RSA Day 2 Recap

Keynotes took up the morning of Day 2. The speakers included:

  • Arthur Coviello, Jr., EMC Corporation and RSA
  • Scott Charney, Microsoft Corporation
  • Enrique Salem, Symantec Corporation
  • Ashton B. Carter, US Deputy Secretary of Defense

The common message I heard throughout all of the keynotes was:

The situation is changing and we are planning to fight and win the last war. Stop it. Look around and adapt to the war you are fighting now.

The last war we fought on the INFOSEC front was network centric. The perimeter was the focus. We won if the perimeter was tight. We lost if we didn't. The new war is data-centric.

We've tightened down the perimeter as much as possible and the bad guys have found ways to breach our networks through the holes the business needs to conduct daily operations. We can prevent breaches now. We need to focus on minimizing their impact.

Additionally, we have a new type of user, Digital Natives, who live and die by social networks and extensive data sharing. They way we do business will be changing as these folks come into the work place. These people won't just be on our staff, they will be our customers. We need to have a strategy that will accommodate both, but accommodate them safely.

I also attended a session on Cloud security. It was a solid presentation but there was not really anything new in it for me. The bottom line with the Cloud, especially with large providers is that the contract is the most effective security control at your disposal. Just as we are adjusting our security philosophy from Prevent All Breaches to Detect All Breaches and Minimize Their Impact, the Cloud contract is all about minimizing impact and creating as much predictability as possible when things go wrong.

The last session I attended discussed Big Data and how to use it in security. I must admit I quickly found myself in over my head. This stuff is still really new and the ability to create your our tools is critical. Big data in security is a combination of NoSQL databases and data mining. Neither of the skills are in my toolbox and I'm not sure that I can build them in time to take meaningful use of them.

It is worth noting that security Big Data is different from SIEM. SIEM is a real time or near real time means of detecting anomalous activity. Big Data is about mining the data you have already and finding subtle relationships between among the data. This could be user behavior or system behavior or a combination. The trick is that you must rely on batch jobs to pour through terabytes of data to find the patterns. While SIEM is more like instant feedback from your coach, security Big Data is more like meditation and personal introspection.