Speaking of Security – The RSA Blog and Podcast

At the European Identity and Cloud (EIC) Conference 2012 last week, I finally got what Craig Burton has been saying for some time now: “Baking your core competency into an open API is an economic imperative.” What brought it home for me was the presentation by 3Scale’s Steven Willmott, focusing on what he called “turning [...]

Last week my colleague Matthew Gardiner and I, along with Kim Cameron of Microsoft and Edwin van der Wal of Everett Consulting, presented a panel on “Security Intelligence and IAM” at the European Identity and Cloud Conference in Münich. Prompted by questions from our moderator, Dr. Horst Walther, we had a lively discussion about the [...]

Security people are often viewed as gatherers. We gather security event data, collect logs for review, build documentation based on information about our environment, and group informational assets in like-valued groups to focus our defenses. I think we’ve got the gathering part down. It’s similar to our propensity to react. We may not be great at reacting (or more likely, we’re great at reacting at only a few things), but we get plenty of exposure to it.

There was lots of buzz about big data at RSA Conference, especially in terms of the essential role that big data analytics increasingly plays in detecting data exfiltration and other security issues. Using big data for security is clearly a significant opportunity. But the security and privacy of big data is equally important and yet got much less attention. These concerns did come up in the Tuesday afternoon panel on big data, during which Rick Mogull of Securosis articulated the distinction between securing big data and using big data for security. But for me the most striking insight about the security and privacy issues for big data was in the discussion that Hugh Thompson and Dan Gardener had during the Friday afternoon “Hugh Thompson Show”.

From Monday’s Innovation Sandbox to Friday’s keynotes, innovation was a central theme of this year’s RSA Conference 2012 in San Francisco. As Hugh Thompson said in his final remarks, the Innovation Sandbox proved that innovation is alive and well in cybersecurity. Perhaps 2012 will indeed be, as Hugh suggested, “The Year of Innovation”.

RSA released the ninth installment of the Security for Business Innovation Council report last month, and through a series of blog posts on Speaking on Security, we’re going to analyze the various areas highlighted in the findings. Today I’m going to explore the concept of Intelligence-Driven Security. In our world, intelligence-driven means that information coming in from all of our available sources will influence our actions—some of which will become automated over time.

It’s 2012 and the reality of 2011′s shifting security landscape should have set in by now. As much as many of you may want to go back to the days of worrying about Anti-Virus definition files, basic patching, and a single border firewall as the makeup of your entire security posture, its time to take a serious look at how you will plan your defenses for 2012.

The uses and appearances of information technology has changed dramatically over the last ten years. And the ten years prior to that, and the ten prior to that. It’s amazing to think that the devices most of us carry around in our pockets are more powerful than some desktops twenty years ago, and more powerful [...]

Social engineering is now recognized as one of the top threats to enterprise security. I think we all have had side conversations with security leaders inside companies validating this concept for years, but not until recently have we seen it pass other threats in such a public forum. Those same security leaders have struggled with [...]

I was speaking with an industry insider a few weeks ago and he started asking questions about supply-chain security. We kicked off a rather awkward discussion whereby I dipped into my SCM educational background and he tried to convey his actual meaning which was much closer to informational supply chains, or better yet, the flow [...]