RSA 2012: Mobile Security, Hacktivists, APT, Social Engineering

The 2012 RSA Conference has something for everyone when it comes to security issues. This year's sessions cover topics, ranging from cryptography to mobile security to hacktivism and enterprise security.

Thousands of security professionals are planning to descend upon the RSA Conference in San Francisco this week to discuss security issues, ranging from challenges posed by mobile products, to hacktivists, to social engineering, to advanced persistent threats and the cloud.

There is something for everyone at the RSA Conference, which begins Feb. 27 at the Moscone Center in San Francisco. Conference organizers have added sessions and panels dealing with a wide range of topics, including cryptography, business training, certifications and mobile-device management.

There are more than 19 class tracks and 210 sessions being held during the course of the week. Some of the sessions are also scheduled for multiple time slots to allow attendees to still be able to catch them. There are 17 keynotes during the four-day event, including speeches from Symantec CEO Enrique Salem and Cisco Systems Senior Vice President Christopher Young, as well as security experts such as Federal Bureau of Investigation Director Robert Mueller and Ashton Carter, the deputy secretary of defense. Former British Prime Minister Tony Blair will give the closing keynote March 2.

Scott Charney, corporate vice president of the Trustworthy Computing group at Microsoft, will be delivering a keynote speech Feb. 28 on how computing and society have changed during the past decade. Charney is expected to touch on cyber-warfare and cloud security while discussing strategic changes the technology industry needs to embrace in order to provide more secure, private and reliable computing experiences for users.

As for major themes at RSA, attendees can expect to hear about mobile-device management, advanced persistent threats (APT), hacktivists, social engineering and cloud security, both formally and informally.

Mobile-device management and how organizations can secure data in light of the consumerization of IT trend will be a major topic of discussion at the RSA Conference. Employees are using their own smartphones to check work email, or their own laptops to log in and access the company's Web-based applications. The consumerization and bring-your-own-device (BYOD) trends are not just limited to mobile devices, as employees also use consumer-focused services, such as Dropbox, to store potentially sensitive business data in the cloud.

Attendees can go to sessions on analyzing Android malware, how the National Security Agency is securing mobile devices, and enterprise management strategies on mobile security.

Another big theme for the conference this year is the emergence of APTs. During the past year, researchers used the term to discuss breaches and stealthy attacks against companies across a broad range of industries. RSA Security disclosed last March, days after last year's conference ended, that it was a victim of an APT. Attackers had breached its networks and stole information related to the SecurID two-factor authentication technology, Art Coviello, executive chairman of RSA, said at the time.

Social engineering will also get a lot of attention, as attackers get better at embedding crafty exploits inside innocent-looking spreadsheets and PDF documents. By putting in the effort to research the victims' backgrounds, attackers are increasingly being successful at tricking the users into downloading and opening up malicious payloads.

Hacktivism will be on people's minds again this year. Just before last year's conference, Anonymous was busy launching distributed denial-of-service attacks against "enemies" of whistle-blower Website WikiLeaks and had conducted a revenge raid on HBGary Federal's servers for investigating the group.

This year, Anonymous is still active, boasting about their attacks on Pastebin and Twitter several times a week. Imperva released on Feb. 27 an in-depth analysis of an Anonymous attack over the summer against a high-profile target, and WikiLeaks released emails that were most likely stolen by the collective's members in December. Similar-minded groups have joined Anonymous in breaching Websites and servers and dumping data online.

Jeffrey Brown, a senior correspondent from "PBS NewsHour," will moderate a panel discussing hacktivism on Feb. 29 as the day's first keynote speech. Panelists include journalist Misha Glenny, Eric Strom, a unit chief from the FBI, and Grady Summers, vice president at MANDIANT.

This year's conference will "show that the industry has made strong progress on cloud security," Adrienne Hall, general manager of Microsoft's Trustworthy Computing group said on the group's blog. There will be road maps and further discussions to understand what needs to be done.