Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

2/17/2017
02:21 PM
Curtis Franklin Jr.
Curtis Franklin Jr.
Curt Franklin
50%
50%

RSAC 2017 in 4 Words

The big news and trends from RSAC 2017 can be summed up in four key words: visibility, IoT, partnership and automation.

The RSA Conference (RSAC) in San Francisco is one of the year's largest gatherings of security professionals, with a reported attendance of more than 45,000. From three-letter government agencies to startup security vendors taking the first step toward their big cash-out, the exhibit floor is filled with technology and services while enterprise security professionals, CISOs and security researchers of varying levels of respectability roam the aisles and fill conference seats. It's a good place to be if you want to get a feel for the big concerns and issues in the computer security space.

Every year, attendees and journalists are asked about their impression of the show. It's a shorthand way for people who aren't in the security field to ask what they should be afraid of, or what they should know about computer and network security. This year, there are four words that seem to be part of almost every conversation: booth presentation and sales pitch. Each contains, in its own way, information about the status of the security field in 2017.

What are those four potent words? Listing them is easy: visibility, IoT, partnership and automation. When you look inside those words things get more challenging -- and much more interesting.

Visibility
The impression gained in many conversations here is that CISOs, and IT professionals in general, have but the faintest idea of what's truly happening on their networks. The level of ignorance about how many devices, what sort of devices and how many cloud services are playing on the enterprise network is profound. Why is there such a high level of ignorance? On that, opinions vary, though the explosion of IoT, the continuation of BYOD and the economic power of shadow IT are combining to make the enterprise network such a dynamic place that it's difficult to know just how many devices are attaching at any one time.

Most of the researchers I spoke with at RSAC said that the IT group consistently under-counted devices by anywhere from 50 percent to 150 percent. It's not that people think that these are malicious actors lurking about on the network and waiting to attack -- it's just that each employee now represents somewhere around 3.5 connected devices and few physical systems (think HVAC and physical security) come without many more devices than are plainly visible.

What everyone agrees on is that knowing your network is the first step in protecting your network. The lack of visibility is a huge piece of the security deficit felt by many organizations today.

IoT
Not to get all Socratic Method here, but the first thing you have to do is define "IoT." Is it all the Fitbits walking around on employee wrists? The POS terminals and thermostats in your retail outlets? The process control systems in your manufacturing facilities? All of the above? Something else entirely?

The answer, of course, varies with precisely who's doing the defining. And the nature of that answer will go some way toward explaining the visibility problem already mentioned, and toward rationalizing the CISO's attitude toward protecting the IoT.

IoT security starts with the understanding that the industrial IoT and consumer IoT are two very different things that place very different demands on enterprise security. It continues with the firm knowledge that many techniques used for securing computing endpoints aren't possible with the IT; watching traffic to and from IoT nodes may be the only way to monitor, analyze and protect IoT devices from criminals -- and the rest of the internet from the botnet trying to use IoT devices against others.

Partnership
It seemed that every company on the expo floor at RSA was eager to talk about APIs -- how their API was being used by other companies, and how they were eagerly making use of APIs to bring capabilities from other companies' products into their own. At least for this year, the spirit of cooperation was in the air as each company wanted to show that they were more open and cooperative than the next.

It's important to remember, though, that an available API is only part of what's needed for a complete security infrastructure. Someone, somewhere, has to use the API to integrate two (or more) components into the solution for a security problem. In an interview with Light Reading, David Ulevitch, vice president and general manager of security business for Cisco, said, "People don't want the potential of APIs, they want the results of integration. The number of customers that harness APIs is much smaller than the number of customers taking advantage of integration."

Put another way, everyone recognizes that enterprise security is complicated and security vendors are reluctant to over-promise capabilities. An emphasis on APIs and integration means that there's at least the possibility of taking a "best of breed" approach to building a security solution. Actually getting there? Well, enterprise security is still complicated.

Automation
Security threats move at lightning speed and humans are ill-equipped to keep up the pace. That's why automation is the fourth word describing this year's RSAC. In truth, automation is a broad word that encapsulates at least a couple of other concepts. Some companies will tell you about the AI used in the product while others use the phrase "machine learning" to describe what they do. In either case, the impact on the customer is the same.

When security components can collect data, perform analysis, decide on a course of action and then take action without involving humans, then there's the possibility of responding to threats before they can cause damage. Both enterprise customers and security vendors want security systems that successfully deal with the vast majority of security incidents without ever involving humans, leaving analysts and administrators to deal with outliers, marginal cases and truly novel situations.

Five days, 45,000-plus people and four words; the story of RSAC 2017 in the tightest of nut shells.

— Curtis Franklin, Security Editor, Light Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-43790
PUBLISHED: 2021-11-30
Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduce...
CVE-2021-44428
PUBLISHED: 2021-11-29
Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1.
CVE-2021-44429
PUBLISHED: 2021-11-29
Serva 4.4.0 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1, a related issue to CVE-2013-0145.
CVE-2021-44427
PUBLISHED: 2021-11-29
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
CVE-2021-43783
PUBLISHED: 2021-11-29
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend ho...