2014 RSA Conference – Calling for Collaborative Intelligence
If you attended this year’s RSA conference, you witnessed the growing demand for cyber security as the conference expanded across all three halls of Moscone Center in San Francisco. The conference promoted this year’s slogan of “Share. Learn. Secure. Capitalizing on Collective Intelligence”, to its record attendees and largest number of exhibitors and speakers. With over 350 exhibitors showing off their solutions across the security spectrum, there was no shortage of capabilities to evaluate. We were also very pleased to see a number of companies from DC, MD and VA representing our cyber talents and solutions at the conference.
Unlike 2013, there was very limited discussion around APT (advanced persistent threats) at this year’s conference, and many people were discussing collective intelligence. This new concept is leveraging cloud architecture to automate and collect threat detection then integrate mitigation processes to more quickly stop advanced malware attacks across different customer bases. It was interesting to hear this theme being echoed throughout the conference, but two key items were not being addressed:
1) Who is going to play the role of central command to collect, analyze and share threat information? Large vendors like Intel, Symantec, and many others will all collect the data from their agents, but that information will be limited to their products. If a new attack is only shown or traced on certain products, then what happens to those that does not have those products? Unlike the government, wherein you could appoint an agency to be the central command like the Department of Homeland Security Continuous Diagnostics and Mitigation program, which will assist all civilian agencies, we don’t see the large vendors likely cooperating with other vendors.
2) It seemed like many of the vendors will roll out this new collection solution to their customers soon, but customers ultimately have the right to determine if they want their data to be shared with others. Even with all of the sensors to collect the appropriate data, if the customers do not grant permission to share with others, then this chain of collective intelligence cannot get started.
With the increasing vulnerabilities and rising reports of attacks, everyone is trying to come up with a better approach to enterprise security. Given the technology advancement and adaptation of cloud architecture today, collecting threat intelligence should not be a difficult task, but the larger hurdle is when will customers start collaborating for a more holistic solution to promote “Collaborative Intelligence”.