LevelBlue Completes Acquisition of Cybereason. Learn more

Request a Demo

LevelBlue Completes Acquisition of Cybereason. Learn more

Submit RFP
Request a Demo
Services
Cyber Advisory
Managed Cloud Security
Data Security
Manage Detection & Response
Email Security
Managed Network Infrastructure Security
Exposure Management
Security Operations Platforms
Incident Readiness & Response
SpiderLabs Threat Intelligence
View All Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Operational Technology
End-to-end OT security
Microsoft Security
Unlock the full power of Microsoft Security
Securing the IoT Landscape
Test, monitor and secure network objects
Why LevelBlue
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
LevelBlue SpiderLabs
Global researchers, ethical hackers, and responders
LevelBlue Security Operations Platforms
Unprecedented security visibility and control
Security Colony
Access to cybersecurity threat protection resources
Partners
Microsoft
Unlock the full power of Microsoft Security
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP

CISO Perspective on RSA 2017 - Top 10 Takeaways

2 Minute Read by John McLeod

Booths at RSA 2017 Conference
RSA conference 2017 is over and a ton of roundups are being written, so here's mine. As expected, the hottest security topics and vendors were related to IoT and the cloud. Additionally, Threat intelligence and SOCs were the subject of conservation with many vendors on the floor. Below are my top 10 key takeaways:

1. CSA Summit: The Summit was the day before RSA and the key theme throughout the day were levels of trust: identities, devices and roles. But the biggest takeaway was the release of the publication from the Software Defined Perimeter (SDP) Working Group, exploring how the SDP can be applied to Infrastructure-as-a-Service environments.
 
2. Google’s BeyondCorp: Google has reinvented its security perimeter around devices through its groundbreaking “BeyondCorp” initiative. They introduced three core principles:

  • Connecting from a particular network must not determine which services you can access.
  • Access to services is granted based on what we know about you and your device.
  •  All access to services must be authenticated, authorized and encrypted.

3. Mirai Botnet: Chris Young of Intel Security, in an opening keynote, showed us how McAfee researchers bought an “off-the-shelf” DVR known to be targeted by Mirai Bonet. Within 60 seconds of connecting it to the Internet, the device was compromised.

4. Cryptographer’s Panel: Adi Shamir, the “S” in RSA, stated "I'm skeptical that Artificial Intelligence (AI) will have much of an impact on security… If you talk about 15 years from now, when AI systems are going to be super intelligent, I can foresee when you give all of the information about cybersecurity to the AI and it will think about it and then say, in a very calm voice, In order to save the internet, I'll have to kill it.”

5. SANS: Four SANS experts took the main stage to talk about the seven most dangerous cyberattacks. Some notable items were: Software developers are not properly validating remote network services they are utilizing and the Internet Storm Center is seeing continuous scanning for vulnerable "nosql" databases. Lastly, there are folks still not changing default passwords.

6. GDPR: General Data Protection Regulation (GDPR) was discussed in a few talks. At a very high level, it states organizations must know what data they have and understand the risk that it poses. Johannes Ulrich, SANS Institute, advised that tokenization for data protection is the best answer. May 2018 is the deadline for companies to adhere to the regulation before they potentially face fines for noncompliance. 

7. Hacking Exposed: The Hacking Exposed presentations by the CrowdStrike folks never disappoint, and this year they featured “Real-World Tradecraft of Bears, Pandas and Kittens.” My favorite hack they demonstrated was the malicious LNK file. This was embedded PowerShell and Payload inside of a Windows shortcut file (LNK). 

8. Containers: If you are into Containers, Tsvi Korren of Aqua showed us how he jumped out of a Container. If you are wondering what is a container, it’s a form of application deployment that makes a process tree "think" that it has a complete operating system for itself. 

9. Microsoft: Brad Smith of Microsoft noted that 74% of businesses expect to be breached this year and that 90% of intrusions begin with a phishing email. He stated, “every company has at least one person who will click on anything.”

10. DevOps: Josh Corman of Cyber Statecraft Initiative pointed out the need for governance in DevOps. To get his message out he used a great analogy: In the span of two months, two massive earthquakes struck Haiti and Chile. The Haiti earthquake resulted in the loss of 230,000 lives but the more powerful one hit Chile and resulted in the deaths Why is that? Chile planned for disaster by having a robust set of building codes. Haiti has no apparent building code.

ABOUT LEVELBLUE

LevelBlue is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

ciso rsa

Latest Intelligence

Crowdsourced Penetration Testing: Understanding the Risks for Better Decision-Making
Art and Science: Cyber and Physical Security Convergence Deficiencies in the Louvre Heist
LevelBlue Futures Report: Retail Leaders Reveal Security Concerns

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo