RSA: Enterprise Security's Sucker Punch

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

SAN FRANCISCO - At IDC's annual analyst breakfast meeting at the RSA conference here, analysts discussed the mindset of IT executives toward security, which one analyst described as "My Eyes Glaze Over." (Knowing how IT types love their acronyms, he referred to it as MEGO.)

Chris Christiansen, program vice president for IDC's Security Products and Services group, said that in 2013 the conversations in security from vendors were largely about APT (advanced persistent threats) and next generation firewalls (NGFW).

Yet from an enterprise perspective, Christiansen said IT executives just want to know that security tools work. Execs typically have a "don't confuse me with the detail" mentality, he said. That is where the MEGO acronym comes in. "All they want to know is how the pain goes away."

Security's Sucker Punch

IDC has noticed that many companies lack proper planning to deal with a breach incident. To make his point, Christiansen used a quote often attributed to one-time boxing champion, Mike Tyson: "Everyone has a plan until they get punched in the mouth."

Christiansen said enterprises used to view security tools as strictly proactive defensive mechanisms. Yet it can often take 6 to 12 months to detect a security compromise, then several more months to remediate. "So they had a plan before they got punched in the mouth, but their plan went out the window after that," he said.

One technology that has been held up in recent years as being a key control point for IT security is security incident and event management (SIEM).

"Threat intelligence is like the myth of Sisyphus," Christiansen said. "You're endlessly collecting and analyzing info but you're never getting real intelligence out of it."

Iterative Intelligence

A better approach to enterprise security, according to IDC, is what the research firm refers to as "iterative intelligence." Iterative intelligence combines advanced malware defenses with an integrated threat detection and mitigation process on the ground and cloud-based threat intelligence, Christiansen explained. Without iterative intelligence, the dog is chasing its tail, he added.

Looking into 2014, Christiansen said IDC now uses the term STAP or specialized threat analysis and prevention as a better way to describe the vendors that defend against APTs. (See what we mean about acronyms?) He noted that everyone in the industry is now trying to compete with FireEye, which has emerged as the leading vendor in the space.

Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.