Since only 42,000 of us were able to attend the world’s largest security show, I thought it would be good to share some of the buzz from the event with those who couldn’t attend. This year’s focus at the RSA Conference was on the human element. And as one security writer noted, “We spend so much time talking about automation in security (and other areas of IT) that it’s easy to forget about the critical role humans play in security, whether it’s their own or the security of their organization’s networks and data.”
I would add that as machines continue to outpace humans in corporate environments, it’s also critical that we don’t neglect protecting the machine element. And in a world where the network perimeter has largely evaporated, we need to prioritize managing the identities of the machines that we are connecting to or communicating with. Along those lines, here are some interesting tidbits that my colleagues and I overheard on the RSA show floor.
“The bad guys aren’t hacking in, they are logging in.”
“Twitter is one big repository for samples of malware.”
“Attackers avoid sandboxes by waiting and automating their activity.”
“We need quantum-resistant algorithms as soon as possible” (Steve Grobman, McAfee CTO)
“The internet is turning in on itself with botnets. The Mirai botnet owners knew that many tech providers were embedding passwords in firmware and that allowed them to take over those machines”
“Monokle Android surveillance tools used a shared SSL certificate and infrastructure—all samples (and additional applications) were signed by the same certificate.”
“Attackers are using recycled loader malware to swap the decryption routine with their own command and control server, which allows them to send encrypted software for the loader to decrypt and run.”
“All sessions I attended at RSAC talking about malware and APTs stressed the fact that threat actors are stealing code signing certificates to evade defense controls.”
Humans vs. Machines
“The attack surface is expanding, with more smart devices connecting to the internet with no authentication and encryption.”
“The IAM problem is exactly the same with humans and machines. We have had 20 years to work on getting IAM for humans right. We can’t take that long to get it right for machines. We need to be proactive.”
“What’s scary is the lack of controls around machine identities in critical infrastructure of all types but especially healthcare.”
“So many of the new machines on networks are ‘smart’ machines or they rely on AI. We don’t have any safeguards to protect ourselves red if attackers pollute the input data.”
“Smart devises are not very smart in terms of security—they are not designed with security at the forefront.”
"Cyber-threats are evolving faster than systems defenses. Bad configuration and asset management leaves devices vulnerable and exposed."
"The growth in #machines on enterprise networks, the speed of their creation, and varied types of machines are creating expanding attack surface. Cybercriminals target machine identities as they are poorly protected. https://t.co/AvvM9VgyFl@dynamicCISO@Venafi@AIRWorldwide"
— rneelmani (@rneelmani) February 25, 2020
“Modern encryption is stronger than ever, using battle-tested algorithms that are resistant to eavesdropping. But enterprise security managers fear they have lost the ability to detect network intrusions and malicious traffic.” ExtraHop
“The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.” ThreatPost
“From an operational standpoint, the use of multiple cloud key management services translates to decentralized key management, which is a definite no-no when it comes to security best practices.” Thales
“As the use of encryption becomes the industry standard, companies of all sizes need a solution that will let them understand what’s in the encrypted traffic entering their network, so they can block attempts by cybercriminals to mask their intentions.” Cygilant
"Cybersec should not instigate fear but protect hope - and security should not be seen as a cost but an investment. The digital transformation will bring fantastic opportunities to our societies - but we need to include security, privacy and integrity to enable trust. #RSAC2020pic.twitter.com/tTt722KWTJ"
— Troels Oerting (@TroelsOerting) February 25, 2020
More from RSA Conference 2020
Stay informed with next week’s blogs as we release exclusive Venafi survey results from RSA Conference 2020 and reveal new finds on the state of the cyber security landscape and machine identity management.