RSA: IT Security Needs ‘Air Traffic Control’

Companies who view their IT security in layers, can protect their company with a multi-vendor structure akin to “air traffic control”, senior executives of security company RSA told a security conference in London today.

Despite the potential risks of cloud and virtualisation, and the fragmentation of multiple security technologies, organisations can harness the new ideas to become more secure, said RSA president Art Coviello and RSA chief operating officer Tom Heiser in a joint keynote at the RSA Europe conference in London.

Security provision should be organised in three layers, the pair said: the “controls enforcement” layer where point products such as firewalls are integrated into devices and operating systems to address security issues, the “controls management” layer which integrates them, and finally the “security management” layer, or “visibility layer” which gives the big picture to senior management.

Diversity a problem, integration the key?

“There will always be point products at the controls enforcement layer,” said Coviello in a press panel after the keynote, adding that this diversity could become a problem.

At the next level up, control management, these products are addressed and controlled using consoles, but again there is diversity: “It is better if you can give your customers one single console,” said Coviello.

At the top level, the security management layer. “That is where you make a platform choice,” he said, adding that although this seems to limit the user, good platforms at this level should accept data from other vendors’ solutions further down the stack. “If RSA’s enVision didn’t accept feeds from all vendors it wouldn’t go far.”

“The security industry does not have a system that integrates people, process and individual security controls that can be managed with the same kind of correlated, contextual and comprehensive view used by the aviation industry to guarantee the safety of our airways,” said Coviello in the keynote. “We need a system that enables us to close the gaps of protection and apply controls in a more holistic, systemic manner, centralising management not just for some vendor controls, but for all.”

The RSA executives described examples of how Intel’s Trusted Execution Technology (TXT) and RSA’s Archer governance and risk platform (launched in August) can ensure that malware does not slip in between virtualised applications and hardware, and make sure that policies are applied despite the virtualisation of the data and applications.

The competition heats up

This week RSA rival McAfee (in the process of being acquired by Intel) also made a move near the top of the security stack with McAfee Security Management 5 – a unified monitoring, management, and reporting system for large organisations. 
McAfee Security Management 5 overview:

It includes software development kits to centralise security management in existing business processes, and the ability to share information between tools across security layers, so different endpoints and technologies can work together, and high level reporting across the different tools involved.