The move to an intelligence-driven security model

Image: Internet cables are seen at a server room REUTERS/Kacper Pempel

Albert Einstein defined insanity as doing the same thing over and over again and expecting different results. Reflect on that for a moment.

For the past 10 years, the Internet has become a ubiquitous form of communication. Growth of digital content and use of mobile devices have soared, organizations have opened their infrastructures to enhance productivity and, for our reflection on Einstein’s quote, as nation states, criminals and hacktivists have taken obscene advantage of all of us. Meanwhile, IT organizations have continued to construct security infrastructures around a disintegrating perimeter of increasingly ineffective controls.

If you have heard my opinions before about the need for change, maybe you think I am the insane one. Perhaps that is the case, but in the past year I have talked with many security executives and get agreement that a new model of cybersecurity makes sense. What is it? An intelligence-driven security system consisting of multiple components:

1. A thorough understanding of risk
2. The use of agile controls based on pattern recognition and predictive analytics
3. The use of big data analytics to give context to vast streams of data to produce timely, actionable information
4. Personnel with the right skill set to operate the systems
5. Information sharing at scale

How do we move from traditional security to intelligence-driven security?

First, we need to address security budgets. The vast majority of the spend is still preventive and perimeter-based, static and inflexible, making it increasingly difficult to timely detect a breach and have the capability to respond fast enough to avoid loss.

Second, the capability to respond to threats is not just about technology. We face a severe skills shortage. We need to work on ways to find new talent or train new talent. The number of security professionals worldwide needs to increase from 2.25 million today to 4.25 million by 2015. Where are they all going to come from?

Third, there is a need for more understanding and information sharing. We need context, not a list of the latest breaches – a broader and more collaborative understanding of the problems we face and the enemies we are fighting.

The implication of these forces holding back security is that security models are not moving fast enough to make the transition from perimeter-based to intelligence-based security, while adversaries become more sophisticated.

Why should any of this matter to you? It’s a cliché, but we are only as strong as our weakest link and we are interdependent as never before. Attacks on one of us have the potential to be attacks on all. My position is that we are truly crazy if we don’t act and change. You don’t have to be Einstein to figure this out.

Author: Art Coviello is Executive Chairman of RSA, The Security Division of EMC