Home > All, Security Issues > The future of security is analytics and sharing – in conversation with RSA’s Uri Rivner

The future of security is analytics and sharing – in conversation with RSA’s Uri Rivner

September 27, 2011 Leave a comment Go to comments

I was talking to Uri Rivner – as one does – about the future of security. Uri is Head of New Technologies, Identity Protection at RSA; and knows a thing or two.

But first a background. Security isn’t working. Ask Google or Sony or Nintendo or Mitsubishi or, indeed, RSA. Nobody is saying we need to chuck out all our existing security products and processes; but we need to do more to make it work. And that’s what we were talking about.

Uri Rivner

Uri Rivner, security expert at RSA

“Two things.” said Uri. “Firstly, in the future you will see more advanced analytics: automated detection systems, like the on-line banking fraud detections systems or online credit card fraud detection systems. We will see things that are automated and will learn, rather than have to rely on the rules that an expert writes.” At the moment, much of our attack detection is based on the rule definitions of our security experts; and it is difficult to write a rule to detect something we’ve never seen before. “Computers,” added Uri, “are much better at finding software attacks.”

Hold on to that thought: the future of security is in advanced, intelligent, automated analytics.

“Secondly,” he continued, “the future will include data sharing. Corporates today just don’t share their data with anyone else. If you are under attack, you’re on your own. But the future will have to include some level of data sharing in realtime. There will have to be some way to collaborate in realtime, so that rather than relying just on your own security operatives, you actually rely on the industry’s wisdom to help you find these attacks. In many cases the attackers don’t go after a single specific target; they go after lots of targets within a certain industry or country. So it will be crucial to share data in realtime.

“How will we do it? As always, the devil is in the detail. Not all of the technologies or directions are ready yet. There are tools and technologies that are being deployed as we speak, but I would say that it will take the industry a couple of years to actually do something that has a fighting chance against APT-type attacks.”

There are indeed many problems; not least the reluctance of one company to share information with another company that might be, or become a competitor. Government seems to be a good starting point, where inter-departmental co-operation can be mandated before ultimately evolving into inter-governmental collaboration. But governments are naturally secretive: they believe their function is to gather intelligence, not to share it out. And then there’s the legal pitfalls of multiple legal jurisdictions, each with subtly different data protection requirements.

But Uri insists on both the necessity and inevitability of data sharing. “The idea is not,” he continued, “to configure a big shared repository and say, hey, we’re under attack. We have to be more subtle. We have to abstract the data, anonymise the data, and we have to do all the things that will make it even legal to share data between competing operations and different countries. But the bottom line is this: we have to do it; it’s a must.

APT Findings

What CISOs want – from the RSA/TechAmerica APT Summit

“Ask any US CISO,” he continued. “The USA has been heavily attacked over the last 18 months, and all the CISOs agree: we want to share data, we want it at machine speed and in realtime, and we don’t want to share it several days later. So we need to work out how we can do this and be both legal and practical. It will happen at some point. The banking sector is already doing this. They actually share data in realtime. Not everybody knows this, but it’s one of the measures the banking sector has already taken. If bank A is being attacked – I’m talking about financial fraud here, not APT – by some hacker or criminal and they learn about it, automatically it goes into a central repository which means that everyone is now protected from this attack. There are ways to solve this sort of thing. Exposure, legal issues, customer trust issues – there are ways to share data.”

So the future of security is in the combination of large-scale automatic and intelligent analytics with wide-scale security data sharing. Now here’s a co-incidence, and it really is purely a co-incidence: on Thursday a new security product that fulfils the first and could be used for the latter will be announced. I’ll tell you more about that on Thursday.

RSA
APT Summit Findings

Categories: All, Security Issues
  1. September 27, 2011 at 12:30 pm

    I agree with Uri; real-time collaboration provides the best way to find the threats fast and first.

    It allows the defences to investigate the threat at the time the first person or system is attacked, then report the results back to the rest of the systems or users that are in the shared ecosystem. This provides a wider data-set of information compared to organisations trying to run defences that go it alone.

    This sharing of data is already happening (anonymously, as Uri states) for malware delivery networks and phishing sites – as an example more than 75 million employees, consumers and mobile users share their data through the WebPulse cloud network – delivering billions of pieces of data a week into the system for the WebPulse cloud service to investigate and rate individual URLs and web objects for various threats.

    Just think, if all global Internet users were connected, perhaps phishing sites and malware creators would go out of business as the maximum number of victims they are likely to catch would be one per instance. Even then, WebPulse aims to inspect and catageorise a URL for the first user who stumbles apon it, so defending even the initial victim.

    As a quick advert – anyone who wants to join the WebPulse ecosystem to safeguard themselves and share with the rest of the users can do so free of charge by downloading the PC application K9 http://www.getK9.com or the iOS browser K9 for iPhone/iPad/IPod Touch.

    Like

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s