The RSA Conference was bigger than ever, with more participants and more ideas worth spreading. Since this event is the place where the world talks security, we had to be a part of that conversation. So we went there to tell the world the Bitdefender story, but also to listen to the bustling crowd. For personal views on the hustle&bustle of the RSA Conference 2015 and buzzing topics, check out this opinion piece written by our own Darragh Kelly.
In the wake of last year’s security breaches, and looking ahead to the security challenges posed by the Internet of Things (IoT), it’s become clear that security is a global issue, and in order to preserve it, we need to change the current security mindset. The entire event seemed to revolve around this idea – even its slogan encouraged the attendees to “challenge today’s security thinking.”
In this article, we’ll summarize the three challenges posed by security experts to the current mindset, and conclude with the emerging one.
1. The IoT touches everything and can reach life-threatening perspectives.
IoT security has been on everyone’s lips for some time now. It was highly debated at the Mobile World Congress earlier this year, and was the subject of multiple talks at the RSA as well. Given its scope and the several connectivity levels it relies on – application, endpoint, network, cloud – IoT deployment requires the involvement of several parties, which makes securing it all the more complicated. However, the main issue with it is, it seems, the IoT devices – while they are designed to connect to all these levels, they are designed and manufactured by non-security experts. Which means, vulnerabilities will most certainly exist, as recent cases have shown.
Another issue with the IoT is how different connected devices can enable threats to propagate through a network more easily, leading up to life-threatening scenarios. Take ransomware – a threat that came up in many discussions –, for example. With the IoT continuing to grow, ransomware is escalating in danger. As Bitdefender Threat Analyst, Bogdan Botezatu, explained in an interview for Techradar,
“The rise of the Internet of Things could provide ransomware developers with a much bigger and potentially lucrative audience. [The ransom message could be:] Want to continue using that pacemaker of yours? Please pay in Bitcoins only. How about saving your house from an impending blaze? That would be a few more Bitcoins.”
It’s safe to say that the Internet of things can become a nightmare for everyone, unless security becomes a forethought and manufacturers rely on industry expertise to design security into their products.
2. We need to put data security into context to increase attack visibility.
With the emerging mobility and IoT trends, visibility into what’s going on in your environment becomes crucial. It goes beyond your defined network and known “perimeter,” into the IoT; the concept is broad enough to include, for example, IoT devices that may not be on your IT inventory and may present unknown vulnerabilities.
This visibility should enable companies to detect early on abnormal behavior that may result in a breach, and to contain the damage in due time. It starts from who uses an endpoint, what endpoint, authentication on the endpoint, and goes all the way up to the network and to the cloud. It relies heavily upon constant network monitoring and threat intelligence. The idea being to add context to security data based on which, security analysts can identify potential threats.
3. IT security needs a holistic approach.
New trends are also changing the conversations infosec professionals are having with the board. What appeared to be a pain point expressed multiple times at the conference was how these professionals translate security stats – usually, they seem to fail at taking in the big picture that resonates with the board. So there’s a need to brush up the security talk and only provide the right information to the right people, to take the right decisions.
But in addition to improving the security conversation at board level, experts also advocate a focus shift from a compliance strategy to a more comprehensive one, tailored to respond proactively to current threats. Which means, assess the overall threat landscape, and then mix-and-match third-party security offerings (if they lack such solutions), while building policies around them; the idea here is diversification – not sticking to one solution provider only, that can offer only so much.
And last, but not least, one other point in this holistic approach was about the people. There’s much talk about next-generation security solutions, but not enough about next-generation security practitioners. And this topic should be addressed more often.
So what’s the emerging security mindset all about?
- Build products with security in mind from early design stages.
- Change the focus from perimeter security and compliance to better visibility into the IoT.
- Take a holistic approach to building proactive defenses.
Which leads us to the question…
Is Your Security Tough Enough?
This was our way to challenge the current security thinking at the RSA Conference. What does “tough” mean? It starts with #1 rated security technologies, add to that seamless integration of various solutions, long-term expertise and 24/7 antimalware labs for continuous threat analysis. Haven’t got it? You can integrate it from us.
We’d like to thank everyone who visited us at our booth. For those of you who couldn’t make it, and would like to talk security with our experts, you can always contact us here or #ASKBitdefenderOEM on social media.