Q.How can security help an enterprise from being hunted to being the hunter?
A.In 2011, RSA had gone through a breach and this was taken as a learning opportunity even in the times of difficulty. We focused to learning from what went wrong and educate our customers about our experience so that such incidents can be avoided in future.
It is a known fact that no company can be hundred percent secure and even security companies are vulnerable to cybersecurity threats. But with right tools, processes and people in place we should be able to mitigate risk without further compromising our security. With various security tools at our disposal and learnings from the past we are in a position from being hunted to become the hunter, hence that approach.
Q.What kind of security tools help prepare the enterprises to face such scenarios?
A.There are various offerings in our portfolio, primarily there are tools that capture logs, packet and network forensics which is the RSA Net witness suite. The secondary set of tools helps with providing authentication, access to a certain file/ folders when required and taking away the permissions when the employee leaves the organization, making sure that the people have right access to the right resources at the right time, this is our Secure ID suite.
The next level of tools (RSA Archer) simplifies technical content so that it is easier to understand in business context. These tools tie IT risks into business risks from a broad perspective, board members are not interested in knowing the technical aspects but more interested in knowing how all of this is going to impact their business. The Fraud Risk and Intelligence is also a part of security infrastructure apart from the above mentioned tools.
Q.Specific use cases that you would like to portray with respect to current scenario?
A.The end users are given multiple choices in line with their security needs. We offer products ranging from Secure ID tokens to multifactor authentication optimized for mobile like the use of biometrics “shake your phone” and “eye verify”. Security and convenience have never worked together, when security steps in convenience is affected and vice versa. It has been our constant effort to design applications in such a way that both security and user convenience work together making security process effortless. This is what we are trying to do with our Secure ID suite – add user convenience, sign on capabilities and multifactor authentication. To give you an example, we can do away with tokens and instead use mobile phones that are equally secure and convenient. Hence security in business is a balancing act by making security more of an enabler than inhibitor.
Q.How can anybody get to know what security parameters they must set up and how are they evaluated even before they are integrated?
A.Let us take an example of remote access. We did a survey 8 months ago asking our customers what they use RSA for and the response we received was remote access. The way we help our customers is to figure the level of integration they require. We have Proof of concept (PoC) and we do testing trials basis information. It depends on the complexity and vastness of enterprises, based on which security models are offered and built.
Q.What do the hunters look for?
A.In the latest Verizon data breach investigation report, over sixty percent of the breaches in 2015 were due to a compromised password, stolen password or default password. The weakest link in the security chain is a human being. From that perspective it is important to have a process that looks for what the users are accessing. What we are hunting for includes orphan accounts i.e. accounts that don’t have the right applications or the right path. We believe the first step/ entry point for a malicious person or nation state is through someone and that is a compromised credential or stolen password. From there on, if there is a malicious activity of a user that got in, they might just sit there for a few weeks to months and see what is happening. We monitor all these activities and look for anomalies.
Behavior analytics in this perspective looks at the risks of the user and the application they are accessing. For example, if a user is using corporate network to access using a single sign on? If the same person is at home, he might use VPN and they might be asked for an additional piece of information to authenticate. If the user is travelling abroad and wants to access the system or an application that he is not supposed to access from his current location. The necessary security protocols in place makes sure that the user is authenticated. The assurance level is set within access; if required set individually for specific individuals. The risk engine that runs in the back ground is also smart. For example, if an authorized person tries do gain access to a system, the risk engine kicks in and gauges the behavior patterns among thousands of people in the company. If multiple people are doing the same thing, risk engine learns that there is something going on. The risk engine adapts and self learns. Based on the inputs, it makes sure that the right authentication or access is provided to the user.
Q.What is currently happening in the Infrastructure side of security? How is it getting simplified for future?
A.The security today is more of a configuration setting. It’s there in every product and it just needs to be switched on.