Infosec is “fundamentally broken”. That was the bold claim today from Amit Yoran, the president of RSA and former cyber-security director at the US Department of Homeland Security.<\/p>\n
He was speaking this morning at RSA Middle East in Abu Dhabi, a place, he said, where “if it isn’t gold, it isn’t welcome”.<\/p>\n
Infosec is an industry that wastes billions of dollars on firewalls and policing network perimeters, things that \u201cmake us feel safe\u201d but don’t address real problems.<\/p>\n
Look at the major breaches of recent memory, said Yoran, and you will find companies that were attacked despite using next-generation firewalls and high-level software that, for all their cost and promise, allowed massive, embarrassing and harmful breaches.<\/p>\n
\u201cToday’s threats are from aggressive professional actors,\u201d said Yoran before proceeding \u00a0to dump on that \u201cglorious and useless money pit, we call the SIEM.\u201d<\/p>\n
Security Information and Event Management is widely used for cyber-security data management even though aggressive professional actors clearly have little time for it. It’s responsible, according to Yoran, for detecting advanced threat breaches less than one percent of the time, and yet, somehow the SIEM market is growing.<\/p>\n
It’s indicative of an industry asleep at the wheel, and if nothing is done, warned Yoran, \u201cit’s going to get worse”.<\/p>\n
And with that, Yoran presented four points to, at least in part, ameliorate this unfortunate situation.<\/p>\n
First, advanced protections fail, he said: \u201cDon’t make the mistake of thinking that an anti-malware solution is a strategy.\u201d You can put as many walls up as you want, but sooner or later\u00a0an adversary is going to find a way around, under or over them.<\/p>\n
Second, we need pervasive and true vulnerability awareness,\u00a0all the way from the network to the endpoint and into the cloud. \u201cYou wouldn’t do brain surgery in the dark,\u201d Yoran reminded the audience.<\/p>\n
Don’t act first, think first, he said. The single biggest mistake of any cyber-security team after breach is to try and clean up their system before understanding the extent of the breach.<\/p>\n
Third, as attackers get more determined, more creative and pick their targets more carefully, identity and authentication is going to get even more important. Malware, while still big, was the primary attack vector in less than half of recorded cases. Instead, attackers steal access credentials and just \u201cwalk right in\u201d.<\/p>\n
Yoran issued the grave reminder that your most important user accounts are to be the least trusted: \u201cDon’t make the mistake of trusting the actions of the trusted\u201d because they’re the ones mostly likely to be attacked.<\/p>\n
Finally, you have to establish where your crown jewels are, your most important data, and then defend them \u201cwith everything you’ve got\u201d.<\/p>\n
As he started, so he finished. Yoran concluded with yet another bold claim for himself and the RSA: \u201cWe’re on a very aggressive path to change a paradigm that the security industry has been on for decades\u201d \u2013 and the problem is not technology, but mindset.<\/p>\n
While most are \u201csailing on the same maps even though the terrain has changed,\u201d the RSA, Yoran told the crowd \u201chave sailed off the map\u201d.<\/p>\n