Recap of RSA Conference 2016

The theme for this year’s RSA Conference was “Connect to Protect.” Humanity has been connecting with each other in many forms over many years. The Internet has become the central nervous system for modern communications. RSA Conference stands behind how people and businesses reach out to each other and collectively address growing cyber security threats, and more specifically, how security can better become implemented and strengthened in society for the benefit of all.

The following post highlights some of the highpoints from the conference, including the trending topics discussed both in security and in malware.

RSA Things to Know

The Internet of Things and Security.

RSA has spoken: The one cardinal rule with IoT security is that it is not a once-and done thing.

Further, unless the companies that make these interconnected devices overhaul their information security practices and incorporate them into development processes earlier, IoT will be DOA. This warning was issued at the RSA Conference 2016 in San Francisco from a panel of Internet of Things security experts.

Eric Hibbard, CTO for security and privacy and Hitachi Data Systems Corp., stated “Part of the problem [with IoT security] is many IoT manufacturers are new to the computer and networking space . . . Combine that with the current dearth of IoT security standards, and you’ve got a recipe for half-baked security.”

For the Internet of Things, building in security during design with strong device authentication and encryption implemented into that security is essential, rather than adding it in as an afterthought.

Fingerprinting and the latest twist in malvertising attacks.

Malwarebytes released a new study at RSA 2016 this week that looks into the updated techniques and technologies being used in malvertising campaigns that are proving particularly hard for security analysts and advertisers to spot.

One of the techniques used is fingerprinting, which uses a vulnerability that searches the computer for viable targets. In addition, in order to spot checking for security, this attack only works against genuine residential IP addresses. This helps ensure that it does not have to tangle with any enterprise level defenses.

Malwarebytes Senior Security Researcher Jerome Segura pointed out that “the malvertising attacks are pervasive and can be found in dozens of ad networks, including some of the most popular like DoubleClick.”

Mobility and the security challenges it poses to enterprises.

MobileIron discusses, in an RSA daily recap, a presentation called “Five mobile security challenges facing the enterprise.” The list of challenges included in order are:

  • Visibility
  • App Security
  • OS Vulnerabilities
  • Intelligence
  • Mobile Incident Response

In order to face these, it is important to take proactive steps about an organization’s mobile environment and take historical data comparing what’s known vs. new, which will help enterprises streamline analysis and future prevention of any security incidents.

Keep Security Simple but Robust

While it might seem counter-intuitive, the more internet security products a company installs does not necessarily equate to a more secure system. In fact, according to Cisco Vice President Martin Roesch, who spoke at RSA, “better use of automation for analyzing data, an emphasis on having fewer, yet more capable products, and better integration between the systems defending the network” tends to work the most efficiently.

When it comes to security, more and more technologies piled on a system will have an inverse impact and make it harder for an organization to manage and analyze data. Don’t fall into the “new” trap of the industry. Develop security at the proper scale, and an enterprise will successfully provide the trust and reputation that consumers can depend on.