SAN FRANCISCO—How do you do security incident investigations at the world’s largest security conference?
While there are many vendor solutions to conduct security investigations, the conference itself operates a Security Operations Center (SOC) that can track potential security incidents and helps to protect the conference network from cyber-attacks.
In a video interview with eWEEK, Jessica Bair, senior manager, Security Business Group at Cisco explained how the RSA Conference 2018 SOC works and what the security climate has been like at the event so far. The SOC includes technologies from multiple vendors, including Cisco ThreatGrid and RSA NetWitness that can identify different types of issues that might represent threats or security concerns.
One of the things that the Bair said the SOC found this year is that attendees continue to send information using cleartext protocols, enabling anyone to potentially intercept and read their communications. Unlike the Wall of Sheep at the DefCon security conference, the RSA Conference SOC does not publicly aim to shame those that are not using encryption for data communication and does not publicly display the list of exposed user credentials.
Unauthorized crypto-currency mining has been a growing problem in 2018 and the RSA Conference isn’t immune to the issue. Bair noted that there have been a few incidents of crypto-currency mining traffic on the RSA Conference network as well. While attacks of different types, can happen, Bair noted during the 2018 event so far there has been no sign of Distributed Denial of Service.
Watch the full video tour of the RSA Conference SOC above.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.a