RSA 2018 - a CyberSecurity week in review

by Patrick Coomans

The RSA conference in San Francisco is the largest CyberSecurity conference in the world, with almost 50,000 professionals joining this year. It provides a good finger at the pulse, showcasing CyberSecurity trends and technologies that we’ll see mature further in the coming year(s). Below I will describe a couple of those major trends observed.

This year B-Hive was also present at a joint event with Flanders Investment and Trade (FIT) titled Cyber Security R&D in de Benelux. Speakers included Prof. Wouter Joosen en Christophe Huyghens of Distrinet (KU Leuven), followed by short pitches of a dozen CyberSecurity startups such as Cybersprint, Intigriti and Intrinsic ID.

For more information: https://www.flandersinvestmentandtrade.com/invest/en/news/3-keys-cybersecurity-rd-success-in-flanders

As part of the RSA pre-program, I attended the Cloud Security Alliance (CSA) Summit. Since B-Hive recently signed an affiliate membership agreement with the Cloud Security Alliance, it was an excellent opportunity to meet with Jim Reavis, CSA founder and CEO, who asked me to highlight two points of interest to our ecosystem:

•   the Cloud Security Alliance now also has a membership formula for startups, see https://cloudsecurityalliance.org/membership/startup/

•   the Cloud Security Alliance also has a Financial Services Stakeholder Platform Working Group, which our Banking partners are invited to join (contact me for more info).

The CSA also presented an interesting new research piece on “Building a Foundation for Successful Cyber Threat Intelligence Exchange”. Past initiatives for exchanging threat intel between organizations have proven to be challenging. This research initiative addresses best practices, tools and procedures for implementing a more successful Cyber Threat Intelligence Exchange.

As could be expected, the topic of GDPR & Privacy was omnipresent at RSA. You could easily fill two full days attending sessions dedicated to GDPR. I was happy to see consistent messaging around the fact that regardless if a company is located in Europe or not, it will become liable for holding any PII on European citizens under this new legislation. I also spoke with a number of attendees about their feelings on GDPR, and most heard feedback was that :

• it will still be quite difficult to reach full compliance before end of May
• GDPR is welcomed as a good thing, an example for the rest of the world, harmonizing all the privacy legislation that until now was different in each country; an enabler for Europe to become a Single Digital Market.

As NIST released its new version of the Cyber Security Framework (CSF version 1.1) during the show, there were also a number of good presentations and interesting workgroup sessions by NIST and contributing members of the FS-ISAC. The CSF 1.1 was described as a very useful framework capable of bridging business level with technical level, strategy with tactical, or C-level with nerd-level as one speaker mentioned. For more information, have a look here:

https://www.nist.gov/news-events/news/2018/04/nist-releases-version-11-its-popular-cybersecurity-framework

As you could already guess, AI and ML have become buzz words. Almost every single booth advertised use of AI and ML somewhere, and it was up to the visitors to believe whether those claims were true or not. While the opportunity for AI and ML in Cybersecurity undoubtedly is very large, it is clear that when a vendor claims using AI or ML you’ll have to be very critical while reviewing, and definitely make sure to put it to a meticulous test. Don’t just believe demo’s, I personally think there is a lot of smoke and mirrors here.

Claims about AI and ML were in particular made by vendors who offered all kinds of solutions to improve and automate SOC operations. It’s an undisputed fact that skills shortage in CyberSecurity is one of nowadays’ challenges, so there is lots of attention for solutions that let machines automate and take over boring and repetitive tasks from humans and enable the analysts in taking better and more informed decisions. Ideally these solutions will increase your teams’ visibility while reducing administration, so more time can be spent to deeper case investigation, quicker prevention and remediation.

On the front of secure Software Development (DevSecOps) there was a lot of focus on bringing more security into the software development life cycle, and also in earlier stages, e.g. coding plugins that suggest security improvements while typing code. I also saw an increase of the maturity of automated vulnerability scanning and penetration testing services, some supported by ML and AI. With the uptake of microservices and containers, there was also a whole range of advanced security orchestration tools targeted at containers and microservices.

While endpoint protection is definitely not new, it was clear at RSA Conference that there is still plenty of room for technological improvement on that. Machine learning and AI have also made their entrance here and a whole slew of vendors offered all kinds of new and interesting capabilities.

Several nations also represented their CyberSecurity startups and scaleups. Israel probably had the largest nation-sponsored booth with about 50 companies represented. Other nation booths were present from Korea, UK, Spain and Germany (who hosted a traditional Oompah “music” band most of the time, whether you liked it or not). Just like in previous years RSA also featured 45 promising startups and scaleups at the RSA Early Stage Expo. The finalists can be found here: https://www.rsaconference.com/press/83/rsa-conference-announces-finalists-for-2018

On the list of “new cool technologies” I definitely want to mention isolation, deception, SDN (that is now quickly taking over the VPN market) and File Decomposition/Recomposition for deep security analysis.                                                             

All in all, it was a great week, I met lots of interesting people and got a little bit cyber-smarter. Most (slightly nerdy) fun however I had at the booth of the NSA, where under supervision of a crypto expert I could have a go at operating an original and fully functional Enigma machine.

IMG_4411[1].JPG