RSA: Collaboration among vendors key to future success

Share this article:
Cybercriminals play a different kind of game than the rest of the law-abiding world, which makes it that much more difficult to stop them, a security leader said during Tuesday's opening keynote at the RSA Conference in San Francisco.

To stop them, the security industry must recognize that it has strength in numbers.

“Cybercriminals are not bound by any law, service level agreement or governance and compliance requirements,” said Art Coviello, executive vice president of EMC and president of the company's security division, RSA.

Coviello opened what he termed as the largest gathering of security professionals in the world with an overview of the threats the security community currently faces, and outlined a process that he believed necessary to not only thwart cybercriminals, but streamline technology processes as well.


“Our adversaries are organized, purposeful and effective,” he told the large crowd. “They can update bots and AV signatures as fast as they're rolled out. Their supply chain is effective. This is what we're up against.”


The first initiative he proposed was that the vendor community must take the lead to build a security ecosystem.

“We need to be far faster and flexible than cybercriminals,” he said.  “And to achieve this, we need a common development process to support risk management.”


He also spoke of how technology can fuel economic recovery by being cost-effective in this process.


“Security today is viewed as too costly and not effective enough,” he said.


Coviello then addressed how emerging technology is taking center stage; for example, cloud computing is being adopted quickly.


The vendor community, he said, must remember the goal is information risk management, which he broke down into four components: policy management, policy decision, policy enforcement and policy audit.


Fraudsters poke at the infrastructure until they find a hole, he explained.

“The real breakthrough comes when we decouple individual components so core, shared functions can be applied broadly, and systems can adapt to circumstances," he said. "It's the very essence of an ecosystem."


Integrating efforts will provide flexibility and strength, he said, adding: “It will allow us to reduce costs and beat criminals.”


But this initiative cannot be done by a single suite from an individual vendor. He called for what he termed inventive collaboration: interweaving expertise of one organization with another.


“We must collaborate on standards," Coviello said. "We need to share technologies, making them more accessible. Enhanced technology integration will create a common language of policy and risk”


He then outlined how virtualization offers a new place to embed security technologies.


“We are on the verge of a shared development process fostered by collaboration that will change the basis of competition,” he said. “Vendors must take the lead, but practitioners must demand this of us. We can fight cybercriminals and reignite innovation.”


He summed up his presentation with an African proverb: If you want to go fast, go alone; if you want to go far, go together.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in News

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.