Last week was the 2017 RSA Conference in San Francisco. Having attended, I can report that the number of vendors at the conference was nothing short of mind-boggling. While there are many challenges facing the security industry, there are also a lot of innovative ideas about how to respond to them. Here are my top takeaways from the conference:
#1 Organizations Should Consolidate Security Vendors
While it was great to see so many vendors at RSA, it was also indicative of just how many point security tools are on the market today — many of which provide very specific solutions to very specific problems. There is a downside to that. As RSA CTO Dr. Zulfikar Ramzan mentioned in his opening keynote, too many security vendors can create real challenges for organizations.
We’re all aware of the typical benefits of working with fewer vendors: One number to call in an emergency, simplified management, seamless technologies that require no integration, etc. And of course, the undeniable cost savings.
But the latest downside of having multiple vendors is that, if just a fraction of them are producing data that requires examination, it can quickly become overwhelming. SIEM tools are designed to deal with that issue to some degree, but more data sources means more resources dedicated to aggregation and tuning, and human interaction is still required when the data demands action.
Centrify long ago recognized that security teams could get all the functionality of four or five point products in one comprehensive identity solution. Rather than choose one vendor for PIM, another for SSO, another for 2FA, yet another for MDM, etc. — why not have one identity provider that can manage your entire environment? A single, all-encompassing user identity can be managed with a single set of policies inside a centralized system. That means less resources squandered on vendor and security application management, and more focus on actually securing the identity and environment.
#2 Analytics Are Everywhere
Tied into the what-do-we-do-with-all-this-data theme above, analytics was a hot topic this year, with what felt like half the vendors there promoting something related. From SIEM tools to forensics to anomaly detection, vendors were pushing analytics, while attendees were looking for ways to digest the glut of data and alerts coming at them from the many tools they already employ.
A number of discussions touched on distinguishing between high- and low-value analytics. As well as how to transform those analytics from passive data generators into active prevention response mechanisms. The next step forward is figuring out how to not only provide actionable data, but to take real action — to apply machine learning that analyzes data, assesses good from bad, assigns a confidence level and, when necessary, takes appropriate action.
At Centrify, we employ an analytics engine to assess risk. Machine learning is used to continuously build a profile of normal, expected user behavior which then determines what constitutes a high or low risk access event. When unusual activities trigger the system, it takes immediate preventative action – challenging the user to provide another factor for authentication or blocking the user altogether, depending on configuration. It seems this type of dynamic, real-time response to risk is what’s required across the board.
#3 The Never-ending Battle to Educate
Like every year, security education and awareness was a key topic. Part of that was introducing simple yet effective ways for users to prove their identity without having to use archaic methodologies like passwords. And applying least-privilege permissions so that when passwords do fail, damage is limited.
Even though auditors will tell you to incorporate password complexity, rotate them every 30 days, and follow all the other protocols, it’s obvious these measures alone no longer reduce risk in a substantive way. In fact, passwords alone no longer provide adequate security for most systems. Multiple factors are now mandatory for secure login and the market has caught on.
Centrify believes in the deployment of “MFA everywhere” to effectively guard against the loss of legacy credentials. In fact, we allow admins to create multiple tiers of access and require multiple factors whenever and wherever necessary — all based on policy. It can be by group, what apps or systems you’re accessing, method of access, where you’re located, etc. And baselines can be high — like requiring two factors to get any access whatsoever.
Lastly, a lot of attention was paid to IoT devices and how they can be more secure. The Mirai malware did a great job in raising awareness, and provided a clear call to action for manufacturers.
The technology and standards to protect these devices exist today. But discrete manufacturers need to collaborate with security vendors to ensure these new devices are secure before they reach the market, and consumers and the security community need to hold all vendors accountable for security.
Read this eBook, “Rethink Security: A Massive Paradigm Shift in the Age of Access,” to understand how to keep your company’s information safe.