The RSA Conference: Asia Pacific & Japan 2016 concluded last July 22nd in the majestic Marina Bay Sands hotel here in Singapore.
Traditionally, my team helps in the Fortinet exhibit booth to assist with FortiGuard-related inquiries. However this time, I was lucky to have been granted a full conference pass so I got access to the presentations, free snacks, free lunch, and more importantly, free desserts.
While I would love to talk more about the desserts, there were many great talks at RSA this year that were enlightening in terms of where we stand today in the IT security field that I need to discuss.
In this post, I am reviewing the four topics that resonated with me the most.
TALK 1: “The Shifting Botnet Landscape”
In this presentation, Chris Richter, Senior Vice President of Level 3 Communications’ Global Security Services, talked about the importance of achieving balance in Security through threat intelligence collaboration, governance, and the effective use of technology and InfoSec budgets. Obviously, this talk was directed at a Chief Security Officer (CSO) or similar level position, but it was interesting to know that 45% of the total IT budget of many companies today is spent on data security. That’s almost half!
Richter also talked about case studies of several attacks, namely, the Angler Exploit Kit, an SSH Brute Force Attack, PoSeidon, and the Kaiten DoS Bot, and how they used the threat intelligence they collected to successfully disable the infrastructure of these attacks. Threat intelligence in action, eh?
You can download the full presentation here.
TALK 2: “Hide and Seek: How Threat Actors Respond in the Face of Public Exposure”
As a security researcher, this topic from Marcin Siedlarz and Kristen Dennesen, Senior Threat Intelligence Analysts from FireEye, Inc., raised an interesting point. In this presentation they reviewed some case studies of various Advanced Persistent Threat (APT) groups, and how they reacted when their malicious operations were publicized through APT campaign reports.
This got me thinking about how security researchers’ efforts on exposing threat actors’ operations is always a double-edged sword. While it allows cyber-defenders to update their defences, it also has the adverse effect of alerting threat actors to update their infrastructure and methodologies in order to remain undetected. Exposure is a balancing act, and security researchers need to weigh the benefits of publicizing an attack versus the possibility of threat actors shifting their tactics to continue to evade detection.
If you ask me, it’s all about timing. If there is a possibility of disrupting a malicious operation, then it’s best to keep the information private in the meantime until the disruption is over. If otherwise not possible, and after careful assessment and looking at various options, then publicizing the information as soon as possible would be most beneficial to the security community.
It is important to note that there is a high chance that threat actors’ tactics, techniques, and procedures (TTPs), even when not publicized, are going to be updated at some point. It is not uncommon for APT actors, for instance, to use new tools for their operations over time.
The important thing is that we disseminate our findings at the time when it is most advantageous, as information sharing, I believe, is the fastest way to enable appropriate defences to the security community at large.
The full presentation for this topic is available here.
TALK 3: “Securing the World-Sized Web”
In this keynote talk, Bruce Schneier, Chief Technology Officer of Resilient and security technologist, talked about the explosion of Internet of Things (IoTs) and its implications to the physical world. These days, more and more devices are coming online, and where there are Internet-connected devices, threats follow. Schneier said, “When you start having things that affect the world, the effects of a security breach are much greater. They’re an actual risk to life and property.”
In fact, this is already happening now, and one good example is the impact on Industrial Control Systems (ICS). Just last December, 2015, we saw the first confirmed hacker-caused power outage in the Ukraine. Now that more IOTs are being deployed, it exposes a larger attack surface with which to target consumers, with consequences that may be grimmer than an infected PC or smart phone.
On the whole, I think this is inevitable. It has already started happening, and this is the direction of technology – while providing us with a more efficient life, it brings its own, new risks. It is important, however, that we understand these risks in order to help us make better decisions moving forward as consumers of IOT, as manufacturers of IOT devices, as government officials involved in developing computing systems policies, and as human beings.
You can read more about this topic here.
TALK 4: “IoT Security and Risk Management”
As usual, the Fortinet talk was also very timely, focusing on the risks being created by the growth of IoT. This talk, by Fortinet’s very own Chief Security Strategist, Tyson Macaulay provided more in-depth information about IoT than Schneier did. Macaulay talked about current IoT trends, security, and the management of risks that accompanies them.
You can get the entire “IoT Security and Risk Management” presentation here.
As Bruce Schneier once said, “Security is a process, not a product.” It is not something that is achieved; rather it is something that is maintained and improved over time. Events such as this RSA Conference are a good opportunity to learn new ideas and see what our current options are to improve security.
You can find a copy of all the RSA Conference Asia Pacific & Japan 2016 presentations below:
All available downloads and media can be found at the following link:
Big thanks to Fortinet’s Marketing Team for the invitation!
-= FortiGuard Lion Team =-