Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

RSA 2014: The benefits of an intelligence-driven security strategy

As one of the nation's leading cybersecurity experts, Eugene Howard "Spaf" Spafford has provided security advice to companies, law enforcement organizations and government agencies. Spafford, who is currently a professor of computer science at Purdue University, is considered a pioneer in the cybersecurity field for his work analyzing the Morris Worm, one of the first computer worms, more than 25 years ago.

At the RSA 2014 Conference in San Francisco in February, Spafford sat down with SearchCompliance editor Ben Cole to discuss the current state of cybersecurity threats and how companies can benefit from an intelligence-driven security strategy.

A theme here at the RSA 2014 conference, and also at the ISSA conference in October, was collaboration among security professionals. What needs to be done to move this collective intelligence forward?

Eugene Spafford: The community is not well-defined as to the scope of all the things we do. We don't necessarily know who we are. I think that's part of the problem, what the scope is with the people involved in designing, building, running systems and investigating incidents. Is it security? Is it privacy? How much of it is threat intelligence? How much of it is criminal investigation? It's difficult without knowing where the center of that community is. A second aspect there has to do with, really, what are our goals? What is it we're trying to do? Are we advancing social good? The whole nature of the profession needs a little bit more definition for us to actually be able to say we're working together towards some common goals.

What do you think are some of the most alarming new methods of cyberattacks, and what security measures and technologies are being developed that can offset these cybersecurity threats?

Spafford: I don't think I've seen anything that I would consider to be a new attack. Many of the things that have been occurring are attack technologies and behaviors that have really been known about for decades. A number of the practitioners in the field today don't know about them, and certainly an awful lot of the organizations that are being attacked have not bothered to make appropriate investments in their security. When these things occur, everybody says, 'Wow, that's a surprise.' But it really isn't.

For instance, consider the recent series of attacks on point-of-sale terminals to collect credit card numbers. That's not new -- it's malware. It's going after personal information. It [has] come out in the news that the organizations involved even had security measures in place, but were ignoring the warnings. I do not think that is new. What we're really seeing that's a little bit different is on a larger scale and is a little bit more politically motivated, like the efforts of the Syrian Electronic Army. Those attacks are disturbing because we don't have a coordinated international response to wide-scale cybercrime and politically motivated behavior.

Do you think results from security analytics can be used as a competitive advantage for companies?

More from RSA 2014

New generation of data security threats forces new look cybersecurity efforts

RSA 2014: Data security experts discuss underestimated cyberthreats

Spafford: If it's used appropriately, it may help to convince management [of] the value of investment and the value of training and other issues. By having the numbers, by looking at the analysis and comparing with others in the field, that can help them adjust their investment and resources, adjust the amount of authority that's put in place. If it's used as a justification to reduce security, that is the wrong use. If it's being used to right-size security, I think it does have advantage.

How effective is intelligence-driven security, and what are some of the challenges to this approach?

Spafford: For large organizations that have the budget and the risk profile to make use of threat-driven intelligence, it's very valuable. It may give them a heads up [on] what to investigate, what to instrument, what patterns to look for. Smaller organizations are at a disadvantage because they don't have access to large sources of information. It's most valuable when it's done on a large scale, when it's aggregated amongst a sector or larger organizations. That's one of the big challenges of the intelligence-driven security information: Intelligence in general has value if your opponents don't know that you have it. Publicizing it too widely can diminish some of its value.

Let us know what you think about the story; email Ben Cole, site editor. For more regulatory compliance news and updates throughout the week, follow us on Twitter @ITCompliance.

View All Videos

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Increasing risk of having their sensitive data accessed by sophisticated and continuously evolving cyber attackers. In this segment of the RSA Advanced Threat Video Series, you’ll hear top leaders in the field of cyber security discuss the unique challenges of living in a virtually connected world. Discover why old security models are ineffective in today’s threat landscape and how to better protect your organization from an attack.
Security is becoming a new threat now a days with more of the channels to access the applications coming in and the data that is getting transferred over the net opens the loop hole for the cyber attackers to get hold of the user data, even from any of the channel the data is transmitted has to be encrypted, this has to be two factor that is use a combination of the Symmetric and asymmetric levels of the encryption, there has to clear spec that has to be defined based on the sensitivity of the data that is classified what is the best fit security model that has to be used , so that becomes an industry standard.