Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

// // //

RSAC 2017 in 4 Words

The big news and trends from RSAC 2017 can be summed up in four key words: visibility, IoT, partnership and automation.

The RSA Conference (RSAC) in San Francisco is one of the year's largest gatherings of security professionals, with a reported attendance of more than 45,000. From three-letter government agencies to startup security vendors taking the first step toward their big cash-out, the exhibit floor is filled with technology and services while enterprise security professionals, CISOs and security researchers of varying levels of respectability roam the aisles and fill conference seats. It's a good place to be if you want to get a feel for the big concerns and issues in the computer security space.

Every year, attendees and journalists are asked about their impression of the show. It's a shorthand way for people who aren't in the security field to ask what they should be afraid of, or what they should know about computer and network security. This year, there are four words that seem to be part of almost every conversation: booth presentation and sales pitch. Each contains, in its own way, information about the status of the security field in 2017.

What are those four potent words? Listing them is easy: visibility, IoT, partnership and automation. When you look inside those words things get more challenging -- and much more interesting.

The impression gained in many conversations here is that CISOs, and IT professionals in general, have but the faintest idea of what's truly happening on their networks. The level of ignorance about how many devices, what sort of devices and how many cloud services are playing on the enterprise network is profound. Why is there such a high level of ignorance? On that, opinions vary, though the explosion of IoT, the continuation of BYOD and the economic power of shadow IT are combining to make the enterprise network such a dynamic place that it's difficult to know just how many devices are attaching at any one time.

Most of the researchers I spoke with at RSAC said that the IT group consistently under-counted devices by anywhere from 50 percent to 150 percent. It's not that people think that these are malicious actors lurking about on the network and waiting to attack -- it's just that each employee now represents somewhere around 3.5 connected devices and few physical systems (think HVAC and physical security) come without many more devices than are plainly visible.

What everyone agrees on is that knowing your network is the first step in protecting your network. The lack of visibility is a huge piece of the security deficit felt by many organizations today.

Not to get all Socratic Method here, but the first thing you have to do is define "IoT." Is it all the Fitbits walking around on employee wrists? The POS terminals and thermostats in your retail outlets? The process control systems in your manufacturing facilities? All of the above? Something else entirely?

The answer, of course, varies with precisely who's doing the defining. And the nature of that answer will go some way toward explaining the visibility problem already mentioned, and toward rationalizing the CISO's attitude toward protecting the IoT.

IoT security starts with the understanding that the industrial IoT and consumer IoT are two very different things that place very different demands on enterprise security. It continues with the firm knowledge that many techniques used for securing computing endpoints aren't possible with the IT; watching traffic to and from IoT nodes may be the only way to monitor, analyze and protect IoT devices from criminals -- and the rest of the internet from the botnet trying to use IoT devices against others.

It seemed that every company on the expo floor at RSA was eager to talk about APIs -- how their API was being used by other companies, and how they were eagerly making use of APIs to bring capabilities from other companies' products into their own. At least for this year, the spirit of cooperation was in the air as each company wanted to show that they were more open and cooperative than the next.

It's important to remember, though, that an available API is only part of what's needed for a complete security infrastructure. Someone, somewhere, has to use the API to integrate two (or more) components into the solution for a security problem. In an interview with Light Reading, David Ulevitch, vice president and general manager of security business for Cisco, said, "People don't want the potential of APIs, they want the results of integration. The number of customers that harness APIs is much smaller than the number of customers taking advantage of integration."

Put another way, everyone recognizes that enterprise security is complicated and security vendors are reluctant to over-promise capabilities. An emphasis on APIs and integration means that there's at least the possibility of taking a "best of breed" approach to building a security solution. Actually getting there? Well, enterprise security is still complicated.

Security threats move at lightning speed and humans are ill-equipped to keep up the pace. That's why automation is the fourth word describing this year's RSAC. In truth, automation is a broad word that encapsulates at least a couple of other concepts. Some companies will tell you about the AI used in the product while others use the phrase "machine learning" to describe what they do. In either case, the impact on the customer is the same.

When security components can collect data, perform analysis, decide on a course of action and then take action without involving humans, then there's the possibility of responding to threats before they can cause damage. Both enterprise customers and security vendors want security systems that successfully deal with the vast majority of security incidents without ever involving humans, leaving analysts and administrators to deal with outliers, marginal cases and truly novel situations.

Five days, 45,000-plus people and four words; the story of RSAC 2017 in the tightest of nut shells.

— Curtis Franklin, Security Editor, Light Reading

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-08-15
Use After Free in GitHub repository vim/vim prior to 9.0.0212.
PUBLISHED: 2022-08-15
Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/module_frame/index.php.
PUBLISHED: 2022-08-15
Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/admin_notifiers/rules.php and /module/report_event/indext.php via the parameters rule_notification, rule_name, and rule_name_old, and at /modul...
PUBLISHED: 2022-08-15
Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https://<target-address>/module/admin_user/index.php?...
PUBLISHED: 2022-08-15
The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.