Reflections from the Halls of Moscone: RSAC 2019
Written By: Carolyn Crandall, Chief Deception Officer and CMO – RSAC in San Francisco has now concluded its 28th annual event. Over 42,500 attendees, 740 speakers, and 700 exhibitors participated in the mix of keynotes, session tracks, tutorials, and seminars (if you missed RSAC, there are 166 recorded videos that you can still watch, here). This year’s conference boasted an interesting lineup of topics including AI, IoT security, privacy, law, the evolution of threats and attack surfaces, and the ongoing challenges related to talent shortages.
The conference theme this year was ‘Better Together,’ a subtle, but critical focus. Cyber criminals have become more organized, more sophisticated, and more coordinated, leveraging the benefits of the Dark Web as a marketplace for exchanging tools, resources, and ideas. They have already subscribed to the concept of ‘better together,’ and have built an adversarial advantage based on information sharing and leveraging the strengths of others without organizational boundaries. It is a strong message that must be taken to heart: if we try to do this alone, we will always be starting with a disadvantage. Now more than ever, public and private entities need to be collaborating, sharing information, and thinking outside the box to adequately fight cybercrime.
Now that RSAC is over, it’s the perfect time to reflect on the conversations that resonated most with us and will stick with us as we move into the future. Read on for our top observations and takeaways from the conference as a whole, as well as a behind-the-scenes look at what the Attivo Networks team was up to during the show.
RSAC Observations and Takeaways
Threats are unlike anything we had in our lifetime: In FBI Director Christopher Wray’s keynote he shared, “The scope, the breadth, the depth, the sophistication, the diversity of the threats is unlike anything we’ve had in our lifetimes.” This is due at least in part to the rise of nation-state threats. Wray stressed the importance of public-private partnerships to achieve efficient, coordinated prevention and response. He warned that today’s cyberthreat landscape is larger and more sophisticated than any one government agency – and perhaps the government itself – and stressed the necessity of cybersecurity partnerships between law enforcement and businesses.
Shifts will need to be made for better detection against better attackers.
How the industry is falling short:The keynote from Pat Gelsinger and Shannon Lietz keynote centered on Three Things the Security Industry Isn’t Talking About (but Should Be) is a great starting point, with observations on where the industry has fallen short and suggestions on where to put our time and energy.
Improvements are needed in our approach to security as well as measures to ensure they are working.
Post-Breach Awareness: Kevin Mandia, CEO of FireEye, and Sandra Joyce, Senior Vice-President, FireEye, hosted a discussion titled “A View from the Front Lines.” They discussed the global trend of reduced dwell time, a trend that Joyce is quick to highlight the importance of, saying “most incidents that happen actually start with legitimate credentials, so you really need to pay attention to what’s happening post-breach.” Mandia and Joyce gave further context for the need for strong in-network defenses by discussing global cyberattack developments, including the continued advancement of China, Russia, North Korea, and Iran’s respective cyberattack capabilities. They concluded with a call for a unified “set of rules” to help defend against these global threats.
The time attackers go undetected remains too high and tools to detect and identify the attack early are critical to stop, eradicate, and mitigate a successful return.
Supply Chain and Third-Party Risk:Supply chain and third-party risk garnered significant attention at RSAC. In one session, Laura Koetzle, VP at Forrester Research, warned that “Third-party risk from supply chains and partners is the bigger everyday problem that organizations need to deal with.”
RSAC Content Director Britta Glade confirmed that supply chain risk is a hot topic for cybersecurity pros, saying “Concern about third-party risk officially hit the tipping point, fueled by cloud adoption and overall architectural changes, geopolitical conditions, GDPR and similar regulations, and everything-as-a-service, which has removed traditional borders and opened organizations up to possible attacks from previously unexpected sources and locations. Organizations are thinking differently about managing software supply chains, third parties and their risk management posture as a whole.”
Attackers will seek out the weakest link. This will often be through the targeting of a supplier, contractor or within M&A.
New Surfaces to Secure: There were also in-depth discussions on the migration to cloud, the incoming impact of 5G, and the changes in attack surface related IoT and the interconnects planned of almost everything. Each emerging technology comes with its own set of security challenges, which security experts and vendors addressed during RSAC. The idea of addressing IoT concerns by merging IT and OT teams was showcased in a center-stage presentation and cloud security was addressed as it pertains to the shifting multi-cloud landscape. Additionally, SANS Institute outlined cloud-based personalized attacks as a new attack vector, and offered advice on how to protect against those.
Another interesting discussion surrounding cloud security was Engineering Trust and Security in the Cloud Era, Based on Early Lessons, which was moderated by head of editorial at Google Cloud, Quentin Hardy. The panel consisted of other Google employeeswho discussed trust in the cloud era and how we can better build a secure cloud.
Attack surfaces are expanding and at the same time contracting into consolidated environments related to smart homes and other hubs of innovation. Security frameworks need to adjust accordingly.
Political Security Gets Back to Basics: The hacking of the Democratic National Committee (DNC) and subsequent leak of thousands of email exchanges had a major impact on the 2016 election, and political organizations are beginning to understand the operational importance of cybersecurity. Bob Lord, chief security officer at the DNC, delivered a keynote on the final day of RSAC, during which he urged organizations to take a bottom-up approach to cybersecurity by spending more time with basic security protections such as strong passwords and encrypted communications. Lord noted that most breaches are caused by the most basic vulnerabilities, and organizations can dramatically improve the state of their security with a focus on those fundamentals.
Hygiene, hygiene, hygiene. We can’t keep leaving easy avenues of access for attackers to exploit. At the same time, we are human so safety nets need to be firmly in place for these points of weakness.
The Future of the Workforce: After fielding criticism over a lack of gender representation last year (see: Prominent Tech Conference Faces Backlash for Keynote Lineup: 19 Men, 1 Woman), RSAC made major improvements in 2019. The event featured 232 female speakers this year – a 53 percent increase from last year’s lineup*. Sylvia Acevedo, CEO of Girl Scouts of the USA, was one female leader given a keynote platform this year to share the great work being done in the organization to educate girls on cybersecurity and create awareness for careers in various STEM industries. When it comes to equality in the tech and cybersecurity industries, we still have some work to do, but seeing the gender balance shift at one of the industry’s most notable events is a great first step. We are making steady progress at turning barriers into opportunities, and this sends a powerful message to young women that the tides are changing, and this is an industry where they are welcome to not only join, but lead.
In addition to giving diversity a well-deserved spotlight, the conference also organized an extended “College Day” which intended to help students and young professionals discover career options and provided them with networking and mentorship opportunities.
New Voices, New Perspectives: The conference ended on a lighter note, with a conversation between comedian Tina Fey and RSAC program chair Hugh Thompson. The two sat down to compare improv and cybersecurity, noting that there’s a lot they can learn from one another on team building and diversity. To end the conference with this discussion was a great example of bringing new perspectives to the industry.
RSAC with Attivo Networks
For Attivo Networks, this was our best RSAC yet. We created a new “Masters of Deception” exhibit with high-impact video designed to play tricks on the mind in much the same way as deception technology does to threat actors. This provided an introduction to deception technology and attracted a record number of interested attendees who participated in in-theater presentations, discussions, and technology demonstrations. Deception was abuzz with organizations across all major verticals coming by to understand the value of deception, how it fits into the security stack, and for a growing number an interest in how to scope the technology into their budgets. This was quite a different reception to deception than 4 years ago.
Off the show floor, Attivo had dueling off-site meeting rooms that ran non-stop with customer and prospect meetings, along with a very rewarding Customer Advisory Board meeting prior to the conference kickoff. Additionally, we had more than 20 press and analyst meetings, plus six on-site video and podcast recordings, with Nasdaq, Founder of the Honeynet Project and Attivo board member Lance Spitzner, Alan Commike, industry security expert, CDM, ISMG, and others. Attivo also walked away with 2 prestigious awards from CDM which brings the company’s award arsenal to over 75 recognitions on our innovation and leadership.
Attivo Networks also debuted “The Informer,” which addresses the need for faster and more accurate threat detection. The Informer solution, a deception-based forensic collection offering, is a new expansion of the ThreatDefend™ Detection and Response platform adding in-depth views of an attacker’s activity.
Security frameworks was also a hot topic at RSAC, and we were pleased to be a part of the MITRE roundtable on deception technology and how to accelerate its adoption. It was very encouraging to see those in attendance address the value of driving education around deception technology. We look forward to working closely with MITRE to help improve education regarding deception, including the different approaches and benefits offered by the many vendors operating in this space. Overall, it was a productive meeting for discussing ideas related to educating the market.
Although this year’s conference, like years’ prior, proved that the state of the cybersecurity is still very much a game of “cat and mouse,” it also served as a reminder that there has been strong progress made in technology innovation and in awareness and education. Of course, I do have a wish list for next year. I’d like to see emerging vendors better represented with more speaking opportunities and have RSAC offer programs less established vendors to gain visibility and educate attendees on new approaches to security. I hope to see continued commitment to diversity as well.
Lastly, Chief Security Strategist Chris Roberts will be conducting a post-RSA recap webinar at 9:00 a.m. PST on March 26. Tune in to hear his summary of the conference’s highlights and trends to be aware of.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise