Thirty thousand people; five hundred vendors; a clan of security practitioners seeking out safety in their ecosystem; a tribe of knowledge pursuing the opportunity to share best practice and thought leadership to increase likelihood of survival... my first RSA. Amit Yoran’s Keynote suggests that an evolution out of the Dark Ages of Security is required for our next evolution, as we've become hardwired to be afraid of the dark. Danger lurks at the edge of the fire but we don’t know which sounds matter. So, we make bigger fires, build walls around ourselves and make them tall, hoping to keep the danger away. I found the analogy of the Dark Ages and our “hardwired” focus on the perimeter fascinating. We talk about it all the time—old habits are hard to break. As security practitioners, we know we need to adapt but we fall back to what we know. Yoran suggests that we need a new age of enlightenment and recommends five activities that can lead us to a new paradigm:
1. Stop believing that advanced protections work.
Focused adversaries will find a way to infiltrate their target. It doesn’t mean we shouldn’t use them, we just can’t depend on them as an impenetrable wall.
2. We need pervasive and true visibility.
Understanding fully relationships and interconnections in our ecosystem is foundational in ensuring that we fully understand the scope of an incident and can respond appropriately.
3. Identity & authentication matter more than ever.
Knowing who is accessing what is crucial to any advanced threat strategy. Verizon’s Data Breach Investigation Report (DBIR) clearly stated that stolen credentials lead the way in successful penetration.
4. We need external threat intelligence.
We have to share information and then we have to operationalize it. Use private intel, ISACs and any other information you can leverage to make our actions more meaningful at subverting the miscreants.
5. Prioritize limited resources for maximum impact.
Every business is different and what is most important to one is less so to another. Focus on the most important accounts, data, roles, and applications for your business. Know what needs the most investment. Things that go bump in the night are scary. I believe it is fair to say that all of us are terrified of the nefarious monsters just outside our perimeter. I posit that we get a flashlight and shine the light back on the fiends, showing them that we are prepared to fight, either outside or within our walls. We are fortified either way. This paradigm is a game changer and can help us develop to our next best evolution. Watch Yoran's full RSA Keynote below:
