Security Management Strategies for the CIO
The RSA Conference 2011 displays some of the latest threats and trends in the information security industry. To keep you informed, we've complied the most up-to-date news and multimedia from RSA Conference 2011.
TOP STORY
Data loss prevention best practices start with slow, incremental
rollouts
Early adopters of DLP deployments say slow, incremental rollouts help reduce the burden
on IT staff and the potential for chaos among business units.
FEATURED VIDEO
Scott Charney: Microsoft security policy and collective defense
In
this video, Scott
Charney, Microsoft VP
for Trustworthy Computing, discusses collective defense, the Microsoft
security policy proposition
for securing consumer computers on the Internet.
MORE RSA 2011 VIDEOS
Cloud
computing contracts: Tread carefully
RSA panel offers advice on legal considerations for organizations entering cloud service provider
contracts.
Collaboration
crucial for fighting phishing techniques
Phishing's not going away any time soon, but clear communication and cooperation between
organizations sending emails to their customers and the webmail providers that filter those emails
can help cut down on the number of phishing attempts that hit inboxes, said a panel at RSA
Conference 2011.
McAfee-Wind
River partnership to foster mobile, embedded system security
The deal will put McAfee's ePolicy Orchestrator agent inside Wind River's embedded operating
systems, enabling enterprises to boost embedded system security to non-traditional endpoints.
RSA
attendees skeptical about cloud service provider security
Attendees at the RSA Conference 2011 said cloud computing is good for certain business
applications, but they're leery of putting sensitive applications, such as those used in health
care or education, in the cloud.
Smart
grid security issues hinge on infosec, operator teamwork
Bridging the chasm between information security and utility infrastructure teams is the only way to
solve smart grid security issues. Fortunately, NERC CIP compliance is forcing change.
Cloud
computing compliance: Visibility key
Transparency is essential for security and compliance when working with cloud services providers,
RSA panelists say.
APT
detection, prevention are hard, but possible
A panel at RSA 2011 explains the organization and methodology behind targeted persistent attacks
and what organizations can do to detect and respond to APT.
Unique
attacks highlight Internet espionage trends
Attackers are using malware samples that researchers have never seen before -- and will never see
again -- to successfully steal data from unsuspecting organizations, governments and
individuals.
Survey
reveals skills needed in IT security pros
A survey by certification firm (ISC)2 found a need for IT security professionals to
improve application development processes and expertise to weigh cloud computing risks.
RSA
panel debates cyberwar definition, realities
At RSA Conference 2011, a panel of experts, including Bruce Schneier and former DHS secretary
Michael Chertoff, discussed cyberwar, espionage and how the ground rules for handling such
conflicts will be decided.
Move
to IPv6 could help spambots churn out more spam, malware says botnet expert
Antispam measures that rely on IP blacklisting could be less effective if Internet Service
Providers take the wrong approach to IPv6, said prominent malware expert Joe Stewart.
RSA
2011: Schmidt-led Town Hall confronts public-private cooperation – again
At RSA Conference 2011, a Town Hall-style meeting of government cybersecurity officials, pressed
for continued public-private sector cooperation.
Kaminsky,
DNSSEC deployments experts say protocol will boost security
Network security expert Dan Kaminsky touts the security improvements DNSSEC provides, but admits
that it will take time for businesses and consumers to reap the benefits.
Signature-based
antivirus dying, but bigger problems loom
While security pros should be concerned with the decreasing efficacy of signature-based antivirus,
employee threats should warrant increasing attention.
Cloud
computing contracts: Tread carefully
RSA panel offers advice on legal considerations for organizations entering cloud service provider
contracts.
Microsoft
security chief stumps for Internet health check system
Microsoft Vice President of Trustworthy Computing Scott Charney at the RSA Conference 2011
discussed Collective Defense, Microsoft's proposed Internet health check system for consumer
computers, and how it should be implemented not by governments and ISPs, but by enterprises.
Focus
on people, not technology, cryptographer says
A prominent encryption expert at the annual cryptographer's panel at RSA Conference 2011 said
poorly implemented encryption deployments are being stymied by employee errors.
Software
fraud, phony electronic parts pose serious security risks, expert says
A supply chain management expert studying ways companies can crack down on cheaply made imitation
parts and software is urging software makers and manufacturers of electronic devices to develop
better technologies to weed out fraudulent items.
White
House CIO talks up cloud computing strategy
White House chief information officer (CIO) Vivek Kundra on Monday outlined the U.S. government's
strategy for cloud computing, a shift he said is critical in order to cut costs and improve
efficiency.
Better
methods needed to discover network configuration flaws
Examining firewall logs is not enough and most common network penetration tests often miss network
misconfiguration issues, leaving sensitive information vulnerable to outside attackers, said a
prominent network security expert.
Symantec
turns to reputation security to bolster malware signatures
Symantec Corp. is adding new reputation scoring technology to its enterprise endpoint protection
suite in a move security experts and analysts say will force its competitors to react by bolstering
similar technologies.
Emerging
theme at RSA Conference 2011 may be 'mostly cloudy'
For the last several years, security experts and vendors at the RSA Conference have explained the
risks associated with the use of cloud-based services. Far fewer have identified specific ways to
protect data in the cloud. That may change at RSA Conference 2011..
Cloud computing security summit draws growing crowd
Cloud Security Alliance event expands to accommodate growing interest.
IT
security career experts to dish out practical advice at RSA Conference 2011
Information security growth is fueling fierce competition among job applicants, according to Lee
Kushner and Mike Murray, IT security career experts who follow the industry closely. Both career
experts will be participating in an information security career development session at the RSA
Conference 2011.
Security
B-Sides brings its buzz back to San Francisco and RSA Conference
Security B-Sides isn't just for big conference rejects any more. This little-conference-that-could
has grown up and become a force on the information security speaking scene. Its latest incarnation
springs up Monday, a day ahead of the official start of RSA Conference 2011, around the corner from
the giant Moscone Center, home to the security industry's biggest annual event.
RSA Conference coverage 2010
In anticipation of the upcoming RSA Conference 2011, check out our in-depth coverage of last year's
event.
Bruce Schneier on cyberweapons and cyberespionage
In this RSA Conference 2011 interview, security luminary Bruce Schneier, discusses offensive
cyberweapons and cyberespionage as well as looking at how critical infrastructure is standing up to
cyberattacks.
Bruce Schneier: What is cyberwar?
In this RSA Conference 2011 interview, security expert Bruce Schneier, Chief Security Technology
Officer of BT Group tries to answer the question, "What is cyberwar?" Schneier discusses the
difference between cyberwarfare and cyberespionage, who you report a cyber attack to and what
exactly classifies as a cyber attack.
Expert Bruce Schneier's Stuxnet malware analysis
In this RSA Conference 2011 interview, security luminary Bruce Schneier, breaks down his Stuxnet
malware analysis. Schneier discusses who could have benefited from creating Stuxnet, how the main
stream media hype affected the Trojan, how it could have been implemented and more.
CISO interview: Choosing enterprise risk management policy
In this video interview from RSA Conference 2011, CISO Scott Sysol discusses his organization's
enterprise risk management policy on various emerging technologies, such as smartphones, social
networking and cloud computing.
Microsoft's Scott Charney on fighting botnets, rogue antimalware
In the final segment of SearchSecurity.com's exclusive RSA Conference 2011 video interview with
Scott Charney, Microsoft's Corporate Vice President of Trustworthy Computing, he discusses a
variety of concerns on the enterprise threat landscape, including fighting botnets and rogue
antimalware.
Q&A: The state of the Microsoft Trustworthy Computing initiative in
2011
In this exclusive video interview from RSA Conference 2011, Microsoft Corporate Vice President of
Trustworthy Computing Scott Charney and SearchSecurity.com Senior Site Editor Eric B. Parizo
discuss the state of Microsoft's Trustworthy Computing initiative in 2011.
Microsoft's Scott Charney on cloud computing and privacy
In this exclusive video from RSA Conference 2011, Microsoft Corporate Vice President of Trustworthy
Computing Scott Charney discusses cloud computing and privacy, including what his mom taught him
about cloud computing.
Scott Charney: Microsoft security policy and collective defense
In this video, Scott Charney, Microsoft VP for Trustworthy Computing, discusses collective defense,
the Microsoft security policy proposition for securing consumer computers on the Internet.
RSA 2011: Attendees talk threats, security solutions
In this video from the RSA exhibitor show floor, they share their views of the state of the threat
landscape, the evolution of the RSA conference and the kinds of security vendor technologies that
appeal to them. At RSA Conference 2011 attendees looked for security technologies that addressed
complicated cloud computing data protection issues. While businesses continue to invest in ongoing
compliance projects, security professionals attending the conference said their top concern was on
finding ways to defend against targeted attacks.
Secure application development processes improving, expert says
In this interview conducted at RSA Conference 2011, Gary McGraw, chief technology officer at
Cigital Inc., a software security and quality consulting firm, explains how more organizations are
embracing software development processes to improve the code they are producing. Using the right
tools and procedures helps eliminates serious vulnerabilities and reduces the risk of successful
attacks, McGraw said.
CISO details DLP deployment issues at RSA Conference 2011
In an interview at RSA Conference 2011, Larry Whiteside Jr., CISO of the Visiting Nurse Service of
New York, outlines some of the successes and the pitfalls of deploying data loss prevention
software for the first time. Whiteside took part in a panel discussion giving RSA attendees tips on
how to successfully deploy DLP on endpoints by carefully rolling it out in stages.
RSA 2011: Dan Kaminsky on the ROI of DNSSEC for enterprises
In a brief interview following a presentation on DNSSEC at RSA Conference 2011, network security
expert Dan Kaminsky explained why enterprises need to pay attention to DNSSEC deployments.DNSSEC,
or DNS Security Extensions, are a set of protocols that introduce PKI into the Domain Name System
(DNS). The networking experts behind the protocol change have been making steady progress rolling
out the systems to support the secure protocol.
Mobile malware targeting Android, iPhones, says Kaspersky Lab
expert
Mobile malware has been increasing in scope and intensity explains Denis Maslennikov, senior
malware analyst on Kaspersky Lab's global research and analysis team. As Maslennikov explains,
mobile malware infections are still fairly rare, but they have targeted smartphones running nearly
every platform. There have been examples of successful malware infections hidden in mobile
applications installed on unlocked devices. Other infections continue to rely on more heavy user
interaction via SMS or text message, getting victims to dial a pay-number.
VeriSign CSO on new IPv6 threats, Internet stability and security
VeriSign CSO Danny McPherson talks about the new threats posed by the move from IPv4 to IPv6 and
the issues hindering the the adoption of the next Internet protocol.
Security researcher calls for greater focus on supply chain
assurance
Hart Rossman, vice president and CTO for cyber programs at SAIC says more needs to be done to
secure hardware and software moving in the global supply chain. Rossman explains the threat posed
by poorly manufactured, bogus parts and software.
Advice and suggestions for getting the most out of RSA 2011
In this edition of Patrolling the Channel, Kevin McDonald of Alvaka Networks shares his
advice for getting the most out of your trip to the 2011 RSA Conference, including suggestions for
specific sessions.
RSA Conference 2011 preview: State of APT
In this RSA Conference 2011 preview video, SearchSecurity.com News Director Robert Westervelt
moderates a discussion on the state of the advanced persistent threat (APT). Speakers include
SearchSecurity.com Senior Site Editor Eric Parizo, and Research Director Josh Corman of The 451
Group.
RSA Conference 2011 preview: Mobile Security
In this RSA Conference 2011 preview video, SearchSecurity.com News Director Robert Westervelt
moderates a discussion on the growing threat posed by mobile devices and the state of the network
perimeter. Speakers include SearchSecurity.com Senior Site Editor Eric Parizo, and Research
Director Josh Corman of The 451 Group.
RSA Conference 2011 preview: Compliance
In this RSA Conference 2011 preview video, SearchSecurity.com News Director Robert Westervelt
moderates a discussion on information security compliance. Speakers include SearchSecurity.com
Senior Site Editor Eric Parizo, and Research Director Josh Corman of The 451 Group.
RSA Conference 2011 preview: Trends and Tips
In this RSA Conference 2011 preview, SearchSecurity.com News Director Rob Westervelt and Senior
Site Editor Eric Parizo discuss possible tips and trends with Joshua Corman, research director of
enterprise security practice for the 451 Group..
Computers for non-profit organizations hit hard by malware
In a session at RSA Conference 2011, David Compton, system administrator for a non-profit, related
the particular difficulties he had cleaning up malware infections.
Defense secretary outlines Pentagon cyber strategy
In the face of heightened cyberthreats, the Pentagon is pursuing a multi-pronged defense strategy
that includes a reliance on private sector participation.
RSA Conference 2011: R, S and A win Lifetime Achievement Award
The trio that developed the algorithm at the heart of a company and the security industry were
honored this morning at RSA Conference 2011 with the RSA Lifetime Achievement Awards.
Verizon
enhances enterprise identity management
Verizon enhanced its enterprise identity management services with new cloud-based services.
Trend
Micro announces new data security products, services
Trend Micro made a series of announcements including new products for preventing data loss at the
endpoint, endpoint encryption, an email scanner and a data protection service.
SRA
launches One Vault Messenger for BlackBerry devices
SRA has launched One Vault Messenger, which is a short message service (SMS) encryption product for
BlackBerry mobile devices.
Gemalto
announces two-factor authentication application
Gemalto's Protivia Mobile One Time Password application provides two-factor authentication for
users on iPhones, BlackBerrys and some Windows smartphones.
nuBridges
offers cloud-based data tokenization service
nuBridges announced its Tokenization as a Service (TaaS) cloud-based data tokenization service, and
promised customers ownership of their data even if they cancel the service.
Juniper
moving forward with VM security gateway
Juniper Networks has begun unifying products from its acquisition of Altor Networks, combining vGW
Virtual gateway with SRS Series Services Gateway for virtual machine security.
Solera
updates network forensics tools
Solera Networks has updated its OS network forensics platform, adding reporting of malware threats,
new application classification and tools to give more visibility into the network.
Fidelis
and CloudShield partner to prevent data breaches
Fidelis Security Systems and CloudShield Technologies Inc. have entered into an agreement to offer
Fidelis' data breach prevention solutions on CloudShields bladecenter.
RSA
Cloud Trust Authority addresses cloud computing security issues
RSA, a division of EMC, has announced Cloud Trust Authority to address cloud computing security
issues. It includes features from VMware and RSA's own GRC platform.
Updated
Cisco security strategy focuses on contextual security
Networking giant Cisco Systems is realigning its enterprise security strategy with a new emphasis
on contextual security that seeks to protect emerging technology like the iPad.
PhoneFactor
provides multifactor authentication for HealthVault
PhoneFactor has been selected by Microsoft to provide multifactor authentication for HealthVault
users.
Lieberman
integrates SIEM tools with Enterprise Random Password Manager
Lieberman has announced a new version of Enterprise Random Password Manager that integrates with
ArcSight ESM, RSA enVision and Q1 Labs QRadar.
Zscaler
launches mobile device security service
Zscaler launched its mobile device security service to provide continuity of each user's security
policy across a variety of devices including iPhones, iPads and Android devices.
Identity
Finder releases new data loss prevention products
Identity Finder has added to its line of data loss prevention products with Identify Finder 5.0 for
Windows and Mac operating systems, plus a new Identity Finder DLP console.
Voltage
upgrades SecureMail with email security policy enhancements
Voltage announced SecureMail v4 to make email security management easier for the user, including
support for Microsoft Exchange and BlackBerry devices.
ValidEdge
unveils NMS antimalware appliance at RSA Conference 2011
ValidEdge unveiled its Network Malware Security system, designed to stop unknown zero-day malware
and single-target malware attacks.
LynuxWorks
demonstrates enterprise platform for secure virtualization
LynuxWorks demonstrated its enterprise platform for secure virtualization running on multiple
devices and using ValidEdge Network Malware Security (NMS) LynxSecure.
WhiteHat
announces Sentinel service to detect website vulnerabilities
WhiteHat announced the Sentinel PreLaunch (PL) service to detect website vulnerabilities and verify
them with WhiteHat's Threat Research Center.
Rapid7
enhances NeXpose to address Flash security issues
Rapid7 announced NeXpose 4.10.4 to address Adobe Flash security vulnerabilities and cross-site
scripting (XSS) attacks.
Art
of defence forms openWAF to develop open firewall
Art of defence has formed a community to develop an open source Web application firewall,
contributing its own dWAF code as a starting point.
Echoworx
previews mobile encryption platform
Echoworx previewed its mobile encryption platform, promising support for all major smartphone
operating systems as well as future tablets.
Commtouch
announces All-In-One security client
Commtouch calls its new All-In-One security client a "triple play" of messaging security, Web
security and antivirus.
Lumension
accepting applications for early adopters
Lumension announced its an early adopter program for companies to try its Intelligent Whitelisting
product for endpoint security.
Lumension
announces Endpoint Intelligence Center
Lumension announced the Endpoint Intelligence Center to protect endpoint computers from threats,
malware and third-party software vulnerabilities.
This was first published in February 2011
Join the conversationComment
Share
Comments
Results
Contribute to the conversation