Security Tips From Crooks

If security vendors are to truly help customers strengthen theirinfrastructure, they need to take a page from the cybercriminals, ArtCoviello told the crowd at the RSA opening keynote this week. Theadversaries have developed a collaborative ecosystem marked byinnovation and agility, he explained, one which works as well as anyinterdependent system within the legal marketplace.

?This group has some unique advantages. Unlike you, they are notbound by rule of law, they are not bound by SLAs beyond a basic honoramong thieves, and they are not bound by governance,? Coviello said.?They collaborate, both offline to build their attacks and online inreal time. And they’ve found ways to create relationships to buildtheir supply chain.?

In order to succeed against such adversaries, the security communityneeds to do a better job of working together to build a common securityframework.

?Security technologies are still being applied piecemeal, clutteringthe landscape and leaving perilous gaps,? Coviello said, explainingthat this approach sprung forth from IT’s ad hoc development.

?If you think about it, our core business structures evolved with nooverarching design or master plan,?  Coviello said. ?As newtechnologies emerged, they were stacked one on another in what one ITexecutive in the audience referred to as a leaning tower of technologyon the brink of collapse.?

As a result, too many security products have been designed to only protect a single element of the infrastructure.

Coviello’s vision of collaboration revolves around taking the foursteps of security?policy  management, policy decisions, policyenforcement and policy audits?and decoupling them from the pointproducts so that these steps are performed across the entireinfrastructure in one cohesive step. As he explained it, such adecoupling shouldn’t strip individual point products of function, butinstead should allow them to work interdependently.

?No one wants to know if one particular point product is working;they want to know if the entire (security) infrastructure is working,?Coviello said. ?In the Web 2.0 world, we’ve seen the power of mashups.So why not in the security world??

As he explained, the answer is not a single cohesive product fromone vendor. Instead, it requires ‘inventive collaboration’ from anumber of partners to interweave their solution into an adaptableecosystem as good as the bad guys’.

Coviello outlined three ways the security vendor community canbreathe life into this ecosystem. First, vendors must collaborate moreon security standards.

Second, they have to be better about sharing technology with oneanother in order to improve their firepower against the criminals.

And last, they need to enhance technology integration in order to embed security into the infrastructure.
Security practitioners out in the field also have a role in thiscollaborative process, Coviello said: ?Vendors must take the lead, butpractitioners must demand this of us.?