RSA chief calls for 'inventive collaboration' among security vendors

More

RSA Conference

• RSA chief calls for 'inventive collaboration' among security vendors
• Researcher wants hacker groups hounded mercilessly
• We don't want to run U.S. cybersecurity efforts solo, NSA chief says
• EMC, Symantec kick-off security barrage
• Mark Everett Hall: Vendors: We don't need no stinkin' patches!

More in Security Center

Computerworld - SAN FRANCISCO -- Two years after suggesting that independent security vendors were headed for extinction, Art Coviello, president of RSA, is calling for "inventive collaboration" among vendors for dealing with the expanding range of threats facing business and government.

Delivering the opening address at the RSA Conference here today, Coviello said factors such as the sagging economy, the proliferation of new technologies and the growth of organized crime are driving the need for vendors to work with one another on key security practices.

Coviello's was a sentiment shared by multiple industry representatives at the conference, who said that the threat facing private and government networks calls for a more unified response from all cybersecurity stakeholders.

"Our adversaries operate as a true ecosystem that thrives through interdependence and constantly adapts to ensure its growth and survival," Coviello said. "For us to succeed against such advantaged adversaries, the vendor community must take the lead" in building a similarly interdependent security ecosystem.

The key to this happening is for vendors to stop viewing their technologies as "piecemeal" products aimed at addressing discrete security problems, Coviello said. Rather, he said, the emphasis needs to be on ensuring that products from each vendor work well with those of others to provide better information risk management opportunities.

"Technologies are still applied piecemeal from multiple vendors -- cluttering the information landscape -- leaving perilous gaps of risk," Coviello said. "We must embrace a common development process that allows us to clean up this landscape, creating a more secure infrastructure today."

The strategy within the security industry should be to have common standards around certain core functions, such as security policy management, policy enforcement and policy auditing, Coviello said. Vendors also need to be willing to share technology -- such as key management -- where appropriate so as to accelerate the "growth and productivity of the ecosystem," he said.

Enrique Salem, president and CEO of Symantec Corp., said that the record pace at which malicious activity has been growing necessitates a change from the single-vendor approach to security that has been the norm. In just the past year, Symantec alone created more than 1.6 million new signatures to deal with malicious code. "That's more than we've created in the last 17 years combined," Salem said.

Attackers are increasingly moving away from mass distribution of a few threats to "micro-distribution" of millions of threats aimed at specific targets, Salem said.

Companies need to bring together the handling of security, storage and systems management tasks, he said. Such collaboration means "more visibility into what is happening in the external threat environment and internally across the organization," Salem said.

Lt. Gen. Keith Alexander, director of the National Security Agency, said in a keynote address at the conference that the task of handling cybersecurity is too big for any one entity alone. Going forward, government, the private sector and academia need to find ways to collaborate with one another to effectively dispel cyberthreats, he said.

The Internet is shared by not just the government or the military, but all players, he said. Securing it effectively will require collaboration and sharing of information among all of the stakeholders, Alexander said.