For IT security teams, managing and prioritizing the endless list of known enterprise systems vulnerabilities can seem like a hopeless game of Whack-a-Mole. Just when one problem is knocked down, another one invariably pops up somewhere else. The real risk, however, comes in the form of not knowing which ‘mole’ to ‘whack’ now and which to address later.
RSA has the answer in the form of a new solution released today at RSA Conference 2013. The new RSA Vulnerability Risk Management blends a powerful mix of Big Data, analytics and the RSA Archer GRC platform to help bring order and sanity to patch management.
Building an intelligence-driven security organization will be a game changer for organizations struggling with defending against cyber attacks and intrusions. The launch of RSA Security Analytics earlier this year was a big step in our mission to help customers address these challenges at the network level and today we take another step forward for endpoint threat detection with the launch of RSA ECAT V.3.5.
We all see the headlines every day — cyber-attacks, cybercriminals, targeted attacks, state-sponsored hackers – there is a never-ending pipeline of governments, enterprises and other organizations that have been compromised. Trying to secure the dissolving perimeter of a modern enterprise, and using signature-based technology such as anti-virus to detect advanced threats, is fighting yesterday’s battle with antiquated weapons. Today CISOs need to work on the assumption that with the hyper-connectivity and increased openness of IT infrastructures, they will have to defend against threats from inside their networks, not at some mythical perimeter. That means putting in place the tools to identify intrusions, spot even the faintest signs of attack, and act before damage is done.
The world we live in today is the result of an evolution that started back in they days of the “Moonlight Maze” attacks in the late 1990s. What the security community has come to realize over the past decade is that the advanced threat is not just a phenomenon isolated to critical government systems, nor is it simply a matter of “one and done” attacks that have a single intent. In our highly connected world, nearly any company can be the focus of sophisticated, determined attacks, whether for the digital information they possess, or as a stepping stone to another target somewhere else in their digital supply chain. This is why we’ve created the RSA Next Generation Security Operations Center (SOC) design and implementation services approach.
RSA has released a new type of security solution that combines key parts of network forensics, Security Incident and Event Management (SIEM), threat intelligence, and Big Data technologies and techniques, to deliver a level of visibility that is different and deeper from all others that have preceded it. Most CISOs will likely agree that this new era of security couldn’t have come sooner.
This view is confirmed by newly published research from Jon Olstik, security analyst at ESG (from whom I borrowed the title of this blog). In his paper Jon clearly brings forward his argument — with which I completely agree — that security threats have changed, and thus the tools used and approaches for defense need to change significantly. I recognize this sounds a bit cliché, but if you read Jon’s paper you will see the clear argument and evidence to back up this claim. One very obvious technical trend is that the flood of security data that is required to provide the visibility that is necessary to improve the organization’s defenses, has gone up — way, way up. In fact, the ESG research paper mentioned above indicates that 47% of the organizations it surveyed collect, process and analyze more than “6 terabytes of security data on a monthly basis.”
Sounds like a Big Data Security problem needing to be addressed. (more…)
The opinions and interests expressed on Dell EMC employee blogs are the employees' own and do not necessarily represent Dell EMC's positions, strategies or views. Dell EMC makes no representation or warranties about employee blogs or the accuracy or reliability of such blogs. When you access employee blogs, even though they may contain the Dell EMC logo and content regarding Dell EMC products and services, employee blogs are independent of Dell EMC and Dell EMC does not control their content or operation. In addition, a link to a blog does not mean that EMC endorses that blog or has responsibility for its content or use.