Implementing a successful cybersecurity strategy in light of advanced threats calls for operationalizing three key principles: visibility, identity and risk, says Zulfikar Ramzan, chief technology officer at RSA.
Relying on traditional security controls to prevent attacks is an inadequate strategy for mitigating advanced threats and practitioners need to find new ways to deal with them, he says in an interview with Information Security Media Group 2016 RSA Conference Asia Pacific & Japan in Singapore.
Visibility, together with analytics, is now a core component of addressing today's risks, he contends. 'If you really want to protect your network and infrastructure, you have to know your devices, your security technology and understand your physical risk, operational risk, security risk, supply chain risk and business risk - and this can happen by operationalizing visibility," Ramzan says.
Identity management is also at the foundation of security, Ramzan says. "Security is fundamentally about ensuring that only the right people can access the right resources at the right times and do the right things with that access. And you can't achieve that without a robust notion of identity."
Another critical component of a successful cybersecurity strategy is understanding how security risks affect the business. "IT security risk has become the most prominent, and maybe the least understood, element of enterprise risk," he says. "CISOs have to think about how to translate low-level technical details into the language of risk" that board members can understand, he adds.
For example, he says CISOs should describe a distributed denial-of-service attack as an "impact to business continuity, and there's a cost associated with that."
In this interview (see audio player below photo), he offers insights on:
- The need to focus on the business elements of security;
- Understanding the emerging threat landscape to assess whether to change an organization's cybersecurity strategies and technologies;
- New threat detection models;
- The role of machine learning and artificial intelligence in new security products;
- Avoiding the single biggest mistake in dealing with a breach: underscoping an incident.
As CTO at RSA, Ramzan is responsible for leading the development of its technology strategy and bringing innovations to market. Previously, Ramzan was CTO at Elastica and chief scientist of Sourcefire, implementing deploying machine learning systems. He has co-authored more than 50 technical articles and two books and holds more than 50 patents.