RSAC 2015: Jane Lynch, Computer Overlords & Smarter Authentication
The 2015 RSA conference kicked off with none other than actress Jane Lynch who promptly launched into a hacker-themed rendition of David Bowie’s Changes, complete with a three-person male backup singing group. No, but for reals.
Changes - while arguably the theme every year, one would hope, it emerged with a sense of real urgency this year throughout each keynote.
Amit Yoran, President of RSA, started the first keynote of the day in eerie darkness; a metaphor! to drive home the point that the infosec industry is stumbling around the dark, traveling on unknown, new terrain, using a no longer relevant map - the dark ages of infosec. He argued that the technology we’re in charge of protecting has developed so rapidly, infosec is struggling to catch up.
He quoted Jennings - “I, for one, welcome our computer overlords.” Computers are proving themselves better than us, even in significantly human tasks, such as creative writing, emotional expression, art, even driving cars. Technology will control its own destiny, producing results that we can’t predict.
If 2014 was the year of the mega data breach, then 2015 was the year of the super mega breach. And to keep attackers away, we’re simply building taller walls and digging bigger moats - but taller walls aren’t solving our problem.
The irrational obsession with the perimeter has placed the focus on the perimeter - antivirus, firewalls - they’re limited by their experience, as they have to be taught a threat in order to detect it. It’s time to realize that things are different and to stop clinging to our old maps.
It’s time to pursue security’s own age of enlightenment. Yoran named five ways to navigate our new terrain:
-
Even advanced protections fail - a well-resourced and creative adversary will get into your environment, no matter how high our walls - focused adversaries will find a way in.
-
We need pervasive and true visibility - into cloud and mobile environments. We need endpoint visibility. We need to know exactly which systems are communicating with each other, and the content itself to determine what’s going on. If you don’t have this level of visibility and agility, you’re only pretending to do security.
-
Identity and authentication matter more. Verizon’s 2015 DBIR stated that 95 percent of attacks involved stolen credentials that allowed attackers to walk through the front door. End user attacks open the gates to our adversaries - not sophisticated attacks. Strong authentication with the ability to analyze who is accessing what can help us identify attacks earlier in the kill chain.
-
External threat intelligence. This includes threat intelligence from commercial vendors and Information Technology Information Sharing and Analysis Centers (ISAC). Businesses must also stop using email for sensitive communications, as attackers often target mail servers.
-
Understand what matters most to your business, as well as what is mission critical. Inventorying and prioritizing what’s important to your business is key.
Check back here for more RSA conference summaries and updates, and follow @duosec and @Thu_Duo for real-time tweets!
And if you're attending #RSAC2015, visit Duo's booth #2345 at Moscone South Expo. Check out our entire RSAC agenda.