RSA Highlights Continued Struggle in Security

The highlight of this year’s RSA Conference this week was a pledge from more than 34 companies to not engage in any activity that aids a government in launching an offensive cyberattack. Vendors pledging to abide by the CyberSecurity Tech Accord include ABB, Arm, Dell, CA Technologies, Cisco, Facebook, HP, HPE, Juniper Networks, Microsoft, Nokia, Oracle, SAP, Symantec, and Trend Micro.

Of course, these vendors represent only a fraction of the IT vendor community, so it’s not clear how much value this accord will have without support from players such as IBM, AT&T, Verizon, and a host of others.

At the same time, security vendors themselves pointed out that the industry is failing in its mission to protect networks and data from hacking. Cisco senior vice president and chief security and trust officer John Stewart went as far as to say that "we are completely screwed."

The challenge the signers of the accord and other security firms will face is that nation states that engage in cyberattacks are deft at disguising their tracks. And any intrusion into a system residing on foreign soil is technically an act of war. The signers of the accord are not so much aiming to identify and prevent the source of attacks but committing to helping the country or organization bearing the brunt of those attacks to better defend themselves.

In fact, the need for better cybersecurity defense systems was not surprisingly the dominant theme of the show. Much of that focus was squarely on how to apply machine learning algorithms to improve the cybersecurity posture of the organization.

Cisco, for example, announced it is infusing machine learning algorithms into the Cisco Advanced Malware Protection (AMP) for Endpoints. By identifying patterns in email traffic, Cisco says AMP for Endpoints will be able to block most of the spear phishing attacks that have become the bane of IT security. Any email that appears to have an anomaly such as a link to a suspicious website will be immediately quarantined, says Jason Lamar, senior director of product management for security for Cisco.

“We want to make sure that fake email doesn’t ever reach the intended user,” says Lamar.

IBM, meanwhile, used the RSA show as a venue to launch announce IBM Resilient Incident Response Platform (IRP) with Intelligent Orchestration. This latest version of the platform makes extensive use of machine learning algorithm and automation to consume data generated by IBM X-Force Threat Management services. That data is consumed using three different AI engines, which compare incidents against 600,000 historical use cases and automate suggested responses that normally require a considerable amount of time for humans to execute.

The goal is not to replace humans in the cybersecurity equation but leverage the actual capabilities of machine learning technologies to augment them, says Marc van Zadelhoff, general manager for IBM Security.

“You could do this before on your own,” says van Zadelhoff. “But it would have required a lot of complicated Python programming."

Also taking advantage of machine learning algorithms to enable service providers to improve their defenses is A10 Networks. The A10 One-DDoS Protection appliance both identifies distributed denial of service (DDoS) attacks earlier, but also triggers additional responses such as routing suspicious data requests to a scrubbing facility once an attack is identified, says Don Shin, senior product marketing manager for A10 Networks.

“Service providers need to be able to implement counter measures by applying reputation against the data flowing on the network,” says Shin.

Obviously, there’s no shortage of claims being made about machine learning capabilities as it applies to cybersecurity. Eventually, most of those claims will eventually bare out. But no matter how much artificial intelligence gets thrown at the problem, it’s apparent the cybersecurity problem isn’t going away anytime soon.