RSA 2013: Death To SIEMs, Hello To ‘Antifragile Security’

It seems SIEMs are on the way out, as Art Coviello hails the dawn of more adaptive, Big Data-led security

Security information and events management (SIEM) products have peaked and should be replaced by Big Data-powered, highly-adaptive systems, executive chairman of RSA Art Coviello said today.

Speaking during his keynote at the RSA 2013 conference in San Francisco, Coviello talked up the use of “antifragile” security, based on a concept introduced in Nassim Nicholas Taleb’s book, ‘Antifragile: How To Live In A World We Don’t Understand’.

“Antifragile doesn’t mean resilient or durable,” Coviello explained. “Antifragile means adaptive capacity to become stronger or smarter in response to attacks.

RSA Conf 2RSA ditching SIEM?

“I’m not talking about perfect security. I’m talking about a model that evolves and works with change.

“This should make intelligence future proof.”

He said many companies had focused on attempting to create durable networks that only try to block threats, not learn from them.

But an antifragile posture would suit them better, Coviello claimed, with the right machine learning underpinning defences, backed by Big Data and analysis of threats, as well as more effective intelligence sharing across industries. Unsurprisingly, RSA is providing technology and services to support all this.

But the most controversial bit of Coviello’s keynote was around security information and event management (SIEM) products. “We’ve reached the limits of that technology,” he suggested.

SIEM vendors may not agree, although the biggest, like Q1 Labs and ArcSight, have been swallowed up by bigger vendors, such as IBM, HP and Intel’s McAfee, who are planning to do bigger things with them. That’s precisely what RSA itself has done, since it bought NetWitness and tied it to the RSA SIEM product enVision. Just earlier this week, HP announced it was merging its ArcSight SIEM with its Autonomy gear, in a bid to bring “meaningful context to a security event”.

SIEMs could well be a thing of the past soon, replaced by more context, Big Data and intelligence-driven systems.

What does this all mean for RSA’s enVision product? TechWeekEurope understands it will continue to be supported, but there won’t be any future editions.

Are you a security expert? Try our quiz!