SINGAPORE--The security breach involving its token technology in March not only provided valuable lessons for RSA, it spurred new thinking and capabilities for the security vendor and its customers, said executive chairman Art Coviello.
In an interview with ZDNet Asia Tuesday, nearly eight months after the breach took place, Coviello reported that "a number of innovative ideas" had resulted from the sophisticated attack, which was responsible for the theft of information relating to its SecurID technology.
The executive cited Panorama as the most recent innovation. Set to be launched next month, Panorama blends capabilities of RSA's security information and event management (SIEM) product with those in NetWitness offerings for higher-level, more contextual correlation and analysis to help organizations detect attacks. EMC, the parent company of RSA, closed its acquisition of NetWitness in April 2011.
"There is no such thing as a perfect security system," Coviello said. "The objective is not to stop an individual attack [but] to recognize an attack as quick as possible and shrink the window of vulnerability. What is required is a system that is resilient enough to identify compromised elements of an infrastructure, isolate them and make them harmless."
According to Coviello, the most important lesson RSA learnt from the attack is that people are true security parameters of any organization.
With people being the "first line of defense", RSA wants to be able to "detect unusual patterns of behavior", he said. Internally, the company is strengthening its infrastructure with more pervasive networks and capabilities, data loss prevention technologies and reconfiguring SIEM technology--based on their knowledge of the attacks, he explained.
Coviello added that RSA has been working hard with law enforcements to find out possible instances of attacks, and working with customers on remediation efforts.
On regaining customer trust, the executive noted that the company's approach has been to be "very open and honest" with clients, sharing lessons it has learnt from the breach as well as educating them on evolving threats such as advanced persistent threats (APTs), and more importantly, demonstrate its competence to help customers.
Coviello also clarified that even though "overwhelming circumstantial evidence" pointed to a nation state as responsible for the attack, RSA will not single out any particular country based on its experience with law enforcement and its own view of sophistication.
"There is no forensic evidence to trace the source of this attack or destination of infiltrated information," he pointed out. "It will be irresponsible for us to do so without this 'smoking gun'."
Security strategies must evolve with cybercrooks
Coviello warned that criminals are increasingly tapping APTs, as opposed to "noisy attacks" with forensic evidence such as credit card or database hacking incidents.
Cybercriminals today use compound attacks--using the same information to attack one company after the other, he explained, adding that stealth and patience typically lead to a bigger pay-off. Traditional attacks, on the other hand, "cast a broad net in the hopes of catching a few fishes".
There will also be more attacks from anti-establishment activists, also known as "hacktivists", whose intentions are political and objectives and to embarrass and punish organizations that offend or disagree with their viewpoints, he said.
Yet, many organizations still manage risk "myopically", Coviello noted. They look at risk "inside-out", but they do not look at it from an "outside-in" perspective, he explained, urging that organizations must think not only about who is attacking but why and how they are doing so.
Organizations, he cautioned, must change the way security is handled as well as be aware that IT environments have more information moving at greater speeds and accessed by more entry points. To that end, security must become more dynamic, adapting to circumstances in real-time.
Touching on the security landscape in 2012, Coviello noted that there will be a trend toward "security-as-a-service", to keep up with threats and supplement the "relatively modest" resources that most companies have. There will also be more emphasis on security for virtualization, especially around virtual desktop infrastructures and capabilities for advanced continuous monitoring, he added.