Speaking of Security – The RSA Blog and Podcast

Over the weekend, three stories crossed my desk that got me thinking about the challenge that Art Coviello issued to the security industry in his RSA Conference 2012 keynote: to forge a  “collective resolve” to stand together against “a host of adversaries who threaten our very trust in the world’s digital economy”. The first of [...]

Security people are often viewed as gatherers. We gather security event data, collect logs for review, build documentation based on information about our environment, and group informational assets in like-valued groups to focus our defenses. I think we’ve got the gathering part down. It’s similar to our propensity to react. We may not be great at reacting (or more likely, we’re great at reacting at only a few things), but we get plenty of exposure to it.

Recently I was catching up on some RSS feeds1 and came across this interesting post from Trevor at ThreatSim entitled Fighting The Advanced Attacker: 9 Security Controls You Should Add To Your Network Right Now. After reading it, I had one of those “Ah-ha” moments where I looked at one of the recommendations and asked myself, “Why am I not doing that?”

RSA released the ninth installment of the Security for Business Innovation Council report last month, and through a series of blog posts on Speaking on Security, we’re going to analyze the various areas highlighted in the findings. Today I’m going to explore the concept of Intelligence-Driven Security. In our world, intelligence-driven means that information coming in from all of our available sources will influence our actions—some of which will become automated over time.

It’s 2012 and the reality of 2011′s shifting security landscape should have set in by now. As much as many of you may want to go back to the days of worrying about Anti-Virus definition files, basic patching, and a single border firewall as the makeup of your entire security posture, its time to take a serious look at how you will plan your defenses for 2012.

Last august, I wrote about needing a different answer to the traditional security problem because the changing landscape over time was making conventional protocols, applications and skill obsolete. I wrote there about time and intelligence: these are the essential assets in any security autonomic system. Why? To really boil it down to its basics, it’s a race. In a race, you care about being first, not second. Intel helps you run the race better and time is the only currency that matter. It’s a race to the data, and you want to win. So it’s all about time and intelligence.

If you have seen me speak over the last couple of months, there is a good chance you heard me talk about advanced threats, sometimes in the context of the RSA breach. Near the end of these talks I either flashed up a slide that had a checklist of things detailing changes we made, or [...]

By Chester Liu – Product Marketing Manager for the RSA Security Management Suite Have you ever been to a presentation or speech, and the speaker is just so ignorant about the very topic that he’s speaking on that you just want to shout out and correct him, but there are a hundred other people in [...]

The debate in Washington, DC over what the role of government should be to help improve our nation’s cyber security posture is in full swing as the U.S. Congress considers a range of policy approaches. Because cyber has emerged as a significant national and economic security problem, proposals range from handing the U.S. Department of Homeland Security new authority to regulate critical infrastructure to tasking the U.S. Securities and Exchange Commission to clarify corporate disclosure requirements for cyber security breaches.

We are very excited to participate in this year’s Gartner Security & Risk Management Summit on June 20-23 at Gaylord National Hotel in National Harbor, MD. This summit is an annual highlight due to the discussions around the latest challenges and best practices in security and risk management among practitioners, analysts, and vendors. RSA will be participating in a variety of ways.