Monthly Archives: March 2013

Mar
28
2013

RSA Conference 2013

Posted by

Cyber security was the theme of this year’s RSA Conference in San Francisco 26-28 February.   Of particular note, were numerous presentations and products that concern the growing scale of tools  needed to combat today’s cyber attacks; the growing sophistication and “organization” of attackers (to include criminal groups, cracker groups, state actors, and non-state actors); and the “intelligence” that attackers gather on how enterprises protect themselves and the high-cost/generally low priority given to cyber defense.

Some common themes:

  • Large enterprises must rethink their cyber defense capabilities in light of the intensity and diversity of attacks, the extraordinary value of any lost data – real and perceived, and the scale limitations (and costs) of today’s technologies.
  • There is a need to expand the information sharing capabilities of products…not only within the product families but across product families.  An attack detected needs to share the attack parameters, rapidly, with a wide body of parties in order to quickly adapt national infrastructures to protecting/mitigating any attack.
  • Nationally, there is a need to develop standards, across product lines, that will provide the capabilities to rapidly exchange cyber attack information, while protecting privacy – thus forming the ecosystem for an agile cyber defense.
  • Enterprises should incorporate security/cyber risk management with other risk management assessments (typically focused on more business decisions) thus security risk is a component of the business risk.

Thus:

  • We need the ability to defend against the intensity and diversity of cyber attacks.
  • We need the ability to share information…not only within the product families but across product families and across providers; we need a cyber defense ecosystem.
  •  We need the ability to rapidly exchange cyber attack information, while protecting privacy.
  • We need the ability (and direction) to incorporate security/cyber risk management with other risk management assessments (typically focused on more business decisions) thus security risk becomes an equal component of the business risk and success.