There are so many conference sessions, side-meetings, receptions, demonstrations, bake-offs, dinners (and lunches and breakfasts), separate conference running concurrently and more that it is hopeless to think that attendees can participate in even a small fraction of the available activities. The vendors know that most security leaders with influence are somewhere in San Francisco during the week, and they all want to have “face-to-face” time over a meal or coffee.
When I told one vendor friend that I was just too busy for another introduction with a new company, he tried the guilt-trip approach, “Dan. Everyone knows that you have at least three dinners at RSA.” (I politely told him that I’m an early to bed, early to rise, Midwestern guy who eats one dinner – especially after a few receptions with food and drink.)
Last year, I didn’t attend the RSA Conference, but heard about questions from many people around the globe. This blog covers that experience from last year and the emails received before, during and after the events. The sentiment was: Are you ok?
So this year, it is only fair to provide some feedback regarding what I heard and saw in San Francisco.
But before sharing a few of takeaways, I'd like to mention the the session entitled, “Cybersecurity and the States.” The session was summarized in this Forbes blog by Elise Ackerman. While we had over a hundred people attend our panel session, many more went across the hall to hear about the latest hacker tricks, tips and techniques.
Three Top Takeaways
One theme that kept coming up was dealing with “big data.” There were many twists on this, such as this one from Darlene Storm’s Computerworld blog. She wrote:
“The big topic was big data, including how it can bring big security problems…
Regarding big data vulnerabilities, Coviello warned, ‘Our attack surface and risk will be magnified in the coming years as a result. We have all have the ability to access large data stores because of cloud, but we're not the only ones that can access these data stores. Our adversaries will, as well.’"
One session that I attended was facilitated by Richard Stiennon called: I Was Blind, but Now I See: CISOs Discuss Visibility with Big Data Security. This was an excellent session in which four CISOs discussed how they are dealing with the huge amount of data that is being collected from all over their networks. The theme was that preventive-based technologies often bring a false sense of security. All of the CISOs addressed the need to go through Gigabytes of data – sifting through events and triggers to find real incidents and required actions.
The panel expressed positive reviews for the vendor Splunk’s products and ability to do event correlation. (Side note: Splunk offered my favorite T-shirt with the words “You can’t always blame Canada.”)
There was also a suggestion that in the future we will be incorporating even more data from the business side and physical security side of things. This will allow better detection of fraud and a more intelligent response to security events.
The second theme was a push towards a network of sensors that work together to report back to a central “brain” – almost like the human body central nervous system. To some extent, this is just an extension of the traditional “defense in depth” concept and correlating netflow data and logs from a variety of network devices. However, there is an even bigger push towards more network and system intelligence coming together to stop attacks.
So what vendors themes were at RSA? Every part of the business and technology organizations in enterprises play roles in protecting data and information. While this has always been true, there is a bigger push in this area, along with more integrated tools, this year. In fact, the stated theme of this year’s conference was “security is knowledge.” The Gutenberg printing press was offered as a model.
For a specific example, McAfee CTO Michael Fey encouraged getting more parts of the business and system administrators involved in helping enforce security policy. He said,
“Additionally, Fey said that firms should make sure that responsibilities and duties are spread out, rather than relying on one group or department to handle all security operations.
In doing so, Fey said that companies will not only be better equipped to respond to threats and utilise current security platforms, but also make use of emerging platforms which could offer far greater intelligence and response capabilities….”
A third lesson learned at RSA this year was perhaps the most obvious. Cybersecurity is really hot right now, with more companies, products and attention than ever before.
Perhaps the recent headlines regarding China, President Obama’s executive order on cybersecurity and Presidential Policy Directive (PPD-21) and other hacking news stories make this obvious. But nothing makes the point stronger than walking around the RSA show floor or the hotels surrounding the event.
For deeper dive on this topic, see this extensive set of interesting interviews with industry thought leaders at the IT-Harvest website. Richard Stiennon called this: “The most vibrant and productive RSA conference of the decade has come to a close. The astounding attendance numbers were probably fueled by Mandiant’s ground breaking report on cyber espionage activity and even, perhaps, by President Obama’s reference to cyber security in his State of the Union Address.
This long list of vendor interviews shows why. All I can say is: Wow!
So yes, if you’ve never been to the RSA Conference, start making plans to attend next year or at some point in your professional security career. There is nothing quite like it regarding security in cyberspace.
Were you there? Any thoughts to share?