Subscribe to the RSA blogs and podcasts for the latest posts and security updates!
Over the weekend, three stories crossed my desk that got me thinking about the challenge that Art Coviello issued to the security industry in his RSA Conference 2012 keynote: to forge a “collective resolve” to stand together against “a host of adversaries who threaten our very trust in the world’s digital economy”. The first of [...]
It’s a new, exciting era for Trojan builders. The mobile space in 2012 is a vast, unchartered territory that attracts the talent and creativity of black hatters and malware writers like moths to a flame. If you think about it, the entire mobile security space has huge ‘Here there be monsters’ sections where the cartographers don’t really know what to draw. With its unique architecture, security platforms and operating systems, it’s a challenging, yet highly rewarding exercise.
There was lots of buzz about big data at RSA Conference, especially in terms of the essential role that big data analytics increasingly plays in detecting data exfiltration and other security issues. Using big data for security is clearly a significant opportunity. But the security and privacy of big data is equally important and yet got much less attention. These concerns did come up in the Tuesday afternoon panel on big data, during which Rick Mogull of Securosis articulated the distinction between securing big data and using big data for security. But for me the most striking insight about the security and privacy issues for big data was in the discussion that Hugh Thompson and Dan Gardener had during the Friday afternoon “Hugh Thompson Show”.
From Monday’s Innovation Sandbox to Friday’s keynotes, innovation was a central theme of this year’s RSA Conference 2012 in San Francisco. As Hugh Thompson said in his final remarks, the Innovation Sandbox proved that innovation is alive and well in cybersecurity. Perhaps 2012 will indeed be, as Hugh suggested, “The Year of Innovation”.
At RSA, we have a legacy of authentication innovation from multifactor to risk-based, heuristic authentication. We challenged ourselves with “What’s Next?” As an industry we continue to conceive more usable yet stronger authentication but we have a bigger mandate to meet a need that has gone unmet for a long time.
Geolocation has been talked about a lot in IT circles in recent years. It’s one of those terms that means different things to different people, so it could be storing data in a particular place or it could be tracking some data or tracking an identity (person or machine). Scott Charney, Corporate Vice President, Trustworthy Computing at Microsoft discussed the concept of geolocation in his keynote. He used an interesting example of using GPS and tracking an individual and the types of data that can be obtained by doing that.
Today’s security standards are based on historical, legacy information technologies and don’t necessarily address Cloud Computing environments in an effective manner. Attempts to update them are an improvement, but will be able to create a single or limited number of standards that will be viable across all borders and jurisdictions. So, it’s no surprise that the Cloud Security Alliance Summit at RSA Conference had a panel discussion on this topic. The panelists were Marc Crandall from Google, Baber Amin from CA, Christ Wysopal form Veracode and Ashvin Kamaraju from Vormetric.
What an afternoon! We’ve learned about ninjas, trolls, unicorns, squirrels, and rockstars. One of these personas might just fit your perfectly! If you want to have a super-official assessment of your persona, come to the RSA Booth in the Expo hall and take our short quiz. Once complete, we’ve got a ton of goodies for you including a nice wallpaper for your phone and a T-Shirt!
After adding unicorns to our list of personae that includes trolls, rockstars, and squirrels, it’s time to discuss one final personae—the Ninja. While the unicorn has a solid foothold in infosec lore, the Ninja is the warrior that relies on his stealth, agility, and speed to neutralize his targets. Ninjas train relentlessly to make their skills reflexive and rely on diversionary tactics and misdirection to perform their tasks right under our noses.
So far, you have learned about trolls, rockstars, and squirrels. But what about the biblical version of the grasshopper? The Unicorns didn’t miss the Ark because they were playing, they were busy hunting unseen and unknown threats in the system. In fact, the stories of missing the Ark furthered their cause by allowing them to “erase” themselves from known existence. This might be their greatest asset as not only are they rare, but for the most part, the people don’t think they exist at all.
