|Click here for more articles.|
At this year's Conference, the top questions asked were much like last year's. Many people came to the Sophos booth asking about mobile security solutions for smartphones and tablets in respect to bring-your-own-device (BYOD) initiatives. I found that to be very interesting since this year the RSA Conference added a new track called the "human element."
When thinking about BYOD solutions, the primary challenge most organizations have is around protecting data and stopping threats without reliance on the human element. In many BYOD situations, that is not the case -- the human element is in play and unavoidable.
For the benefit of Dark Reading readers who were unable to attend the conference, I decided to find five companies that had their booths in the periphery of the Exhibitor Hall. I selected random companies from each side of the hall that were newcomers or coming back from hiatus.
The concept is simple: to ind out what new solution each was showcasing, what problem(s) the offering solves, what makes its product unique, and how it coincides with this year's topic -- the human element.
I was able to speak with:
iDriveSync was represented by Shane Bingham, Business Development Associate, who stated that this was its first year in the Exhibitor Hall. The private key encryption for iDriveSync enables users to select a private key that is known only to them; even iDriveSync employees won't have access to the key was what they were showcasing.
This solves the problem of security where accounts with only usernames and passwords are at risk to the employees of the solution provider storing the data. Shane Bingham stated, "Private key encryption prevents anyone from doing that but you." According to Shane, iDriveSync is the only cloud provider that offers the use of private key encryption that makes it unique.
iDriveSync coincides with the topic of the human element in two ways: 1) It takes out the human element of the unwanted humans from accessing your data, and 2) it makes it easier to give you the control that you have access to your data. You won't have to worry about someone else out there digging through your digital data.
Mason Hering, a Marketing Manager from ManageEngine, shared that this is the company's first year back after three years off, but was an exhibitor at RSA Conference a total of four times. It was showcasing a Password Manager Pro enhancement that offers password management for mobile devices.
The problem solved is when an admin is at a server in a data center. Rather than writing a password on a piece of paper or your hand, you can put the password securely in your smart device. Simply, ease of use and convenience when it comes to saving and retrieving stored passwords. As Mason Hering put it, "[Being] able to delegate access to certain individuals, [Password Manager Pro] can go out and put a password into the system for them and record the session." Those features are what differentiate Password Manager Pro from its competition.
Password Manager Pro coincides with the RSA topic by taking the human element out of the equation and the risk associated with allowing users to handle unprotected passwords.
I spoke with Matt Anthony, Vice President of Marketing from Pindrop Security. He mentioned it is a first-time exhibitor this year on the trade show floor; last year it was in the innovation sandbox. During the conference, SC Magazine named Pindrop Security the "Best Rookie Security Company" for 2013.
The company was showcasing a set of solutions to help fight phone fraud: Fraud Detection System and Phone Reputation Service. For example, social engineering attacks on the contact centers in the large enterprises to do fraud. Matt Anthony stated, "When considering the large financial institutions, about 1 in 3,000 calls is a fraud call. It may not sound like a lot but amounts to about $4 billion in losses a year. Contact centers spend about $20 billion to authenticate people as they call into the call center." Pindrop security provides a solution that detects fraud and matches whitelists and blacklists while doing authentication to catch the bad guys.
The solution is unique because "...there hasn't been a solution in the phone channel that addresses the phone piece. The first solution to use multiple detection techniques to identify known attackers and anomaly detection to determine where the call is coming from and the type of device the caller is using," according to Anthony. From that information they can determine if the criminals are spoofing.
The human element topic is addressed because there are always people on the other end of the line. The good guys are battling toe-to-toe (or ear-to-ear) with the bad guys all day long.
Anthony Hughes, Director of Government Sales and Marketing from Pwnie Express, said that this was its second year in the Exhibitor Hall. It was showcasing the Pwn Pad, which is an Android-based tablet, similar to the Pwn Phone. The Pwn Pad works on wired and wireless environments. It's able to inject packets, strip WEP, and act as an "evil" access point.
Pwn Pad solves the problem of the human element of social engineering, insider threats, and security awareness. It has a stealthy form factor, and wireless capabilities accessing covert channels for exfiltration. According to Anthony Hughes, "[The Pwn Pad] squarely addresses the human element issues on an Android tablet, which has never been done before."
Pwn Pad is unique because of the form factor and the suite of features offered.
I was fortunate to speak directly with the CEO of Skyhigh Networks, Rajiv Gupta. He said that this is the company's first time in the RSA Exhibitor Hall. It was showcasing the company and its new product, which both launched on Monday when the RSA Conference began.
Skyhigh's product solves the problem of exposure and risk with cloud-based providers so that they can benefit from cloud services. Skyhigh is the only company that helps with the discovery and risk assessment of more than 2,000 cloud services in order to control access to cloud services offered as a cloud service.
The human element is addressed because employees are looking to be productive without intent to create risk. Since many IT organizations do not have the visibility or ability to control cloud services, a cloud exposure comes to fruition. The cloud exposure risk forces decision makers to become production inhibitors. Discovering and controlling the cloud exposure helps eliminate risk so that employees can leverage advanced cloud technologies to be more productive.
Skyhigh received recognition this week as one of the top 10 "Most Innovative" companies while at the RSA Conference in San Francisco.
No security, no privacy. Know security, know privacy.
David Schwartzberg is a Senior Security Engineer at Sophos, where he specializes in latest trends in malware, web threats, endpoint and data protection, mobile security, cloud and network security. He is a regular speaker at security conferences and serves as a guest blogger for the award winning Naked Security blog. David talks regularly with technology executives and professionals to help protect their organizations against the latest security threats. Follow him on Twitter @DSchwartzberg