RSA Research Unit Hunts Cyber-Threats 'That Don't Have Names'
At the Black Hat 2012 conference scheduled for July 21-26 in Las Vegas, cybersecurity firms are sharing information on how to keep up with rapidly evolving threats. One researcher says it’s not enough to fight known threats but to also track down the developing threats as they just start to emerge.
“We focus on threats that don’t have names,” said Will Gragido, senior manager of the Advanced Threats Intelligence team, a newly-formed unit at the cybersecurity firm RSA. “We bring to light threats that are otherwise unknown.”
RSA does that, Gragido explains, by analyzing network traffic patterns for “salient and actionable data” that identifies the signature of a potential threat. The research also seeks to identify “threat actors,” specific people known to be cybercriminals, by tracking their tactics and methods. Up until now, he said, cybersecurity has been confined to several individual types of cybercrime activity such as malware, data loss, SQL injection, Trojans and the like when a more comprehensive security approach is called for to tackle all sorts of threats. He analogized their approach to viewing a mosaic; instead of focusing on just one tile, one needs to pull back to see the full picture.