSA's signature hardware authentication token product. "Unfortunately, because antivirus doesn't work, you could have a Trojan on your computer, and even though you presented the right credential, you need additional means to be able to understand that someone else has taken advantage of your session and they are doing anomalous things.
"We have to up our game by adding more value to authentication to compensate for the inability of old-style controls to do their jobs. Ultimately we ought to have a goal of continuous authentication. In other words, you don't just present the credential once and then have a couple of other factors to look at, but you're continually monitoring the person's behavior and requesting updates to his credentials if you see anomalous behavior."
As for how you detect the ongoing changes in context, the degree of confidence that the user hasn't been compromised, and the need for additional authentication: Big data.
View all of our RSA 2013 Conference coverage.