The 2015 edition of the RSA conference is being held this week in San Francisco. It appears this year's show had over 30,000 attendees and 500 exhibitors, both up considerably from last year. Security is an interesting IT topic because it tends to ebb and flow between being really important to the most important thing IT leaders are working on. Right now, it's fair to say it's the top initiative for most organizations. A recent ZK Research IT priority survey shows that security remains the top IT priority again for 2015 (disclosure: I am an employee of ZK Research).
The difficulty for security professionals is that security has changed so much over the past five years. I'm not ready to come out and say that protecting the perimeter doesn't matter – of course it does – but security needs to extend past the edge of the network.
Perimeter firewalls do a great job today, and all the vendors that offer a top-quality product perform well in both protecting businesses from letting in bad traffic and also keeping sensitive traffic from leaving the organization.
However, what happens when the threat doesn't come through the perimeter? This can happen in many ways. As I pointed out in my last post, BYOD is causing new ways for malware to circumvent the perimeter. The threats can come in through phishing sites, emailed documents, or a number of other ways. The fact is that no matter how much training is done or how careful a company is, a breach is going to occur.
This begs the question – what should an organization do to protect itself? While the answer to the problem isn't clear, what is painfully obvious is that what we've done in the past hasn't worked and isn't going to work, so it's time to think differently about security.
At the show, I had a chance to meet up with Marie Hattar, Chief Marketing Officer at Check Point, and she told me that this was the thought process the company went through when it acquired Hyperwise and its CPU-level threat prevention technology earlier this year.
As she put it, the methods currently used to remove threats are based on remediation after a system is infected. This was never ideal, but at least it was sufficient when IT operated in a tightly controlled environment. Control has gone the way of the dinosaur, and CSOs need to look at protecting the organization differently.
Today, sandboxing technology detects unknown malware, but most sandbox vendors provide OS-level sandboxing, Hattar says. This means that the malware is allowed to download and run to see if it exhibits bad behavior. With CPU-level threat prevention, malware is blocked at "pre-infection" before it actually even enters the computer. The technology works at the CPU level and looks for exploits that bypass OS-level security so it can eliminate a variety of zero-day attacks and other unaddressed threats. She was very candid about the fact that no credible security vendor would claim to solve all security problems, but CPU-level threat prevention does help close the widening threat gap and also significantly improve threat catch-rate.
Based on many of the users I talked to at RSA, there certainly seems to be an understanding that change is needed in security. New security technologies can now offer protection all the way down to the chip level if needed, something that will becoming increasingly important as malicious traffic continues to find new ways of invading our companies.