RSA Conference

ARTICLE

The Best of RSA Conference 2019

Information Security Media Group •  April 8, 2019

At RSA Conference 2019 in San Francisco, Information Security Media Group's editorial team conducted more than 150 video interviews with industry thought leaders. Here are the highlights.

Measuring Security Effectiveness in a Dynamic Threat Landscape

Varun Haran •  April 8, 2019

Strong business resilience metrics for measuring effectiveness, simpler networks and smaller tool sets are all needed to cope with the evolving threat landscape, says retired Major General Earl Matthews, senior vice president at Verodin.

Developing a Comprehensive Mobile Security Strategy

Varun Haran •  April 8, 2019

Organizations need to go far beyond putting security software on mobile devices and develop a much broader mobile security strategy, says Michael Covington of Wandera.

Coping With Burnout in the CISO Role

Varun Haran •  April 8, 2019

Faced with the increasing sophistication and maturity of cyber threats, CISOs and security teams need to devise ways to better cope with the high-stress environment, says Webroot's Gary Hayslip,

Behavioral Biometrics-Based Authentication: A Status Report

Varun Haran •  April 8, 2019

The quality of authentication provided by behavioral biometrics is improving, says James Stickland, CEO of Veridium. Nevertheless, he says, "we haven't reached a maturity level where it is used as an explicit form of authentication, but it's certainly now deemed as an implicit form of authentication."

DDoS Mitigation in the Age of Multicloud

Varun Haran •  April 8, 2019

DDoS attacks are getting larger in size and shorter in duration at a time when multicloud environments, which lack a single point of monitoring, are becoming more common, says Ashley Stephenson, CEO of Corero Network Security, who offers risk management insights.

Mobile Banking: How Secure Are Those Apps?

Tom Field •  April 4, 2019

Ex-black hat Alissa Knight recently joined Aite Group's new cybersecurity practice, and among her first tasks: a hard look at the security of major financial institutions' mobile banking apps. The results may surprise you.

ARTICLE

15 Highlights: RSA Conference 2019

Mathew J. Schwartz •  April 4, 2019

Keynotes and briefings at the recent 28th annual RSA Conference 2019 covered a wide range of topics, including privacy, hackers, cyber extortion, machine learning, artificial intelligence, human psychology, legal matters, career advice and internet-connected device concerns. Here are 15 highlights.

What Organizations Need to Know About Container Security

Varun Haran •  April 4, 2019

Traditional security processes and controls don't translate cleanly to containers, says Sabree Blackmon of Docker, who does not recommend treating containers as virtual machines to help maximize the benefits.

The Threat Landscape for Small and Midsize Enterprises

Varun Haran •  April 3, 2019

In addition to relying to heavily on anti-virus and anti-malware tools, small and midsize enterprises lack the resources or expertise to catch new and sophisticated forms of attacks, says Dell's Brett Hansen, who offers strategic insights.

The Pitfalls of Using AI and ML in Security

Varun Haran •  April 3, 2019

Using artificial intelligence and machine learning in cybersecurity has pitfalls, says McAfee's Steve Grobman, who describes appropriate steps to take.

Vendor Risk Management: More Than a Security Issue

Varun Haran •  April 3, 2019

Vendor risk management must be a higher priority in all business sectors and must extend beyond security to include privacy, says Kabir Barday of OneTrust.

Making a Case for Orchestration and Automation

Varun Haran •  April 3, 2019

Alert fatigue is a major challenge, and the ability of SOC teams to be proactive is hamstrung by the fact that they spend a lot of their time in doing repetitive work, says Cody Cornell of Swimlane, who advocates broader use of orchestration and automation.

Getting the Most Out of SOAR

Varun Haran •  April 3, 2019

Taking a workflow-driven approach is critical to successfully embrace security automation, orchestration and response - or SOAR - technologies, says Dan Sarel of Demisto.

Addressing the Visibility Challenge With Deception

Varun Haran •  April 3, 2019

It's becoming increasing important to detect adversaries that have bypassed your security controls and moved laterally in your environment, says Carolyn Crandall of Attivo Networks, who describes the role deception can play.

Tips on Articulating Cyber Risks and Insider Threats

Nick Holland •  March 29, 2019

Communication of cyber risks to executives using enterprise risk methodologies is imperative for improving incident prevention, according to Randy Trzeciak and Brett Tucker of Carnegie Mellon University, who offer tips.

Why Security Is a Critical Safety Parameter for Operational Technology

Varun Haran •  March 29, 2019

The operational technology world is focused on two things: safety and reliability. But with increasing IT-OT integration, cybersecurity needs to be considered the third leg of the stool, says Phil Quade, CISO at Fortinet.

Bringing Operational Technology to the Forefront

Nick Holland •  March 29, 2019

Many third-party risk programs address information technology but not operational technology, says Dawn Cappelli of Rockwell Automation, who discusses why OT security should be a priority.

Dealing With Security Analyst Turnover

Nick Holland •  March 29, 2019

Analyst turnover is a pervasive problem for the cybersecurity industry. Mike Armistead, CEO of Respond Software, sees robotic decision automation as a solution.

The Need to Focus on Detection, Remediation

Nick Holland •  March 29, 2019

Because of the wealth of personal information available on the dark web, breach detection and remediation are more urgent than prevention and protection, says Nick Hayes of IntSights.

Why Email Is Still So Vulnerable

Varun Haran •  March 29, 2019

Email remains the top threat vector for organizations. And while the move to cloud-based solutions has significantly improved email security, environments such as Office365 have their own complexities that need to be addressed, says David Wagner, CEO of Zix Corp.

Actionable Threat Intel in the IoT Era

Varun Haran •  March 29, 2019

The advent of IoT devices and IT/operational technology integration have dramatically expanded the attack surface. And as a result, the definition of threat intelligence is changing, says Vishak Raman of Cisco.

Is 'Zero Trust' the New Wave in Security?

Varun Haran •  March 29, 2019

The conventional approach to cybersecurity focuses on separating the good from the bad using perimeters, firewalls, containers and other methods. But Corey Williams of Idaptive says that approach is no longer sufficient.

Perpetual 'Meltdown': Security in the Post-Spectre Era

Mathew J. Schwartz •  March 28, 2019

The information security world has been beset by the emergence of multiple side-channel attacks, including Meltdown, Spectre and most recently Spoiler, that have proven difficult to fully fix, says Bill Conner, president and CEO of SonicWall.

The Impact of Digital Transformation on Security

Varun Haran •  March 28, 2019

Identifying the data gaps in the rapidly expanding attack surface is critical to allow more sophisticated preventive and response capabilities, says Kory Daniels of Trustwave.