From the White House to ‘Moneyball,’ RSA Security 2015 Had Everything

By Chris Preimesberger

Department of Homeland Security head Jeh Johnson told a packed audience that the U.S. government does not have all the answers or all the talent, and cyber-security must be a partnership between government and those in the private sector. To that end, DHS has been building an agile cyber-response capability to help address and mitigate threats. DHS also is establishing an office in Silicon Valley this year, the purpose of which is to help strengthen the critical relationship between the government and the private sector so that both sides can benefit.

“The security market is fundamentally broken,” new RSA President Amit Yoran said atf a press conference. “The approach that our industry has taken is irreparably flawed, and we have to change.” RSA Security itself is also changing; Yoran said the company is going through a massive transformation. From a product perspective, one of the bold changes is the new Via platform, which Yoran called a “reinvention” of RSA’s authentication and identity management capabilities. Via is all about providing identity assurance from any device at any time using whatever method the user wants to use.

Jeff Moss, a celebrated former hacker and founder of both the DevCon and the Black Hat conferences, told eWEEK that he believes conventional security will never jump ahead of the hacker community with an ability to completely shut out all data breaches or other types of attacks. “I’d be really good with like 80 percent security because we’re never going to get to 100 percent security,” Moss said. “We don’t have anywhere near 80 percent yet. But if we got to 80 percent, that means we only have to work on the remaining 20 percent.”

Gilliland emphasized that while there is a lot of talk about advanced threats, when you look at the actual data, most breaches are the result of older vulnerabilities that have not been patched by organizations. While older vulnerabilities continue to be a risk, Gilliland said, there is also a lot of infrastructure now delivered as cloud services that require new-generation security approaches.

C-level executives need to get with it and become better educated about how prudent cyber-security practices in networks and devices should be deployed and the overall critical value of tight security to their companies. “The use of the Internet is an essential part of doing business on a daily basis,” Koponen, CEO of the Finnish security development and products provider SSH, told eWEEK. “We can’t continue to do business without thinking: Is this secure? Is everything OK, because your customer records are online? If you’re not thinking about this part of the business, eventually you will destroy your business.”

Daniel, who spoke in a keynote and was a key guest at a CyberTech Networks/CyberHive panel discussion, said that he is trying to set starting principles for a broad public discussion on national cyber-tech policy, which has been a major source of tension with technology companies and other experts. After the White House sets principles, factoring in national and economic security, and privacy, Daniel said he wants to engage with technology companies, heavy encryption users in the financial sector, other industries and other countries.

“See Everything, Fear Nothing” was a headline on RSA’s own exhibit that enabled viewers to see a multidimensional view of an IT system in real time, right before their very eyes. They could actually watch the attack exploits come in from various directions, see how they progressed in the system and witness how the solution did—or didn’t do—its work. A popular booth it was indeed.

One slide from one of the keynotes pretty much puts the IT security dilemma into clear focus: The bad actors who are raiding and pillaging money, identities, and valuable business or government information have reign over vendors, all the technology and data, and everybody who uses IT and the Internet—which is most of the world. Proactive and defensive security must be understood and used diligently by all parties.

The central figure of the book and movie “Moneyball” (right) was a popular guest during a keynote, talking not about security but about the value of data analytics in evaluating ballplayers from his standpoint. Parallels were drawn to the value of using data analytics to scope out potential risks among internal employees inside a security wall within an enterprise or other organization.

No fewer than 100 private and open-to-RSA-attendee parties and various other events (such as Giants-Dodgers baseball games, yacht rides on San Francisco Bay, live music dance parties and simple cocktail and finger-food meetups) loaded the schedule and kept visitors up until the wee hours on some nights. Overall, though, RSA 2015 was a valuable time to remember.