Yoran: Solve cybersecurity challenges with creativity, encryption

Amit Yoran kicked off RSAC 2016 by publicly backing strong encryption, denouncing the 'going dark' debate and calling for more creativity in cybersecurity.

SAN FRANCISCO -- RSA President Amit Yoran opened the 2016 RSA Conference by saying that solving cybersecurity challenges will not be a matter of implementing new technologies, but mimicking the strengths of the industry's adversaries.

Yoran essentially used his keynote to start this year's RSA Conference (RSAC) as a sequel to his keynote from last year, because his future boss, Michael Dell, told him to give explicit guidance on how to fix the infosec problems Yoran laid out last year.

Artificial intelligence (AI) and machine learning are expected to be hot topics at RSAC 2016. Yoran said the technologies will hold "incredible promise" for transforming security, and noted the release of RSA's own behavioral analytics module, which he called "security analytics magic."

However, Yoran quickly warned that despite marketing campaigns, behavioral analytics tools and AI are not magic.

"All forms of analysis in a stovepipe -- be they malware in a sandbox, end-user behavior or threat intelligence -- can readily be bypassed, which is why pervasive visibility and understanding are foundational," Yoran said. "No matter what any vendor claims, there is no magic that will save us."

Yoran said AI will continue to struggle when it comes to understanding cybersecurity, because AI only works under certain rules.

No matter what any vendor claims, there is no magic that will save us.
Amit Yoranpresident, RSA

"Games like Go take place in a finite universe -- a Go board. They have extremely well-defined sets of boundaries -- the rules of the game. And most critically, all players -- human and machine -- must follow a constant, well-defined set of unchanging rules," Yoran said. "And that is pretty much the same case for all successful applications of AI -- knowable, static rules that can be modeled for sufficient lengths of time, with everyone playing by the same rules."

Yoran said the cybersecurity challenge is infinitely more complex, because adversaries don't follow any rules at all.

"If you could unveil our opponents, you'd likely see creative humans who are changing the rules as they play," Yoran said. "Our problem is not a technology problem. Our adversaries aren't beating us because they have better technology; they're beating us because they're being more creative, more patient, more persistent ... and have a virtually limitless number of pathways to explore."

Yoran said the solution is simple: The cybersecurity industry needs to "leverage our own creative, curious, problem-solving analysts, and set them loose to track down and hunt for our opponents."

Yoran admitted there is a scarcity of security talent, but had blunt advice in that regard: "Stop whining."

"If you don't have hunters, grow them -- or at least don't stand in their way. Let them evolve into the hunters you need," Yoran said. "People are naturally curious. Free your people to chase the why. Allow, train and equip them to become hunters. Focus on empowering them with the tools that can fuel their curiosity and enable them to find the answers they seek."

Although Yoran said creativity would be the most powerful tool for the infosec industry, he mentioned a number of technological issues that would also be important, including identity assurance and governance, which are new features found in RSA Via.

"Authentication and identity management have come roaring back to the forefront of security conversations, as the abuse of identity has become a key component to virtually every sophisticated attack, far outpacing malware attacks as the most prevalent attack vector," Yoran said. "Passwords suck. But even strong multifactor authentication needs the added perspective of fluid contextual awareness. In addition to managing and strongly authenticating our identities, we need to monitor and govern them more effectively. But visibility into these identities will only take us so far."

Yoran mentioned a few times throughout the keynote that enterprises need to increase visibility into the packets on corporate networks. However, Yoran didn't mention the potential issues of the increased use of encryption as a barrier to that visibility.

"We need visibility into the full capture analysis of what's happening on our networks. We need to understand the telemetry that we can get from our endpoints to see exactly what's happening in our environments. Logs are simply not enough. Comprehensive visibility is the base building block for obtaining truly insightful analytics and scoping out incidents correctly."

RSA stands up for strong encryption to solve cybersecurity challenges

Even before Yoran took the stage for RSAC 2016, the company showed a video briefly covering the history of security and government attempts to gain access to communications systems. There was mention of the Clipper chip and other failed attempts, but the ultimate message was that strong encryption is vital to security. The video even implied the history of the RSA Conference is in protecting encryption.

Yoran said the private sector can't be responsible for driving security alone, and the U.S. government needs to enact policies that help security and build talent by investing in education.

"We frequently see governments muddying the waters by allowing intelligence communities and law enforcement to dominate national cybersecurity policy and initiatives," Yoran said. "Their position and agendas are radically different from those trying to defend networks."

Yoran said some policy initiatives, such as weakening encryption, are "so misguided as to boggle the mind."

"In an era where cybersecurity is consistently cited as the single greatest threat to our way of life -- above terrorism and all else -- how can we possibly justify a policy that would catastrophically weaken our infrastructures?" Yoran asked.

Yoran echoed the sentiment of former CIA and National Security Agency chief Michael Hayden in saying that despite the "going dark" debate, "we live in a Golden Age of surveillance."

"Weakening encryption is solely for the ease and convenience of law enforcement when pursuing petty criminals," Yoran said. "No credible terrorist or nation-state actor would ever use technology that is knowingly weakened. However, if you weaken our encryption, you can sure bet that the bad guys will use that and exploit it against us."

However, Yoran had good things to say about government initiatives in the infosec space. He lauded the efforts of the Department of Commerce in updating the Privacy Shield framework -- formerly Safe Harbor -- updating the NIST cybersecurity framework, and the many definition languages, such as STIX, that allow for interoperable tools.

At the end of the day, Yoran said the public and private sector need to think differently when it comes to cybersecurity challenges.

"Security is not for the faint of heart. The cyber world is a dangerous place, but not one that can be avoided. If we are going to survive, we need to follow the same rigorous processes in planning and preparation," Yoran said. "Let's reclaim our heritage of intellectual curiosity and rekindle that crazy, creative spirit that brings diverse perspectives. Remember: You are how you behave. Our industry needs to wake up, so what are you going to do differently this year?"

Next Steps

Security experts say lawmakers and politicians don't understand the encryption backdoor problem.

Discover why a group of cryptologists and large technology firms, including Apple and Google, are urging the U.S. government to preserve strong encryption.

One survey suggests cybersecurity strategy must improve to keep up with threats -- and the experts agree.

Dig Deeper on Security industry market trends, predictions and forecasts