5:09 am (UTC-7) | by Pawan Kinger (Vulnerability Research Manager)
In my previous blog post, I discussed some key takeaways that I got from the talks I attended in the recently concluded RSA 2013 in San Francisco, California. This time around, I want to share in length, some of these noteworthy sessions.
Innovation Sandbox was a packed session that Hugh Thompson ran quite deftly. Ten startups were selected and given three minutes to explain their technology, followed by a two-minute question-and-answer session, with questions coming from the judging panel, made up of industry experts.
All the company representatives talked about what they were doing and had to prove why their solution would work and generate revenue in the future. A white board session followed where thoughts from the audience were taken and put on an online whiteboard.
The participants also had the opportunity to meet (or “date”, as they put it) with potential investors in an igloo-styled hut. Winners from previous years were also present to share their experiences and mingle with the participants.
Panel discussion on future of end point security
This panel discussed how changes in end-points are changing the security landscape. Bring Your Own Device (BYOD) and Virtual Desktop Infrastucture (VDI) are ensuring that enterprises no longer have the same control over theirs networks and devices that they had in the past. Solutions such as traffic filtering, network access control (NAC), software defined security (SDS) vs. traditional solutions were discussed. There was no definitive answer - each technology has its uses, pros, and cons – but the points that came out from these discussions were quite insightful.
Awareness Doesn’t Matter: A Behavior Design Approach to Securing Users
This session talked about how user behavior could be used to trigger potential security alerts. This is an interesting area for research, but in actual usage is prone to false positives. However, in situations where security is an absolute must and false positives can be tolerated, this may be of use.
Malware Hunting with Sysinternals
Mark Russinovich, the author of the Sysinternals tools suite, gave a brilliant talk about what’s new with Sysinternals tools and how these can used for malware analysis. His aim was to show how to carry out a quick analysis if there are any suspicious files on a system. He also discussed future developments, like more color coding for faster visualization of event. Russinovich kept the tone of his talk light, thanks to his wit and sense of humor.
Panel discussion on cryptography
Some of the most well-known cryptographers today – Whitfield Diffie, Ron Rivest and Adi Shamir – talked about the present and future of cryptography. They discussed the practical applications of cryptography, and the possibility of some of the algorithms being broken in the near future.
Keynote by Jimmy Wales, founder of Wikipedia
Probably the most engaging and entertaining talk this year, Wikipedia founder Jimmy Wales was full of energy, fun and wit. He shared interesting facts about Wikipedia and some statistics about its visitors and contributors. One remarkable and less known aspect about Wikipedia is its scope, even reaching places with no Internet access. How? Wikipedia is written on DVDs and sent to these areas, which are in parts of developing countries which have computers but no Internet access.
Keynote by Dr. Condoleeza Rice
Former US Secretary of State Rice is definitely a great speaker. She not only touched issues related with cyber or national security, but also some broader concerns. These include its educational system, the drop in skilled citizens, immigration, and allowing more foreign skilled workers to foster innovation in the US. She mentioned Canada and Australia as emerging innovators (and possible competitors) if the US doesn’t keep up. She also mentioned the government’s interest in improving cyber laws and working with other countries.
The expo is definitely the key part of the show. The floor was a vibrant place, with every vendor talking about their innovations and announcements, showcasing their products, and offering goodies to their visitors. It was a good place to informally talk about products and solutions.
Overall, it was a great experience. Seeing so many perspectives was great which you tend to miss when working. The RSA conference was the perfect venue to meet colleagues, partners, customers and concerns and how companies and governments are working together to improve the situation.
Share this article