Intelligence driven security is a must, says RSA exec

This is self-evident given that organisations are investing in security while breaches still occur, according to a top executive from RSA, EMC Corporation's network security firm.

"It's really about putting in a new model and learning from what's been in place," says Rashmi Knowles, Chief Security Architect at RSA.

"Traditional security tends to be perimeter based, looking at signatures left after attacks have taken place. However, the reality is that there often aren't any signatures now, given malware is compiled for specific attacks," she tells AMEinfo.

A signature is a clue left behind after an organisation is attacked. Most companies these days will have a firewall, anti-spam measures, intrusion detection and so on, but all these devices need to know what to look for.

"The attacks we have today don't have a known signature, so you actually can't stop the attack coming in. Where is the perimeter now? There isn't one."

Enterprise networks are being opened up for innovation and collaboration, and then added to that are mobility and social media trends. This really changes the whole concept of how to protect an organisation. So, the key then may be to secure data, rather than networks themselves.

Security begins with intelligence

"There are a whole bunch of technologies you can apply," she explains. "A lot of organisations speak of encrypting devices, but that's the wrong way round. It's important to first examine risk and consider the appropriate technology to defend from that. Encryption could be the answer, or simply moving the information somewhere else."

Organisations may have good IT security but do not know how it relates to their business. It's about understanding the real implications of a breach and being able to implement an appropriate response, i.e. don't bring in a fire engine for a smoking bucket. RSA refers to this as 'Actionable Intelligence'.

"If I have a breach then how does effect the risk to my business?" she asks. "Someone has to decide whether or not to shut a server down to stop an attack. You need to move fast with real time information and analytics."

If data is stored in the cloud, a lot of service providers move their data around. So how can you be sure the security controls are moving and living with that data? This requires both agility and automation.

"Today a lot of organisations have either manual processes, and sit down to figure out where attacks are coming from and how much damage is done. But with competent security analytics implemented, companies can automate processes and even give an adequate response - otherwise it's just a case of being overwhelmed," warns Knowles.