Saturday, March 2, 2013

RSA Ramblings

So I’m sitting in my usual coffee haunt, trying to digest the cacophony of sights, sounds, and information from this past week at the RSA Conference.  

I went to RSA this year primarily for two reasons:

  • I took a new CSO gig this year and had vendors nipping at my heels from day one.  I figured I could get most of my vendor meetings out of the way in one fell swoop.
  • It’s a good way to get my CPEs out the way for the year  :) 
Here are the highlights...

Intelligence/Big Data.  Big Data and the ability to derive security analytics and intelligence from the data reigned supreme on the vendor floor.  It’s interesting, if you think about it for a bit.  Years ago we claimed that the systems and tools weren’t generating enough data for us to see what was truly going on in our networks; once we created tools to generate the data, we quickly realized we have 150 fire hoses of data pointing at us, yet lacked the ability to extract relevant intelligence from streams of garbage.  While it appears we are not focusing on that problem, we are still seeing the majority of our concerns (upwards of 70% by some counts) resulting from lack of patching of known exploits…something we don’t need a “big data” engine to fix.

APT.   Mandiant’s report on China’s cyberespionageefforts created some additional “buzz” around APT in general prior to the conference, but did little to impress the security community.  Nothing in the report was considered news to those who watch the space, and many of us expected that Mandiant was positioning itself well from a sales perspective prior to the conference.  We cynics were proven correct when Mandiant used its report as a springboard to launch its Intelligence Center offering on Tuesday at the conference.   

The Human Element.  I was pleased to see the conference add a track devoted to human factors security; indeed, it is a recognition (finally!) that we as a profession have spent way too little time and energy focused on a critical portion of the people-process-technology triad.  While some of the information (such as Lance Spitzner’s announcement of a new SecurityAwareness Roadmap) was truly insightful, I admit some disappointed in the fact that many of the presentations focused of problem definition versus offers of solution…and fixing awareness programs versus understanding the human element.  Still, the fact that these discussions were occurring and that most sessions were packed should be viewed as a good sign overall.

Party Hearty.  There were some wilder than usual stories re: some of the vendor parties that were being offered.  In one case, a vendor hosted a party at a strip club for their clients this year!  The Vegas over-the-top style of the conference appears to have set in in earnest.  Disappointing, to say the least.


* * * * *

Leaving RSA, I found myself once again overwhelmed by how underwhelming it was re: substance and vision.  As an industry and a profession I get more and more concerned that we are using this conference (and others like it) to pat ourselves on the back, take the time to mutually commiserate, or just promote the latest toy versus utilizing the strength of our profession (and the collective vendor brands) to solve the simple environmental problems which make up 70%+ of our threat picture. 



Keep your fingers crossed for next year…


No comments:

Post a Comment