Modernizing Authentication — What It Takes to Transform Secure Access
SAN FRANCISCO: Art Coviello, executive chairman of RSA Security, is realistic about Big Data.
In a press preview of his RSA Conference 2013 keynote, Coviello detailed where he sees the threats and the opportunities that Big Data presents. He also announced RSA Security's launch of a new version of its Authentication Manager technology, which is designed to help enterprises capitalize on Big Data intelligence.
Thanks to cloud and virtualization, the attack surface has expanded and so has the security risk, Coviello said. Big Data is not just about collecting lots of data, it's about extracting value from that data, Coviello stressed.
The value that can be extracted from Big Data isn't limited to the good guys either. "We have all have the ability to access large data stores because of cloud, but we're not the only ones that can access these data stores," he warned. "Our adversaries will as well."
Because of this, Coviello added, "Our attack surface and risk will be magnified in the coming years as a result."
Nation-state attacks are not a new security problem, Coviello said.
"We haven't just discovered that nation-states are attacking us; it has been going on for years," Coviello said. "What's more disturbing to me is that we're moving beyond intrusion attacks to disruptive attacks."
Going a step further, Coviello warned that it appears that attacks are coming from a nation-state that sponsors terror. The disruption could potentially affect critical infrastructure.
Coviello also sounded the alarm bell on IPv6 as a potential enabler for a destructive attack.
"With IPv6, when everything is connected attackers won't need manual intervention to launch a destructive attack, because you'll have so many devices that are digital enabled," he said.
Coviello's aim is not to overhype the problem.
"The world is not coming to an end," he said. "I just want people to recognize that this is the trend line, the trajectory we're on."
Beating the Breach
RSA Security itself was breached in 2011. In Coviello's 2012 RSA Conference keynote, he stressed that IT risk can be managed, but breaches will still occur. It's a theme he is re-iterating in 2013.
"There is no shame in being breached," Coviello said. "The shame is in not being able to detect and react to breaches."
RSA Authentication Manager 8.0
In addition to talking about the opportunities of Big Data, Coviello's company is also moving to take further advantage of it. The RSA Authentication Manager 8.0 platform is being officially released today, providing Big Data intelligence to user authentication.
Manoj Nair, general manager at RSA, said that user authentication is now a Big Data problem.
"Identity can no longer be determined by a single factor or even multiple factors," Nair said. "Identity needs to be made from a rich profile with nearly every dimension you can learn about a user, their history and behaviors, and contrast that with behavior of their peer group."
RSA Authentication Manager is the intelligence that enables the pervasive SecureID tokens for which RSA is famous. The Authentication Manager also provides the management console for administrators. In version 8, the console is being expanded to provide a degree of self-service, so users can manage their own authentication profiles.
Authentication Manager 8 pulls in Big Data from RSA's intelligence that is used by financial institutions today.
"There are 40 million active users of secureID and with Authentication Manager 8, we can tailor it for an enterprise," Nair said. "We're combining all of the passive data input to determine the identity of the user."