EMC’s security arm, RSA – not to be confused with the security groups of HP, IBM, Dell, Intel and now Cisco, the large pure-play security vendors like Symantec, or the hundreds of other security companies (waiting to be acquired?) – has released a number of new products, services and a roadmap for next-generation security operations at this week’s RSA Conference Europe 2013. RSA’s objective behind the announcements is to help all customers – advanced (5-10%), intermediate (20-30%) and the rest, mainly SMBs (60-75%) – deal with a security market that is evolving to a more holistic approach, said Ashok Devata, Senior Manager, Product Marketing.
Customers are coming to us asking what else do they need in addition to what they already have. “The mindset is changing from the adoption perspective.”
The answers don’t necessarily have to involve RSA products, added Peter Tran, Senior Director, Advanced Cyber Defense Practice, and one of the coauthors of the Taking Charge of Security in a Hyperconnected World. “We have a lot of organizations that are aware of the problem, but don’t know what to do next.” They’re looking at the problem more holistically, not just a vendor, he said.
“Even though organizations find themselves at varying levels of maturity when it comes to advanced security operations, it’s important they employ solutions that are able to grow along with their needs,” said Jon Oltsik, Senior Principal Analyst, Enterprise Strategy Group, in a prepared statement. “Integrated solutions that comprise incident detection, investigation, and response, can help organizations reduce the overall impact of security incidents on the business, meet compliance requirements, and streamline security operations.”
RSA’s Devata, Tran and Matthew Gardiner, Senior Manager, Product Marketing, spoke with IT Trends & Analysis about the announcements and changes in the overall security market. The product and service introductions included a software tool, Archer Vulnerability Risk Management (VRM), for helping to identify and prioritize the highest risk vulnerabilities, a major update to RSA Security Analytics, a new RSA Security Operations Management solution and new Advanced Cyber Defense (ACD) services – RSA Retainer for Incident Response and RSA START for Incident Handling – along with new analyst-focused education modules.
Organizations are realizing the need for a more balanced approach to security, said Gardiner. A lot of today’s security solutions are focused on prevention, but they are not foolproof.
Then there’s the challenge of information overload,. Security professionals are being overwhelmed by too much information, but the solution is more, not less, information, said Gardiner. “The irony is to solve the data problem, you need more data.” The additional data is to provide greater visibility into the environment, and to provide more context to put into the analysis.
Security can be broken down into three elements: visibility, analysis and action. Analysts only want to see three things, said Devata, the alert, the context, and the data behind it.
Leveraging an intelligence-driven security model using Big Data and analytics technologies can help security professionals derive the necessary context to better defend enterprise networks and data from sophisticated cyber attacks, said Art Coviello, Executive Vice President for EMC and Executive Chairman of RSA, The Security Division of EMC, at the conference. “When we understand the context of people’s ‘normal’ behavior or how information flows on our networks, we can more clearly and quickly spot even a faint signal of any impending attack or intrusion, ” he said, “This is what makes intelligence-driven security future-proof. It eliminates the need for prior knowledge of the attacker or their methods.”
RSA is not the first to notice and respond to the (slow) evolution of the security industry from the scan, report, repeat model to a more holistic and prioritized approach. One new spending report put this year’s mobile device and network security market at $9 billion, but growth is forecast to exceed 20% compound annual growth for the next 7 years. Gartner offers a much lower forecast for the enterprise network security equipment market, but even at 7% CAGR over the next five years, that will still make it a $11.4 billion by 2017. Throw in services, and this market is expected to reach $67.2 billion in 2013, up 8.7% from 2012, and exceed $86 billion in 2016.
IDC has identified a new segment, Specialized Threat Analysis and Protection (STAP), which is forecast to have a CAGR of 42.2% from 2012 through 2017 with revenues reaching $1.17 billion in 2017. Infonetics reported that while the standalone security market is stalling, the integrated security market is growing. The global network security appliance and software revenue totaled $1.6 billion in 2Q13, an increase of 4% sequentially, and integrated security appliances have gained share every quarter since 4Q11, and Infonetics is forecasting quarterly share gains through 2Q14. SaaS content security market will top $1 billion, while cloud security services is expected to exceed $9 billion by 2017.
A recent survey of security professionals from ESG revealed that:
-42% believe that “keeping up with the latest threats and vulnerabilities” is “much more difficult” or “somewhat more difficult” than it was two years ago;
-39% believe that “keeping up with internal security skills” is “much more difficult” or “somewhat more difficult” than it was two years ago;
-38% believe that “overall security monitoring” is “much more difficult” or “somewhat more difficult” than it was two years ago;
-35% believe that “recruiting/hiring new security professionals” is “much more difficult” or “somewhat more difficult” than it was two years ago; and,
-33% believe that “managing disparate security point tools” is “much more difficult” or “somewhat more difficult” than it was two years ago.
RSA has been helping the three tiers of customers move lower down the maturity stack, but there is a lot more work to be done, especially for SMBs, said Gardiner. In addition to lowering the entry points, they have to work more with managed service providers to service those customers that don’t have the staff, the expertise. “We have to make it more accessible.”
Under The Hood
Here are some of the contents of Taking Charge of Security in a Hyperconnected World:
-Organizations are taking responsibility for proactively improving security, not just for themselves but for customers and business/supply chain partners.
-Rising numbers of organizations are conducting assessments of their business risks and security practices before breaches occur.
Most breaches result from organizations stumbling on basic security practices. The following deficiencies play a contributing role in most security breaches:
–Neglecting basic security hygiene
–Relying exclusively on traditional threat prevention and detection tools
–Mistaking compliance for security
–Inadequate end user training
An organization’s optimal security posture will change as its business, risk, and threat environment changes. Good security is less about achieving a static goal state as it is about building capabilities for continuous evaluation and improvement.
Of the many recommendations that emerge from security assessments, 20% will likely yield 80% of the benefits. The following areas for improvement typically generate high impact:
–Conduct all-inclusive risk and security assessments
–Locate and track high-value digital assets
–Model threats and address top vulnerabilities
–Master change management processes
–Deploy security staff selectively and strategically
–Integrate security processes and technologies to scale resources
–Invest in threat intelligence capabilities
–Quantify the impact of security investments