An Adversarial View of Security

Akamai's Joshua Corman on Why Approach Must Change
An Adversarial View of Security
The information security industry needs to hit rock bottom, says Akamai's Joshua Corman. And then - to truly improve information risk management - it needs to develop a new, adversarial view of the world.

"No one changes until they're sick and tired of being sick and tired," says Corman, director of security intelligence at security vendor Akamai. And in his view, it's time for the security industry to face a grim reality: Threats and adversaries have evolved, but security policies and practices haven't changed much since 2003.

"There just isn't that saturation point where we realize that we're doing the same thing over and over and expecting different results," he says. "Just about every aspect of external impact on our risk profiles has changed, but our risk approaches really haven't."

What's needed? In Corman's view, a new security mindset that focuses squarely on adversaries, including cybercriminals, nation-states and hacktivists.

"I'd like to be much more sniper-like in who's attacking us, with which motivational structure, going after which assets within that structure, and what are their tactics, techniques and procedures," Corman says. "[This approach] essentially allows you to be very focused on the right counter-measures - on the right assets against the right players."

In an interview with Information Security Media Group at the Gartner Security & Risk Management Summit 2013, Corman discusses:

  • Why "good enough" security really isn't;
  • How to develop an adversarial view of security;
  • What it will take for the security industry to hit rock-bottom and bounce back.

Corman is the director of security intelligence at Akamai Technologies, a cloud platform vendor. He formerly served as research director for enterprise security at The 451 Group. Corman also serves as a fellow with the Ponemon Institute and on the faculty for IANS. He was co-founder of Rugged Software.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.