Skip Links

Security pros come clean at Summit on Advanced Persistent Threats

RSA CSO Schwartz: 'The frequency and volume of attacks has reached pandemic levels'

By , Network World
September 13, 2011 10:39 AM ET

Network World - Put about 100 chief information security officers, CIOs and CEOs into a room and what they are willing share about cybersecurity just might surprise you. More information about just what they shared will be revealed soon in a report stemming from a closed-door Summit on Advanced Persistent Threats held in Washington, D.C., in July, where business and government security professionals acknowledged to each other that their organizations had either been hacked through stealthy infiltration to steal valuable sensitive information and intellectual property, or that they wouldn't know it if it had been.

The meeting, which covered advanced persistent threats (APT) and other security breaches, was organized by trade group TechAmerica and EMC's security arm, RSA.

RSA, of course, is the well-known victim of an attack disclosed this past spring in which highly sensitive information about SecurID was stolen and later used to attack at least a few RSA customers, including Lockheed Martin. Some have suggested the RSA-related breach was carried out by China, but the security company declines to comment on this.

"What was different about this [summit] was that RSA was sharing their insights, saying this happened, and it set the context for other people to discuss," says Bill Boni, vice president and corporate information security officer of T-Mobile USA, who attended the summit.

SECURITY ISSUES: HIPAA has teeth and will bite over healthcare privacy blunders

There's growing realization that organizations must learn to live in a state of compromise and focus on limiting the damage, according to those who attended the meeting.

"It means change your mental gestalt in a way," says Boni, adding that it's not realistic to think perimeter controls are decisive defense when users are tricked by hackers via exploits such as phishing scams.

"It's an unrealistic expectation that you never lose a game or an opponent isn't going to score a point against you," Boni says. "Corporate lawyers are adverse to corporate security officers admitting, 'We got owned by the APT,'" but he says there needs to be a better way for security managers to speak candidly among themselves in order to get a better picture of how the APT problem might be occurring.

Since experiencing its own devastating APT incident, the wounded RSA took to organizing the equivalent of high-tech group therapy to talk about APT. "We have a lot to share on that front," acknowledges Eddie Schwartz, chief security officer at RSA.

"There's the notion that the adversary is much better at threat intelligence than we are," he says. "The adversary gathers open-source intelligence and they do data-mining before an attack."

APT BACKGROUND: Advanced persistent threats force IT to rethink security policies

In contrast, companies getting hit find it hard to even have a candid discussion or share information quickly so the larger community can benefit from anyone else's knowledge. Schwartz argues there is even a need for an IETF standard to help in assist in data-sharing in this regard.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News