Skip to content

RSA 2016 Lots of Hits and Some Minor Misses

Last week, I attended my very first RSA conference in San Francisco. As any first-timer, I also attended the event with a lot of expectations and anticipations, hoping to get an insight into the ‘next-gen’ security enforcements and crypto techniques. And while it was my first time at the event, Napatech has been attending this security show for a few consecutive years.

 At the event, I got the opportunity to take in the various technologies and innovations that were on display by the exhibitors. The whole experience was quite intriguing and I managed to come away a little bit wiser. RSA 2016 showcased a range of technical content that addressed some of the most pressing issues around cyber threats and security.

At the event, I got the opportunity to take in the various technologies and innovations that were on display by the exhibitors. The whole experience was quite intriguing and I managed to come away a little bit wiser. RSA 2016 showcased a range of technical content that addressed some of the most pressing issues around cyber threats and security.

While the show was extremely informative, the track sessions held in conjunction with the conference was a bit of a disappointment to me. I found that they were often too high level and lacked focus, rather unappealing for someone like me with very little hands-on experience in CERT (Computer Emergency Response Teams). The expo side of the conference, however, did not disappoint and even though I was clearly not the target person for most of the companies, it was still very interesting to talk to the exhibitors. It was fascinating getting to know the upcoming features and products that will be available to the security market, and hear first-hand from the key players about the potential use cases.

With virtualization being the current trend, it was only natural that one of the hot topics for the show was Software Defined Networking (SDN) and how security can be handled in this area. One school of thought discussed at the event revolved around the ease of implementing SDN in physical networks. Since the network settings can be changed virtually, instead of physically, the claim is that it is easier to mitigate attacks. Another benefit of SDN is that multiple smaller networks can be created giving the intruder limited systems to extract data from. However, there is the a drawback with the SDN, which is that DDoS attacks in a cloud environment actually influence other tenants running in the same datacenter because the tenants under attack become noisy neighbors. One of the scariest things about SDN, in my opinion, is if an attack is made at the hypervisor level or the orchestration level. I know they are rare but that doesn’t mean they won’t happen. As I didn’t see any talks about this, it is worth wondering if it is something to worry about or not?

Having attended the event and the different track sessions, my key conclusion is that there isn’t a one-stop-shop security solution. This fact is also highlighted in the “Demystifying Security Analytics: Data, Methods, Use Cases” presentation by Dr. Anton Chuvakin from Gartner. Additionally, visibility into the network is crucial because if you cannot see what you have to protect how can you protect it. Visibility is provided by using log outputs, NetFlow records and packet inspection. If you wish to explore this area further, I highly recommend the “The Three Principles of Effective Advanced Threat Detection” presentation by Zulfikar Ramzan (RSA CTO), where he stresses the fact that people spend too much time doing prevention instead of focusing on monitoring and response.