CISO Perspective on RSA 2017 - Top 10 Takeaways

March 3, 2017 | John McLeod
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Booths at RSA 2017 Conference
RSA conference 2017 is over and a ton of roundups are being written, so here's mine. As expected, the hottest security topics and vendors were related to IoT and the cloud. Additionally, Threat intelligence and SOCs were the subject of conservation with many vendors on the floor. Below are my top 10 key takeaways:

1. CSA Summit: The Summit was the day before RSA and the key theme throughout the day were levels of trust: identities, devices and roles. But the biggest takeaway was the release of the publication from the Software Defined Perimeter (SDP) Working Group, exploring how the SDP can be applied to Infrastructure-as-a-Service environments. Download your copy here.
 
2. Google’s BeyondCorp: Google has reinvented its security perimeter around devices through its groundbreaking “BeyondCorp” initiative. They introduced three core principles:

  • Connecting from a particular network must not determine which services you can access.
  • Access to services is granted based on what we know about you and your device.
  •  All access to services must be authenticated, authorized and encrypted.

View their presentation here.

3. Mirai Botnet: Chris Young of Intel Security, in an opening keynote, showed us how McAfee researchers bought an “off-the-shelf” DVR known to be targeted by Mirai Bonet. Within 60 seconds of connecting it to the Internet, the device was compromised. His keynote can be seen here.

4. Cryptographer’s Panel: Adi Shamir, the “S” in RSA, stated "I'm skeptical that Artificial Intelligence (AI) will have much of an impact on security… If you talk about 15 years from now, when AI systems are going to be super intelligent, I can foresee when you give all of the information about cybersecurity to the AI and it will think about it and then say, in a very calm voice, In order to save the internet, I'll have to kill it.” To view the panel talk go here.

5. SANS: Four SANS experts took the main stage to talk about the seven most dangerous cyberattacks. Some notable items were: Software developers are not properly validating remote network services they are utilizing and the Internet Storm Center is seeing continuous scanning for vulnerable "nosql" databases. Lastly, there are folks still not changing default passwords. Go here to view the talk.

6. GDPR: General Data Protection Regulation (GDPR) was discussed in a few talks. At a very high level, it states organizations must know what data they have and understand the risk that it poses. Johannes Ulrich, SANS Institute, advised that tokenization for data protection is the best answer. May 2018 is the deadline for companies to adhere to the regulation before they potentially face fines for noncompliance. View one of the talks here.

7. Hacking Exposed: The Hacking Exposed presentations by the CrowdStrike folks never disappoint, and this year they featured “Real-World Tradecraft of Bears, Pandas and Kittens.” My favorite hack they demonstrated was the malicious LNK file. This was embedded PowerShell and Payload inside of a Windows shortcut file (LNK). The full presentation is posted here.

8. Containers: If you are into Containers, Tsvi Korren of Aqua showed us how he jumped out of a Container. If you are wondering what is a container, it’s a form of application deployment that makes a process tree "think" that it has a complete operating system for itself. View his slide deck here.

9. Microsoft: Brad Smith of Microsoft noted that 74% of businesses expect to be breached this year and that 90% of intrusions begin with a phishing email. He stated, “every company has at least one person who will click on anything.” His keynote can be viewed here

10. DevOps: Josh Corman of Cyber Statecraft Initiative pointed out the need for governance in DevOps. To get his message out he used a great analogy: In the span of two months, two massive earthquakes struck Haiti and Chile. The Haiti earthquake resulted in the loss of 230,000 lives but the more powerful one hit Chile and resulted in the deaths Why is that? Chile planned for disaster by having a robust set of building codes. Haiti has no apparent building code. His slides are here.

John McLeod

About the Author: John McLeod, AlienVault
John is the CISO at AlienVault, responsible for cyber security in the enterprise and our products. John is a former Air Force Special Agent with over 20 years of experience in information security including but not limited to criminal, counter-intelligence, fraud and computer crime investigations. Prior to joining Alienvault, he served as the Director of Information security for National Oilwell Varco. His experience includes management roles for Halliburton, Mandiant, Guidance Software, and Mantech International. The US Intelligence community recognized him for his work in steganography. As a consultant, he responded to some of the highly publicized cyber-attacks, including: Moonlight Maze, Titian Rain, Night Dragon, TJX and Operation Aurora. He holds a B.S. in Information Systems Management from the University of Maryland University College, and M.S. in Network Security from Capitol College in Maryland. Additionally, he is a Certified Information Systems Security Professional (CISSP).
Read more posts from John McLeod ›

TAGS: rsa, ciso

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL CHAT