The RSA Conference is this week in San Francisco, so we’ve put together a few must-read stories from the event so far:
Microsoft and the Cybersecurity Tech Accord
On April 17, an alliance of 34 tech companies, including Microsoft, unveiled a joint policy statement called the Cybersecurity Tech Accord. It outlines their roles in international cyber affairs, as they pledge to not help any nation’s government carry out cyberattacks against innocent citizens and enterprises.
These tech giants also pledge to “protect all customers globally regardless of the motivation for attacks online.’’ Microsoft President Brad Smith called on tech companies, government leaders and citizens to do more to strengthen security against nation-state actors during his Microsoft news briefing at RSA. The companies that signed scheduled their first meeting during the RSA Conference. Xconomy
Smith also took time at RSA to announce Microsoft’s use of Linux operating system software, rather than its own Windows, for new security features for microcontrollers used to power internet-connected consumer household devices. Why? There was a threat from a 2016 botnet attack that took down parts of the internet by hijacking connected devices like routers and webcams. But the choice to run Linux is a bit surprising, after Microsoft's previous criticism of the open-source system. The Washington Post, Associated Press
Musings on Blockchain
Cryptographers, professors and cybersecurity experts discussed the difference between cryptography and cryptocurrency on a panel at RSA, taking time to explain the hype around blockchain and where and when it should be used. Ron Rivest, an MIT professor, said voting is a bad fit for blockchain. "You want to make sure the voters have the ability to know their vote was recorded properly," he said, and blockchain makes providing verification of that difficult.
Adi Shamir, Borman professor of computer science at The Weizmann Institute in Israel, said though the tech is overhyped, it can be used one day to guarantee the validity of digital signatures once quantum computing picks up. "In the future, one way to use blockchain to guarantee the security of digital signatures is to simply prove the signature was generated today before quantum computers were available,” he said.
But Paul Kocher, a security researcher and consultant, said though blockchain is an interesting tool, it’s not necessarily a business. The panelists even go on to talk about social media, and their opinions are worth a read. ZDNet, ESecurityPlanet
A Product Hot List
If you’re interested in the new security products announced at RSA but weren’t able to see them for yourself, CRN provided a handy list. Vendors set up shop at the conference to launch new offerings, security features and platforms; and for the more than 550 exhibitors, it’s a way to showcase their goods to a crowd of 40,000 people. The two most popular areas for new product development were in cloud security, and security orchestration, threat detection and incident response.
Products ranged from identity management, data protection and endpoint security to web, application and email security. The Kenna Application Risk Module, for example, uses data science to enable security and development teams to continuously manage risk across an entire application portfolio. Forcepoint Dynamic Data Protection uses human-centric behavior analytics that understand interactions with data across users, machines and accounts, to assess risk. CRN
(For a list of the RSA Conference annual award recipients, click here.)
Show Floor Sightings: A Fox and the Magician
On a lighter note, some companies choose to market their security products in a more creative way. Among all the talk on malware protectors, threat actors and national security were the conference’s day two hits: a fox and a magician.
The magician was Nick Federof, and he stood outside a booth offering a "security cloud [that] detects web and email-based threats as they emerge.” There were playing cards scattered across the floor and hand movements as Federof explained that by moving security to the cloud with Cyren, you can stay ahead of advanced cyberthreats.
Then, there was ZeroFOX, a “social media and digital protection platform built for enterprises” hosted by a man in a giant fox suit. The services at ZeroFOX can help protect against social media account hijacking, but the fox knows how to strike a pose, apparently. Both seemed to capture the attention of conference goers on the second day of RSA. Mashable
A Global Cyberpandemic
That’s how Glenn Gerstell, a general counsel for the National Security Agency, referred to the current cybersecurity threat landscape at a RSA panel. She compared today’s threats to the global influenza pandemic of 1918, because nearly all humans were exposed to it. Similarly, no one is immune to today’s cyberthreats, including citizens, all level of government and private companies; and the biggest threats are posed by nation-states like Russia, Iran, China and North Korea (take our voting system, for example).
Defense is a group effort, and the national government isn’t the only target. When Atlanta faced a major ransomware cyberattack, the FBI and the Homeland Security Department were called in to help.
And Leonard Bailey, special counsel for national security with the Justice Department, assured that continued federal assistance is on the way. He’s optimistic that Congress will pass data breach laws to strengthen the future of cybersecurity nationally, and at the state and local levels. GovTech