Blog

Heed This Security Leader’s Voice: “We’re Losing this Contest…” Amit Yoran, President RSA Security Division of EMC

April 30th, 2015 by Jason Matlof

Screen Shot 2015-04-30 at 11.58.17 AMIt’s not often that that we hear major technology vendor executives acknowledge the shortcomings of their own product portfolio and those of their peers. But when the President of one of the largest security companies in the world acknowledges that the bad guys are winning the security war, and that the defense mechanisms offered by that company are insufficient, it’s time to run for cover.

To be specific, Amit Yoran, President of RSA Security Division of EMC acknowledged last week at the world’s largest security industry event that “2014 was yet another reminder that we are losing this contest. The adversaries are out-maneuvering the industry, out-gunning the industry, and winning by every measure.” As a reminder, RSA / EMC is one of the largest incumbent security vendors in the world.

I applaud Amit for his frankness and candor, acknowledging that the path we’ve proceeded down for the last 20+ has major shortcoming, to say the least. To paraphrase Amit, the tools, processes and systems that the industry has built to secure our networks are insufficient in today’s world of sophisticated attacks, and have been for quite a few years. In Amit’s words, “…the industry has promoted a defensive strategy that aligns with a Dark Ages mindset – to keep the barbarians away…Beyond this irrational obsession with perimeters, the security profession follows an equally absurd path to detecting these advanced threats.” He continued, saying “(m)any security professionals base their security programs on the futile aggregation of this virtually blind telemetry…implementing that glorious and increasingly useless money pit known as SIEM.

This is from the President of one of the industry’s largest SIEM and Forensics vendors!

Run…..!!!!!

Of course, Amit and RSA are not fools. Of course, they have a card up their sleeve. A new gizmo to hawk! “No more of the same. Let’s do things differently; let’s think differently; let’s act differently.” Amit went on to talk about the virtues of a new paradigm with five notions that we should expect to see coming from RSA over the coming years:

  • You can’t build tall enough walls – targeted attackers will succeed.
  • Pervasive visibility is needed – network to endpoint.
  • Malware isn’t always required for a successful attack.
  • Leverage broad threat intelligence sources.
  • Focus on key assets and activities – prioritize your work.

Fortunately, there’s good news…and the industry doesn’t need to await the years and many releases of new products to realize this vision. LightCyber’s Magna Active Breach Detection Platform essentially delivers on this vision, today.

LightCyber was founded more than three years ago with the foundational presumption that the organizational network will be breached (#1), and we’ve introduced a new category of Active Breach Detection products that automatically and efficiently detect those attackers before they are able to perpetrate their damage. Our Magna Active Breach Detection platform employs behavioral profiling techniques to detect active attackers that have circumvented legacy threat prevention systems, and incorporates full network (DPI) and endpoint context to provide pervasive visibility and the highest level of detection accuracy and actionability (#2). Since sophisticated attacks often don’t use malware or other “known” attack artifacts, we need to leverage threat intelligence as a secondary source of forensics data but not rely upon them for our primary detection method. Magna is able to detect anomalous attack behaviors regardless of malware usage, and it augments those breach indicators with rich threat intelligence about known and unknown technical artifacts that were employed in the attack process (#3 and #4). But, that threat intelligence is secondary and not required for the core behavioral anomaly detection.

We applaud the genuine, sincere revelation by Amit Yoran at RSA, acknowledging the shortcomings of prior generations of security architectures. If you’d like to trial the product that Amit described today rather than just hear the vision, come learn more about Magna Active Breach Detection. That might also be the best way to achieve #5 today  – prioritize your work ASAP!

Read about Yoran’s remarks

Learn more about Active Breach Detection

Leave a Reply

Your email address will not be published. Required fields are marked *