American computer and network security company RSA is one of those organisations which are not afraid of the BYOD (bring your own device) trend. In fact, RSA's parent company, EMC, has about 10,000 employees already on BYOD.
According to John Clifford, director of executive briefing programme (for Asia Pacific) at EMC's Singapore-based Executive Briefing Centre, the whole organisation will embrace BYOD as a policy by next year.
Where does this confidence come from for an organisation like EMC, which has about 50,000 employees worldwide?
The answer lies in their security system.
What is unique about it is that the system is not an end-point based security system. End-point security in neither effective nor sufficient against advanced threats, says Jeffrey Kok, technical consultant director, Asia Pacific and Japan, RSA. He quotes a stunning figure: Anti-virus could detect only one percent of attacks in 2011 (Verizon, 2011 DBIR). Bring in mobility into this landscape and you have a scary situation.
Research company Ovum concurs: enterprises do not have a clear and comparable choice of endpoint protection solutions that completely meet today's mobile working security requirements. The proliferation of devices, the rise of bring-your-own-device (BYOD), and the targeted and persistent nature of malware threats are not being addressed by the majority of vendor solutions available today, the analyst firm said in a recent report.
According to Kok, today's advanced threats (AT), he calls them AT 2.0, have evolved far beyond the signature-based protection (SSL or other standards based encryption). Now, attackers do manual social engineering and send custom malware without signatures. "Modern malware is designed to behave like legitimate traffic and communicate undetected," says Kok. For example, says Kok, unlike in the past, today, there is a black market for zero day vulnerabilities (A "zero day" attack occurs on or before the first or "zeroth" day of developer awareness, meaning the developer has not had any opportunity to distribute a security fix to users of the software, according to Wikipedia). All this makes end-point security look namby-pamby.
RSA, therefore, has developed a security system that can monitor IT assets all the time at all levels: it is like fitting CCTV-cameras within your IT infrastructure, says Kok. It is like monitoring and protecting your main assets using cameras in every room and on every desk, in the hallways and exits and providing you with a dashboard in the guard room. This system is capable of even inspecting data packets-just like X-ray machines inspect bags at airports and checkpoints.
RSA calls this system RSA Advanced Security System. According to the security solutions provider, the system provides visibility into threats by monitoring all network activities and integrating security information from across all the systems. At the same time, the system also identifies high-risk assets and provide context on the impact of threats to the business.
Sign up for Computerworld eNewsletters.