• Press Release

    September 13, 2011

    Cyber Security Leaders Rally to Combat Advanced Persistent Threats

    Findings Released from Summit of Public and Private Sector Leaders Address Cyber Crisis Threatening Security of Nations and Economies Worldwide

    BEDFORD, MA - September 13, 2011 -

    News Summary:

    • RSA and TechAmerica release findings from top cyber security leadership in government, defense industrial base, financial services, critical infrastructure and technology from Washington, D.C. Summit on Advanced Persistent Threats (APTs).
    • Recommendations urge chief executives in every industry sector not to delay devoting attention and funding to combat advanced threats and to "plan and act as though you've already been breached."
    • Lawmakers urged to remove legal barriers that impede information sharing among global security ecosystem.
    • Real-time intelligence sharing, early detection, end-user security training and testing and incident response named key elements to better defend against advanced threats and recover from inevitable cyber attacks.
    • RSA commits to bring further education and dialogue with cyber security, business and government leaders worldwide through series of regional Advanced Threat Summits beginning Oct. 10, 2011

    RSA, The Security Division of EMC (NYSE: EMC) and TechAmerica today released key findings derived from a forum of more than 100 of the world's top cyber security leaders from government and business who met in Washington, DC to address the impact of Advanced Persistent Threats (APTs) as well as strategies for defense and mitigation. Participants at the APT Summit shared threat intelligence, defensive strategies and best practices for protecting against the most menacing security threats targeting highly sensitive information and intellectual property of governments and businesses.

    "The frequency and volume of attacks has reached pandemic levels - this is not a passing fad or anomaly," said Eddie Schwartz, Chief Security Officer of RSA, The Security Division of EMC. "The new fact of life is a 'state' of persistent, dynamic, intelligent threat and disruption, the economic and societal ramifications of which are overwhelming. This doesn't mean that we as a collective of security professionals are powerless against our adversaries - we can and should be able to manage our risk to an acceptable level and change the ongoing and grim trends. Only through collaboration can we unite our strategies to combat these advanced threats as we move forward together in our pursuit of a trusted digital world."

    Distinguished attendees and speakers at the APT Summit included CISOs, CIOs, technology Fellows and senior officials from leading think tanks, industry associations, government, defense and law enforcement. Attendees also represented numerous commercial industries including: aerospace and defense, critical infrastructure, legal, finance, energy, technology and manufacturing.

    "We hear that our nation's defense secrets, financial security, and critical infrastructure face significant risk by attackers far away and hidden in obscurity behind the complex web of the internet. The cyber security leaders gathered at the RSA-TechAmerica APT Summit understand the gravity of these threats and have expressed their commitment to working together to strengthen our defenses against those who are hard at work trying to exploit any weakness they can find," said Bill Boni, Vice President and Corporate Information Security Officer of T-Mobile USA who attended the APT Summit. "The findings from this event and the promise to do more of these around the world should help open dialogue and inspire innovation amongst cyber security leaders and professionals across many sectors who refuse to be conquered by these threats."

    Summit attendees participated in multiple interactive sessions, which yielded numerous ideas and perspectives that were collected and synthesized into a 3-page key findings summary brief available today. Some highlights of that document include:

    • Organizations must learn to live in a state of compromise and should plan and act as though they have already been breached, focusing on closing the exposure window and limiting damage.
    • Situational awareness is essential to detecting threats early and can help improve security and attack response. Organizations can benefit from advanced monitoring techniques and technologies, learning from attacks against other companies and industries and sharing timely threat intelligence.
    • Attack vector has shifted from technology to people. Anyone can be phished given the right context and the attackers have growing access about would-be targets through social networking sites. While user training alone cannot entirely neutralize the threat, training and testing coupled with user restrictions and visibility can give organizations a fighting chance.
    • Attack customization defies traditional signature-based approaches to work against a target's specific weaknesses. Attackers are increasingly agile and can take advantage of vulnerabilities more quickly than signature-based approaches can remediate.
    • Attackers are better at real-time intelligence sharing than targets and fixing this should be a top priority. Attackers operate unimpeded by legal restrictions and other rules that govern corporations and government organizations. While not a panacea, information sharing of real-time threat intelligence and attack information is of paramount interest to give situational awareness used in helping defend critical infrastructures and mitigate the effects of wide-scale cyber attacks on economic prosperity.
    • Simplicity is the path to better security, and can be an effective countermeasure to the many unmanageable and complicated IT infrastructures in operation today. Given that security is a weakest link problem, only through understanding assets, processes and endpoints is there a chance at real defense.

    An in-depth whitepaper on these findings will be published in October.

    Regional summits announced

    RSA also announced a series of regional Advanced Threat Summits this fall to assemble senior security leaders and visionaries around the world. The Summits are designed to surface the best strategies, innovation and public policies that can help bring a collective benefit to the cyber security ecosystem. The first regional Advanced Threat Summit presented by RSA will take place Oct. 10 in London just prior to the 2011 RSA Conference Europe.

    "Through this series of regional summits, we are taking this conversation to the front lines of American business and to organizations worldwide that are dealing with or trying to protect themselves against these threats. We intend to bring together leading cyber security experts and senior-level practitioners who are passionate about these issues - not just to re-imagine models for defense, information exchange and industry alliance, but to make true progress towards their implementation," said Phil Bond, TechAmerica President and CEO. "As a group we must not only raise awareness, we must also lead."

    The Advanced Persistent Threats Summit summary findings can be found at: www.rsa.com/summitresults. A schedule of upcoming regional Advanced Threat Summits will be available soon.

    About Dell

    Dell EMC, a part of Dell Technologies, enables organizations to modernize, automate and transform their data center using industry-leading converged infrastructure, servers, storage and data protection technologies. This provides a trusted foundation for businesses to transform IT, through the creation of a hybrid cloud, and transform their business through the creation of cloud-native applications and big data solutions. Dell EMC services customers across 180 countries – including 98 percent of the Fortune 500 – with the industry’s most comprehensive and innovative portfolio from edge to core to cloud.

    Copyright © 2017 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.