Hottest Topics To Come Out Of RSA Conference

  /     /     /  
Publicated : 22/11/2024   Category : security


Hottest Topics To Come Out Of RSA Conference


Encryption, bug bounties, and threat intel dominated the mindshare of the cybersecurity hive mind at RSAC last week.



SAN FRANCISCO, CALIF. – RSA Conference 2016 -- With one of the biggest crowds ever to hit Moscone for RSA Conference USA, the gathering last week of 40,000 security professionals and vendors was like a convergence of water cooler chatterboxes from across the entire infosec world. Whether at scheduled talks, in bustling hallways or cocktail hours at the bars nearby, a number of definite themes wound their way through discussions all week. Heres what kept the conversations flowing.
Encryption Backdoors
The topic of government-urged encryption backdoors was already promising to be a big topic at the show, but the FBI-Apple bombshell ensured that this was THE topic of RSAC 2016. According to Bromium, a survey taken of attendees showed that 86% of respondents sided with Apple in this debate, so much of the chatter was 100 different ways of explaining the inadvisability of the FBIs mandate.
One of the most colorful quotes came from
Michael Chertoff
, former head of U.S. Department of Homeland Security: Once you’ve created code that’s potentially compromising, it’s like a bacteriological weapon. You’re always afraid of it getting out of the lab.”
Bug Bounties
In spite of the dark cast the backdoor issue set over the Federal governments relations with the cybersecurity industry, there was plenty of evidence of positive public-private cooperation. Exhibit A: the Hack the Pentagon bug bounty program announced by the DoD in conjunction with Defense Secretary Ash Carters appearance at the show. While bug bounty programs are hardly a new thing, the announcement of the program shows how completely these programs have become mainstream best practices.
There are lots of companies who do this,”
Carter said in a town hall session
with Ted Schlein, general partner at Kleiner Perkins Caufield & Byers. “It’s a way of kind of crowdsourcing the expertise and having access to good people and not bad people. You’d much rather find vulnerabilities in your networks that way than in the other way, with a compromise or shutdown.”
Threat Intel
There was no lack of vendors hyping new threat intelligence capabilities at this show, but as with many hot security product categories threat intel is suffering a bit as the victim of its own success. The marketing machine is in full gear now pimping out threat intel capabilities for any feature even remotely looking like it; one vendor lamented to me off the record, most threat intel these days is not even close to being real intelligence.
In short, threat intel demonstrated at the show that it was reaching the peak of the classic hype cycle pattern. RSAC attendees had some great evidence of that hanging around their necks. Just a month after the very public dismantling of Norse Corp., the shows badge holder necklaces still bore the self-proclaimed threat intelligence vendors logos. But as Robert Lee, CEO of Dragos Security, capably
explained over a month ago in the Norse fallout
, this kind of failure (and additional disillusionment from customers led astray by the marketing hype) is not necessarily a knock on the credibility of threat intel as a whole. It is just a matter of people playing fast and loose with the product category itself.
Simply put, they were interpreting data as intelligence, Lee said. There is a huge difference between data, information, and intelligence. So while they may have billed themselves as significant players in the threat intelligence community they were never really accepted by the community, or participating in it, by most leading analysts and companies. Therefore, they aren’t a bellwether of the threat intelligence industry.
Related Content:
Hack The Pentagon: DoD Launches First-Ever Federal Bug Bounty Program
Encryption, Privacy & Skills Shortage Hot Topics On RSA Keynote Stage
To Improve Workforce Diversity, Widen The Search, Feed Infosec Talent Pipeline
Find out more about
security threats
at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas.
Register today
and receive an early bird discount of $200.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Hottest Topics To Come Out Of RSA Conference