In an industry worth $100 billion and 1,200 security startups this year, RSA president Amit Yoran kicked off this year's RSA Conference on Tuesday by boldly claiming that security organizations are failing to understand and solve threats. Stating that it's a problem with security mindsets, Yoran said, "tools are incapable of protecting against threats" because the biggest threats are the ones that we haven't seen.
The nature of threats has changed dramatically within the last several years, said Microsoft Windows Security and Identity group program manager Dustin Ingalls, telling TechRadar Pro that state-sponsored attacks are now the bulk of today's concerns.
Can't predict threats
Showing how little we can anticipate or predict threats, less than 1% of threats were detected by the security information and event management (SIEM) system.
To combat attacks, Yoran warns users to stop believing that advanced protection will work. It's essentially a cat and mouse game with anti-virus programs trying to catch up to the malicious hacks.
Using the analogy of build walls to keep threats out, Yaron says that taller walls are not solving our problems.
Researchers must not underscope
To create a more secure computing environment, we need more pervasive and true visibility. Yoran says that security researchers must understand the entire nature of the threat, rather than underscoping incidents as risks.
Attackers are getting more sophisticated, using multiple techniques to create persistent attacks. Attackers can also spread their attacks across multiple groups to thwart researchers. The single mistake made by security teams, according to Yoran, is rushing to fix a compromised system without understanding the broader threat campaign.
Identity and authentication
And while authentication helps to reduce threats, identity is also an important component. 95% of the time, attackers use stolen credentials and walk through the door. Yoran warns to not trust the trusted as those are the most targeted. To combat, researchers must monitor and identify risks early.
When systems are compromised, Yoran advises that companies should avoid using email to share strategies on combating threats. When attackers already have access to the system, they can also gain access to the emails to learn how security professionals intend on responding to thwart any efforts to stop the attack.
Read our review of Windows 10