Speaking in a keynote session at RSSA Conference in San Francisco, HP Enterprise CTO and EVP Martin Fink looked at the average time of 48 days to resolve incidents, and said that in security we are fighting an “escalating battle and things only getting worse.”
“We protect everything in the enterprise from the edge to the data centre cluster, while the bad actor only has to find one way in,” he said. “We have come a long way from script kiddies defacing websites for fun, as the assets the bad actors are after are very significant and personal records, financial records and intellectual property.
“Attacks are sophisticated and more and more unpredictable – with Anthem they used spear phishing, while on the IRS attack they used stolen data to falsify tax returns.”
Asking how to detect an attack when there is no malware involved, Fink said that the bottom line is we are not able to, and need to do something different. “We think of security as three core principles: prevent/detect, respond and recover,” he said.
“How are we going to accomplish this? We build security into every element of IT and not just the perimeter, and we need to react at machine speed that are analytics driven.” He said that the issue needs to begin at the supply chain level, and verify components down to raw silicon.
“It is not enough to secure the infrastructure, we need to build security into the data and make sure we can isolate and recover applications.”
He acknowledged that to collect more events creates a “huge sea of noise”, and it moves from looking for a needle in a haystack to a mountain of hay. Asking how to turn the battle on its head so that data and streams are still protected even if a network is breached, Fink said that we need to detect a threat at machine speed and not human speed, and that way we can we turn the tide against the attackers.