If security vendors are to truly help customers strengthen their
infrastructure, they need to take a page from the cybercriminals, Art
Coviello told the crowd at the RSA opening keynote this week. The
adversaries have developed a collaborative ecosystem marked by
innovation and agility, he explained, one which works as well as any
interdependent system within the legal marketplace.
“This group has some unique advantages. Unlike you, they are not
bound by rule of law, they are not bound by SLAs beyond a basic honor
among thieves, and they are not bound by governance,” Coviello said.
“They collaborate, both offline to build their attacks and online in
real time. And they've found ways to create relationships to build
their supply chain.”
In order to succeed against such adversaries, the security community
needs to do a better job of working together to build a common security
framework.
“Security technologies are still being applied piecemeal, cluttering
the landscape and leaving perilous gaps,” Coviello said, explaining
that this approach sprung forth from IT's ad hoc development.
“If you think about it, our core business structures evolved with no
overarching design or master plan,” Coviello said. “As new
technologies emerged, they were stacked one on another in what one IT
executive in the audience referred to as a leaning tower of technology
on the brink of collapse.”
As a result, too many security products have been designed to only protect a single element of the infrastructure.
Coviello's vision of collaboration revolves around taking the four
steps of security—policy management, policy decisions, policy
enforcement and policy audits—and decoupling them from the point
products so that these steps are performed across the entire
infrastructure in one cohesive step. As he explained it, such a
decoupling shouldn't strip individual point products of function, but
instead should allow them to work interdependently.
“No one wants to know if one particular point product is working;
they want to know if the entire (security) infrastructure is working,”
Coviello said. “In the Web 2.0 world, we've seen the power of mashups.
So why not in the security world?”
As he explained, the answer is not a single cohesive product from
one vendor. Instead, it requires 'inventive collaboration' from a
number of partners to interweave their solution into an adaptable
ecosystem as good as the bad guys'.
Coviello outlined three ways the security vendor community can
breathe life into this ecosystem. First, vendors must collaborate more
on security standards.
Second, they have to be better about sharing technology with one
another in order to improve their firepower against the criminals.
And last, they need to enhance technology integration in order to embed security into the infrastructure.
Security practitioners out in the field also have a role in this
collaborative process, Coviello said: “Vendors must take the lead, but
practitioners must demand this of us.”
