Two years after suggesting that independent security vendors were headed for extinction, Art Coviello, president of RSA, is calling for “inventive collaboration” among vendors for dealing with the expanding range of threats facing business and government.
Delivering the opening address at the RSA Security Conference, Coviello said factors such as the sagging economy, the proliferation of new technologies and the growth of organized crime were driving the need for vendors to work with each other on key security practices.
Coviello's is a sentiment shared by multiple industry representatives at the conference, who said that the threat facing private and government networks called for a more unified response from all cybersecurity stakeholders.
“Our adversaries operate as a true ecosystem that thrives through interdependence and constantly adapts to ensure its growth and survival,” Coviello said. “For us to succeed against such advantaged adversaries, the vendor community must take the lead,” in building a similarly interdependent security ecosystem, he said.
The key to this happening is for vendors to stop viewing their technologies as “piecemeal” products aimed at addressing discrete security problems, Coviello said. Rather the emphasis needs to be on ensuring that each vendor's products works well with others' products to provide better information risk management opportunities, Coviello said.
“Technologies are still applied piecemeal from multiple vendors — cluttering the information landscape — leaving perilous gaps of risk,” Coviello said. “We must embrace a common development process that allows us to clean up this landscape, creating a more secure infrastructure today.”
The strategy within the security industry should be to have common standards around certain core functions such as security policy management, policy enforcement and policy auditing, Coviello said. Vendors also need to be willing to share technology — such as key management — where appropriate so as to accelerate the “growth and productivity of the ecosystem,” he said.
Enrique Salem, president and CEO of Symantec Corp., said that the record pace at which malicious activity has been growing necessitates a change from the single-vendor approach to security that has been the norm. Last year alone, Symantec alone created more than 1.6 million new signatures to deal with malicious code. “That's more than we've created in the last 17 years combined,” Salem said.
Attackers are increasingly moving away from mass distribution of a few threats to “micro-distribution” of millions of threats aimed at specific targets, Salem said.
Companies needed to bring together handling of security, storage and systems management tasks, he said. Such collaboration means “more visibility into what is happening in the external threat environment and internally across the organization,” Salem said.
Lt. General Keith Alexander, director of the National Security Administration (NSA), said in a keynote address at the conference the task of handling cybersecurity was too big for any one entity alone. Going forward, government, the private sector, and academia need to find ways to collaborate with each other to effectively dispel cyber-threats, he said.
The Internet is shared by not just the government or the military but all players, he said. Securing it effectively will require collaboration and sharing of information among all of the stakeholders, Lt. General Alexander said.
