March 20, 2012
In the beginning months of every year, the people fighting the good fight against internet crime converge upon the Moscone Center In San Francisco. The RSA Conference is an event that brings huge amounts people from around the world together, over 200 sessions, 450 speakers and 350 security-focused exhibitors, for a week to focus on making the internet a safer place for governments, businesses and people. It’s the largest Security conference in the world and merges the business with the science of computer security, where @InfoSpyware was present!
The past year has been a year where information insecurity has been thrust into the lives of the common person. From changes in the way we use the internet, through mobiles, tablets and cloud services, to high profile security breaches from Sony, the FBI and RSA itself, to the relentless hacktivism of Anonymous and the nowpossibly-defunct Lulzsec, to the misguided efforts of governments with SOPA and PIPA, there has never before been such a time where something that is so pervasive in our lives, has changed so rapidly.
The turnout at this year’s 20th annual RSA seemed to eclipse that of last year’s conference. Companies and individuals came in unprecedented numbers, in order to make sense of it all and to draft their battle plans in the coming year. This year, RSA itself challenged the security industry to stop being slow and reactive and to be more agile and offensive, using the advances in technology at its disposal. Symantec and Facebook highlighted the generational differences between hyperconnected “digital natives” who are blurring the line between business and personal computer use, and the “digital immigrants”, who view security in a much different light and must adapt to the future. Virtually every keynote speech highlighted the fact that we are in a time of rapidly shifting technology and user habits which will make security extremely challenging in the future. An excellent panel on hacktivism disputed the merits and evil of today’s digital agents for change.
In the “Crypto Commons” There were several infosec luminaries sharing materials and themes from their recently authored books. Bruce Schneier, inventor of the Blowfish algorithm gave a talk based on his book “Liars and Outliers”, examining the complex relationships and balance between interpersonal relationships and trust. Mark Russinovich, co-author of the essential anti-malware tool autoruns, presented material from his book “Zero Day: A Novel”, which is a fictionalized account of a Stuxnet-like cyberattack.
The mood on the expo floor was frenetic, with the usual carnival-like atmosphere found at technology shows, as security vendors vied for the attention of their battle-weary potential clients. Among antivirus vendors, the competition was fierce, as it seemed each vendor was giving away mobile versions of their antivirus product and, showing clients comparatives where they had rated best in detections. The giants like Symantec and McAffee were hardly recognizable as endpoint vendors and had booths that looked like mini-cities and buzzing with exhibitors and clients. Vendors like Eset and Kaspersky had apartment-like booths that would cost more than $4,000 a month to rent in midtown Manhattan. Smaller players like Bitdefender, Sophos and GData had business-like booth with friendly staff. Each vendor was on top of their game (after all, this is the World Cup of security), explaining their technology and why it is the best solution to combat today’s malware.
At these events, it’s not easy to find security experts who speak Spanish natively. We played a cat-and-mouse game with Alejandro Musgrove, President of Americas for Bitdefender, but we were ultimately unable to catch him due to scheduling conflicts. Fortunately we were able to speak with Luis Corrons from PandaLabs to ask him about some of the challenges facing the world of security today, he provided very insightful information, which we were able to record for InfoSpyware TV. Things like Advanced Persistent Threats, SpyeEye, the security challenges wrought by “Bring Your Own Device”, Security in the Cloud, Hacktivism and and increasingly hostile threat landscape were topics covered not only by Mr. Corrons, but the event speakers from various vendors from Microsoft to Cisco, to Qualys. As we go to press, it appears that PandaLabs has also joined the ranks of security vendors targeted by hacktivists. Already the predictions seem to be correct, we are in for a very memorable year indeed.
You can watch the keynote speeches and relive the RSA conference here.