RSA 2017, held February 13 – 17 at San Francisco’s Moscone Center, is touted as the world’s largest security trade show. For me, it was kind of like “Star Wars: The Force Awakens”: it was cutting edge, cool, lots of fun and quite retro all at the same time.
The major topics? Ransomware, information sharing, distributed denial of service (DDoS) attacks, email scams and how hyper-mobile devices can become threats. Sometimes, it felt like I had hopped onto a time machine to attend RSA 2000 or 2007. I was, in fact, at RSA 2017, where industry security leaders have gathered to discuss — if not resolve — long-standing security issues.
Discussions of ransomware focused on two major themes:
- Take precautions now.
- Pay if you really want to, but don’t expect to get your systems/info back unless you pay in a smart way.
One major non-retro theme centered around managing attacks rather than simply stopping them. Not too many years ago, the rhetoric on trade show floors around the world focused on stopping and halting the hacker. At RSA, it was all about managing the hacker.
It’s not just trade show talk, either. My friend Patrick Lane, CompTIA director of products, told me last week that he has heard a lot about network resilience from the CompTIA Subject Matter Experts participating in CompTIA Security+ and CompTIA Advanced Security Practitioner (CASP) exam development workshops. I think the more the industry focuses on hacker management and the ability to absorb hacks, the better off we’ll all be.
One cool thing I heard was a name for email-based phishing attacks. Nowadays, the old practice of spear phishing people is lumped in to the category of business email compromise (BEC) attacks. The first time I heard this phrase, I thought for a second they were referring to one of my favorite guitarists. After a while, I heard the term so often that people started sounding a bit like chickens in a farmyard. Still, it’s nice to have a good, descriptive name for a long-standing problem.
A session on email phishing techniques discussed very specific — and quite lurid — details about these attacks have morphed. Hackers have begun placing links to malware labeled as “unsubscribe” links at the bottom of emails. That’s a fairly brilliant strategy, isn’t it? I mean, all a hacker has to do is create an email message that causes the victim to click on the unsubscribe link. Potential victims are far, far more likely to hit unsubscribe in response to an annoying email than click in the body of the message.
I also attended a session about using advanced analytics tools, such as security information and event management (SIEM) software and take them to the next level. Discussions included solutions like McAfee’s Open DXL, AlienVault and FireEye, which are middleware that help provide real-time data and actionable information to aid in threat modeling.
On February 15, I participated in a panel about how today’s IT certification providers are helping to create a highly skilled digital workforce. It was fun talking with fellow testing professionals from ISACA, (ISC)2 and GIAC.
Of course, IoT was a major theme. The debate centered around how to regulate and control IoT devices — a vital topic, because just this past October, compromised IoT devices led to the largest DDoS attack ever recorded. Industry consensus was, “We need to self-regulate now, or else ridiculous rules will be foisted on us.” I’m not sure what is ridiculous and what isn’t, here, but I do know that industry experts are tired of the practice of getting devices into market quickly, no matter the cost.
On February 16, I presented about Cyberseek at the National Institute of Technology (NIST) booth. It was gratifying to connect with professionals around the world and discuss with them how businesses can use Cyberseek to plan locations for their work and data centers. Quite a few people were excited to learn about where to find people with the hottest skills.
Finally, there was a buzz about how DDoS attacks have come full circle. Monsanto Chief Information Security Officer (CISO) Gary Harbison confirmed this theme in a recent CompTIA IT Pro Webinar about the state of security in 2017. He stated that DDoS attacks were hot stuff back in 1999 and 2000. They had become old hat but have now returned in a big way. In fact, he and fellow RSA attendee Joey Smith, CISO for Schnuck Markets, indicated that now we’re seeing attacks on both web applications (Layer 7) and company routers. So, it’ll be interesting to see how these DDOS discussions morph in RSA 2018.
In closing, one fun thing I noticed was how quite a few people had set up what were clearly rogue WiFi hot spots. I couldn’t help but think of the Defcon/BlackHat conference in Vegas. Is it possible that RSA is starting to follow a more “rogue security warrior” route in the future? I doubt it, but I’m looking forward to RSA 2018.
You can see James speak at the following upcoming events: