Speaking of Security – The RSA Blog and Podcast

Every year we seem to have a new buzz term in security. As someone who lives in the security product marketing world I’ve seen trends come and go. Terminology that was once mandatory in every piece of collateral suddenly becomes stale and cringe-worthy (APT is becoming one of these). We’ve had a bunch of buzzwords and phrases; some were pretty good and some were really terrible. I should know I helped propagate some of these buzzwords.

IDC has just released an important new study by John Gantz and David Reinsel on The Digital Universe in 2020 that includes an important discussion of the security and privacy implications for the explosion of data in the digital universe. As the report calls out, “The rise in mobility and participation in social networks, the [...]

There’s been quite a lot of discussion recently about applying big data to improving security.  My colleagues Rashmi Knowles and Barrett Mononen have written a couple of blogs about it.  Our RSA/Netwitness CSO Eddie Schwartz spoke about it at RSA Conference China and the Splunk IPO in April certainly created lots of buzz around big [...]

As more information about the attack on Saudi Aramco has emerged, such as in the article in Dark Reading last week, it increasingly appears to be an aggressive and significant attack, with one attacker claiming to have compromised 30,000 of the company’s clients and servers. As described in the Saudi Aramco press release, however, the [...]

A couple of weeks ago, I spoke at the annual Computerlinks Forum in Münich, sharing the agenda with a number of other major security vendors. We decided that a good topic would be “The Next Generation Security Operations Center”, a discussion about the fundamental shift in security strategy that is driven by the changes in our adversaries and their tactics, as well by the changes in the enterprise that enable different attack models.

I was in a meeting with a major telecommunications company recently in which they presented their security strategy for the mobile environment. The speaker outlined the threat landscape that they saw themselves confronted with. Then, for each threat, he showed the technology they were using to address that threat.  For lost devices, for example, there [...]

Some colleagues and I were discussing DDoS attacks earlier this week: who is waging DDoS attacks, what techniques they’re using and how to deal with attacks when they occur. While discussing the value of advance warning of such attacks, one person said offhandedly, “the problem with advance warning is that the threat may be just the threat of the attack, not the attack itself.” It was an interesting and valuable insight, one that deserves some exploration.

One of the great things about traveling is the interesting folks you meet. That’s true not only in meetings and conferences and such, but also on the plane. I’ve had fascinating conversations many times with the people sitting next to me — sometimes about computer security, as when the director of consulting at Verisign and I spent hours talking during a long transatlantic flight. But often the conversations are on wide-ranging topics far removed from security.

I had the opportunity recently to speak about “Advanced Security” at the Evanta CISO Executive Summit event in Houston.  Just before going onstage for my presentation, I had a great conversation with David Frazier (Director of IT for Halliburton) about the approaches he’s taken not only in security strategy, but in discussing security with the [...]

At the European Identity and Cloud (EIC) Conference 2012 last week, I finally got what Craig Burton has been saying for some time now: “Baking your core competency into an open API is an economic imperative.” What brought it home for me was the presentation by 3Scale’s Steven Willmott, focusing on what he called “turning [...]