Tagged: RSA

TrendLabs Security Intelligence Blog: RSA Conference 2014: The Way Forward


I recently attended an information security conference in San Francisco, CA, USA (hence some lull moments with the posting frequency for this blog late last month and early March). I was able to collect some insights and posted them in TrendLabs Security Intelligence Blog. TrendLabs posted it yesterday and so I am reposting it here at menardconnect.com:

RSA Conference 2014: The Way Forward

I attended the RSA 2014 Conference in San Francisco, which has held about two weeks ago. This year the conference offered new insights to today’s threat landscape, which will help us all plan for and protect users in 2014 and beyond.

Largest Security Conference of 2014

The attendance numbers for RSA are always impressive: this year had more than 25,000 attendees, 400+ sponsors and exhibitors, with more than 550 speakers. Such was the number of vendors that two large Exposition Halls – one each in the Moscone Center’s North and South buildings were used for vendor exhibits. The various sessions – including most of the technical track talks I attended – were in the Moscone West hall.

Earlier my colleague JM Hipolito shared her own thoughts about RSA; here is what I found most interesting there.

Opening Keynote: Finding a Path Forward in an Increasingly Conflicted Digital World

The Executive Chairman of RSA, Art Coviello, delivered the opening keynote. He gave his first public comment on the RSA and NSA controversy, as well as the need to separate the NSA’s offensive and defensive functions. But what I will remember most on his keynote is his call to governments and the security industry as a whole to adopt four guiding principles to help maintain a safer Internet for everyone:

  1. Renounce the use of cyberweapons, and the use of the Internet for waging war
  2. Cooperate internationally, in the investigation, apprehension and prosecution of cyber criminals
  3. Ensure that economic activity on the Internet can proceed unfettered and that intellectual property rights are respected
  4. Respect and ensure the privacy of all individuals

He also reiterated the need for the security industry and governments to work hand in hand to create a safer digital world that will benefit this and the generations to come. All of the guiding principles are all equally important, but I would like to highlight the first and second ones as being the most important.

The topic of cyberwar and cyberweapons is very sensitive, but I found the correlation between cyberweaponry and nuclear weapons compelling. I totally agree with Coviello’s statement that “we must have the same abhorrence to cyberwar as we do nuclear and chemical war.”

As for cooperation in prosecuting cybercrime, this is a topic where Trend Micro’s positions are well-known. We’ve frequently spoken about the need for researchers and law enforcement agencies to work together to prosecute the actual “threat actors”, as we believe that this is the most effective way to catch cybercriminals. These partnerships allow researchers and police to combine their strengths and ensure that Our efforts have netted effective results, most recently being the arrest of the creator of SpyEye.

Bitcoin Is Here: How to Become a Successful Bitcoin Thief

Uri Rivner of Biocatch and Etay Maor of Trusteer co-presented the one technical session at RSA dedicated to Bitcoins. They discussed the basics of cryptocurrency and how one can use it. They also discussed the usual use cases of Bitcoin: from creating a wallet and having your very own address, to filling the wallet with Bitcoins using an online Bitcoin exchange.

The highlight of the session for me was the a live demonstration of a hack using a SpyEye variant. In the demo, they performed a man-in-the-browser (MiTB) attack and stole the user’s Bitcoin from his wallet.

They also discussed the top cybercriminal activities that Bitcoin has been tied to. These include phishing attempts to steal Bitcoin-related website credentials, deploying RATs (Remote Access Trojans) to have direct access to desktop wallets, up to using botnets to mine Bitcoins (even though this is no longer particularly attractive).

They also explained why cybercriminals are interested in cryptocurrencies like Bitcoin. Because the cybercriminals believe that cryptocurrencies offers anonymity, they think that these will help in laundering money made from illegal activites. In addition, advanced services available in the cybecrime underground (like Bitcoin fogging services) may enable threat actors to further increase their anonymity tenfold.

In summary, the presenters said that Bitcoin is a new exciting frontier and encouraged everyone in the room to try and delve into it so that they understand its potential. They warned about the increasing phishing and malware attacks related to cryptocurrencies. They also pointed out that online Bitcoin exchanges and online wallets are low hanging fruit that may be a big opportunity for the cybercriminals. (The troubles of many online exchanges recently, including erstwhile leader Mt. Gox, have only reinforced this last point.)

The talk mirrored many of the points we have discussed. In December, we had discussed the possibility of Bitcoin’s then-record prices causing thefts of Bitcoin wallets. We had also earlier discussed how users can help secure their cryptocurrency. Overall, we share their sentiments: Bitcoin is the object of much potential, but is the subject of multiple threats as well.

Original Post from: RSA Conference 2014: The Way Forward

 

Definitely I will do a follow up post/s with my other insights on RSA, the keynotes and on Bitcoin. But not yet sure if it will be for menardconnect.com or my other tech blog.

Like my previous posts on RSA, I would like to convey my thanks to Jonathan and JM for their assistance with the article.

And of course some shout-out to my RSA 2014 buddies (Jamz, Malen, JM and Ian) for their ideas and thoughts that kept me sane in RSA. Another special shout-out to other pinoy AV dudes I’ve met in SF.

Lastly some disclosure:
I work at Trend Micro. The views expressed in this blog post are mine and mine alone and do not necessarily represent my employer’s positions, strategies or opinions.
To know more about me (work and other stuff), kindly visit my about page.
To know more about my blogs full disclosure policy, kindly visit my disclosure page

Until next post…

As mentioned in my previous post, I recently attended a security conference in San Francisco. As a result of that trip I was able to collect some insights and posted an article for TrendLabs Security Intelligence Blog. I am reposting that article here at menardconnect.com:

RSA Conference 2013: On Security Awareness, Hacking Back and Going Offensive Legally
by Menard Osena (Solutions Product Manager)

Two weeks ago, I attended RSA 2013 Conference in San Francisco and was impressed by the number of participating security vendors. The addition of the Human Element and Breaking Research in the technical track sessions also provided a refreshing stroke to this year’s presentations.

Below are some of my experiences and insights on some noteworthy discussions involving security awareness, hacking back, and going offensive legally.

The 7 Highly Effective Habits of a Security Awareness Program

Samantha Manke and Ira Winkler of Secure Mentem discussed their views on the difference between security training and security awareness. They highlighted the importance of a security culture in companies in enabling employees to apply best computing practices on a daily basis, resulting to long-term security awareness within the organization.

They presented the results of their recent study conducted among Fortune 500 companies in the Health, Manufacturing, Food, Financial and Retail sectors. This study focuses on security awareness campaigns that companies implemented and how effective these were. They came up with key findings that lead them to create their 7 Highly Effective Habits of a Security Awareness Program, which are:

  1. Create a Strong Foundation
  2. (Have) Organizational Buy-in
  3. (Encourage) Participative Learning
  4. (Have) More Creative Endeavors
  5. Gather Metrics
  6. Partner with Key Departments
  7. Be the Department of HOW

My key takeaway for this session is of course the last part.  We, the information security professionals, should be the “Department of HOW” and not the “Department of NO”. We must focus on how to allow users to do what they want safely, not simply saying no to our own customers and further locking down systems.

While I understand the need to establish dos and don’ts in company security policies, we should raise the bar and let security be a key part of solving business challenges, not an obstacle to it.

On Hacking Back and Going Offensive Legally

During the conference, I attended several sessions discussing intriguing concepts like hacking back and going offensive legally. One of the sessions was Highway to the Danger Zone…Going Offensive…Legally presented by George Kurtz and Steven Chabinsky of  CrowdStrike. The discussion focused on the idea of active defense as a form of offense against targeted attacks affecting companies. They clearly differentiated this concept from hacktivism and online vigilantism. However, Steven Chabinsky, being a lawyer, also expounded on its complexities like the differences of laws and legislation in different countries, making the concept difficult to define as of the moment.

Another session that covered very similar ground was Is it Whack to Hack Back a Persistent Attack?. Trend Micro’s Dave Asprey moderated this session. He was joined by Davi Ottenheimer of EMC Corporation, David Willson of Titan Info Security Group and again  George Kurtz from CrowdStrike. The panelists discussed the active defense/ hacking back phenomenon and its legal, ethical and business liabilities and complexities when practiced over the Internet.

Conclusion

My personal key takeaway from these sessions is the active defense concept entails risks and complications that may spur more problems instead of solving the situation. Instead, organizations, in particular security administrators, should have the correct mindset when it comes to targeted attacks and deploying an inside-out protection.

For now, I would stick with law enforcement agencies and private sector partnership as the best (and safest) path to combat targeted attack, exemplified by the Rove Digital Takedown last year.

Original article RSA Conference 2013: On Security Awareness, Hacking Back and Going Offensive Legally from : Trendlabs Security Intelligence Blog – by Trend Micro.

My special thanks to Jonathan, Gelo and Badette for their assistance with the article. Special mentions to my RSA 2013 session buddies (Benj, Cathy, Paul) their ideas and encouragement (they really kept me awake and sane during the RSA week)!!!

I miss my free six series so I will post more SF and RSA stuff here in menardconnect.com soon…

#RSAC: To San Francisco Now

I’m off to San Francisco for the RSA 2013 Conference. For the uninitiated, RSA Conference is one of the biggest information security conference held annually in the US (San Francisco), Europe and Asia. RSA 2013 will kick off tomorrow February 25 and will be held until Friday March 1 at the Moscone Center in San Francisco, California, USA.

RSA2013

As described in the official conference website:

RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry. This year we will be debuting:

  • 275+ sessions across 22 tracks – including seven newly created tracks
  • 20-minute and 60-minute sessions are offered so you can acquire more knowledge and maximize your Conference experience.
  • An additional Expo space to accommodate even more industry-leading vendors!
  • And more…

I’ve been in several RSA conference and it feels great to be back again. I have previously share my RSA experiences here, here, here, here and here.

This year’s theme is “Security in knowledge, Mastering Data. Securing the world”. The conference website also detailed the this year’ theme 2013: Security in knowledge- RSA Conference 2013 theme

The Gutenberg Printing Press

Data by itself is nothing but a collection of facts and figures, letters and numbers. However, when ignited by understanding and context, data can become so much more. In 1440, Johannes Gutenberg, a goldsmith by profession, completed his invention of the printing press, which sparked a revolution in the way people see and describe the world they live in. This collection of wooden and metal letters, regarded as one of the most influential inventions of the second millennium, led to the mass distribution of information and a wave of enlightenment that modernized and transformed culture. Today, we live in a digital age where the printed page is becoming obsolete. But we find ourselves amidst our own information revolution. Data has grown big and gets bigger with every digital transaction we make. It also is more accessible than ever, which leads to the questions, “how do we use, secure and share the information that surrounds us?” As we stand in the midst of the change we look back to the time of Gutenberg to find inspiration for the future of security. Knowledge has always been power. Knowledge has always kept us one step ahead of security threats. We’ve found security in knowledge. And just as Gutenberg’s wooden and metal letters sparked the evolution of culture, at RSA Conference 2013, we bring our security insights and perspectives together to ignite the mass of information that surrounds us.

OK I am starting to sound too geeky now 🙂 Sorry, kinda excited 😀

I will do my best to post something related to RSA and other #security #infosec related here in my blog soon…

RSA 2010 Insights and Some Random Pics

Everybody here in RSA 2010 are talking about the Cloud and Cloud Security!!! Whooah! I’m very glad that my company (Trend Micro)  have a good head-start on this topic!!! (trying to relive my FUNtastic skit adlibs)

I would like to share some random pics I shot In the RSA 2010 Conference here at the Moscone Center in San Francisco. I will make it six random pics in the tradition on my six cafe world cheats, six petville cheats, six ninja saga tips, and free six video posts. Have fun!!!

ESET/NOD32 Robotic Booth

Kaspersky Flashy Booth Banner

Mcafee Banner

Sophos Booth

Websense Booth

And last but not the least is Trend Micro Think Again campaign

Watch out for more pics and RSA2010 updates here in my blog.

RSA 2009 Day 3, Day 4 and Day 5

This is a long delayed post. Was really busy with some office stuffs when I arrived to Cupertino office. So the highlights:

Day 3
Ira Winkler’s Is Google Evil? preso is a good one. He discusses some good points on potential Google apps with controversial policies. (From CNET/Schmidt, Google Streetview, UK protests, Japan Legal issues, to Google Health and Goog-411 etc.). I have used Google Maps here quite often and have tried the Streetview app. I agree with Ira that this street view feature is helpful for the commercial establishment but the risks to residential areas are high. The other points raised are worth some blog posts here in the future.
On the keynote speeches on the afternoon, the first one was The Obama Administration’s Cyberspace Policy Review. We were so excited to hear this out but sad to say that the speech was boring. Good thing John Chambers of Cisco came next and gave one good speech on Collaborate with Confidence.
Dave Dewalt, Mcafee’s CEO cannot keep up with the pace that Chambers set. Sorry but I find his “The Cybersecurity Challenge – How Do The Good Guys Win?” old news and boring.

Day 4
Day 4 gave the best session for me: Exploiting Online Games. The audiences were few, but all of us are very interested, as we are all gamers, young and old alike. Greg Hoglund discusses his progress on exploiting guess what? World of Warcraft. He also discussed the gaming sweatshops businesses in China, Philippines and other third-world countries. Another researcher discussed his experience with Disney’s Pirates of the Carribean. He also gave cool clips and funny experience. Another panelist is a lawyer who handled high profile game related lawsuits. And the last panelist discusses his tricks in the poker game Hold em.

No special keynotes for the day 4 since the one that we want to attend was cancelled (Wikinomics)

Day 5
First session I attended was “Threat Horizon – Discovering the Threats of the Future”. The methodology the presenter discussed is logical and overall the preso was good. Next session I attended is 2009 Cyber Threats and Trends which is a great last presentation for the RSA 2009 (as the afternoons was reserved for keynote sessions)

The afternoon keynotes were great. The Hugh Thompson show featured a victim of a Facebook Scam and share his experience. This is a very informative info and definitely worth another blog post in the future.

The Mythbusters session was A-OK. I initially thought that they will do some serious busting of a techie myth, but do it in front of all these security professionals and industry experts will be tough. I gave up deciphering the code they gave out in the early days of RSA 2009, and good thing they explained it was either all people will get it right or no one at all. They got the biggest deciphering machine that I’ve seen. See the picture taken by my colleague JC.
rsa-2009-mythbusters

They gave some good loud bang to end RSA 2009 though and I think that was cool.