Speaking of Security – The RSA Blog and Podcast

My blog today reflects on newly published research from Jon Olstik at ESG (from whom I borrowed the title of this blog), which covers the collision of advanced threats, security monitoring, SIEM, big data technologies and techniques, and organizational security maturity. In the paper Jon clearly brings forward his argument – with which I completely agree – that security threats have changed and thus the tools used and approaches for defense need to change significantly. I recognize this sounds a bit clichéd, but read the paper and you will see that there is a clear argument and evidence to back up this claim. One very obvious technical trend is that the flood of security data that is required to provide the visibility that is necessary to improve the organization’s defenses, have gone up — way, way up.

I recently had the pleasure of attending the annual EMC World user conference in Las Vegas, NV. And it was, in my opinion, immensely informative, not just for me but for EMC, RSA and all of its partners and customers. The sessions and Solutions Pavilion were lively and engaging, the keynotes had the production value worthy of most Hollywood movies and the topics were relevant for today’s IT and security managers.

For a CIO, CISO, or anyone else who oversees IT security, it’s critical to have a maturity model in hand. You will never reach your desired end-state by simply buying the right product or building the right org structure. You have to get there in stages, perhaps starting by implementing a rigorous risk assessment process, then building a world-class security operations center.

Incident Management is a broadly used term but in our world of network security, it is inherently defined as the process an organization uses to identify, investigate and remediate a potential or real threat to their network resources and users.

On a recent visit to a number of companies with an increasing focus on IT security, a sense of common frustration was beginning to develop. The levels and number of security issues were a concern, and keeping ahead of the security risks has lots of CSO’s scrambling to show they are on top of these high visibility issues.

More and more organizations are deciding to “go virtual.” And why not? The benefits are numerous–optimized resources, increased efficiency and a more dynamic infrastructure, among other things. IT departments around the world are collectively champing at the bit to deliver a centralized, optimally partitioned, easily scaled (yet physically small) data center. Shutter those football-field-sized data centers and open the door to a minimalist IT operations center. Sounds perfect right?

Welcome to one of Speaking of Security’s newest blogs completely focused on security management, something we’re calling Security Management Insights or SMInsights for short. I am honored to author the initial post in which should be a highly active and thought provoking forum for dialogue related to the challenges facing today’s information security professionals. This is a team blog so you will benefit from hearing from a multitude of product managers from the products and solutions which comprise RSA’s emerging Security Management Suite. We continuously receive the opportunity to interact with customers and analysts and will use this blog to share insights about organizations’ security challenges and strategies.

The question of “why” EMC has acquired NetWitness will no doubt come up (beyond the fact that they are the obvious market leader with awesome technology) and how do they fit? Over the next few months that will become increasingly clear and in fact obvious if it isn’t already, but I thought I’d start with a simple analogy that I will connect first with RSA enVision (i.e. with Security Information and Event Management or “SIEM”) and then with RSA Archer (i.e. with Governance Risk and Compliance or “GRC”).

Any discipline when sufficiently advanced will exhibit many of the same traits, building as Art Coviello mentioned on Tuesday in his keynote, on the shoulders of giants. The painful work of building wisdom, learning to work together and establishing procedures for what once seemed impossible can eventually make miracles commonplace.

In any system, the feedback loop is essential to governing the process, whether that’s done through manual inspection or automated feeds. In security, the SIEM performs this essential role of collecting and correlating information on what is happening across the security controls. Building out the set of collection points and strengthening the correlation across those elements to deliver real intelligence about the system is key to an effective SIEM in particular and to security management in general.