The RSA Conference 2011 displays some of the latest threats and trends in the information security industry. To keep you informed, we've complied the most up-to-date news and multimedia from RSA Conference 2011.
Data loss prevention best practices start with slow, incremental
Early adopters of DLP deployments say slow, incremental rollouts help reduce the burden on IT staff and the potential for chaos among business units.
computing contracts: Tread carefully
RSA panel offers advice on legal considerations for organizations entering cloud service provider contracts.
crucial for fighting phishing techniques
Phishing's not going away any time soon, but clear communication and cooperation between organizations sending emails to their customers and the webmail providers that filter those emails can help cut down on the number of phishing attempts that hit inboxes, said a panel at RSA Conference 2011.
River partnership to foster mobile, embedded system security
The deal will put McAfee's ePolicy Orchestrator agent inside Wind River's embedded operating systems, enabling enterprises to boost embedded system security to non-traditional endpoints.
attendees skeptical about cloud service provider security
Attendees at the RSA Conference 2011 said cloud computing is good for certain business applications, but they're leery of putting sensitive applications, such as those used in health care or education, in the cloud.
grid security issues hinge on infosec, operator teamwork
Bridging the chasm between information security and utility infrastructure teams is the only way to solve smart grid security issues. Fortunately, NERC CIP compliance is forcing change.
computing compliance: Visibility key
Transparency is essential for security and compliance when working with cloud services providers, RSA panelists say.
detection, prevention are hard, but possible
A panel at RSA 2011 explains the organization and methodology behind targeted persistent attacks and what organizations can do to detect and respond to APT.
attacks highlight Internet espionage trends
Attackers are using malware samples that researchers have never seen before -- and will never see again -- to successfully steal data from unsuspecting organizations, governments and individuals.
reveals skills needed in IT security pros
A survey by certification firm (ISC)2 found a need for IT security professionals to improve application development processes and expertise to weigh cloud computing risks.
panel debates cyberwar definition, realities
At RSA Conference 2011, a panel of experts, including Bruce Schneier and former DHS secretary Michael Chertoff, discussed cyberwar, espionage and how the ground rules for handling such conflicts will be decided.
to IPv6 could help spambots churn out more spam, malware says botnet expert
Antispam measures that rely on IP blacklisting could be less effective if Internet Service Providers take the wrong approach to IPv6, said prominent malware expert Joe Stewart.
2011: Schmidt-led Town Hall confronts public-private cooperation – again
At RSA Conference 2011, a Town Hall-style meeting of government cybersecurity officials, pressed for continued public-private sector cooperation.
DNSSEC deployments experts say protocol will boost security
Network security expert Dan Kaminsky touts the security improvements DNSSEC provides, but admits that it will take time for businesses and consumers to reap the benefits.
antivirus dying, but bigger problems loom
While security pros should be concerned with the decreasing efficacy of signature-based antivirus, employee threats should warrant increasing attention.
computing contracts: Tread carefully
RSA panel offers advice on legal considerations for organizations entering cloud service provider contracts.
security chief stumps for Internet health check system
Microsoft Vice President of Trustworthy Computing Scott Charney at the RSA Conference 2011 discussed Collective Defense, Microsoft's proposed Internet health check system for consumer computers, and how it should be implemented not by governments and ISPs, but by enterprises.
on people, not technology, cryptographer says
A prominent encryption expert at the annual cryptographer's panel at RSA Conference 2011 said poorly implemented encryption deployments are being stymied by employee errors.
fraud, phony electronic parts pose serious security risks, expert says
A supply chain management expert studying ways companies can crack down on cheaply made imitation parts and software is urging software makers and manufacturers of electronic devices to develop better technologies to weed out fraudulent items.
House CIO talks up cloud computing strategy
White House chief information officer (CIO) Vivek Kundra on Monday outlined the U.S. government's strategy for cloud computing, a shift he said is critical in order to cut costs and improve efficiency.
methods needed to discover network configuration flaws
Examining firewall logs is not enough and most common network penetration tests often miss network misconfiguration issues, leaving sensitive information vulnerable to outside attackers, said a prominent network security expert.
turns to reputation security to bolster malware signatures
Symantec Corp. is adding new reputation scoring technology to its enterprise endpoint protection suite in a move security experts and analysts say will force its competitors to react by bolstering similar technologies.
theme at RSA Conference 2011 may be 'mostly cloudy'
For the last several years, security experts and vendors at the RSA Conference have explained the risks associated with the use of cloud-based services. Far fewer have identified specific ways to protect data in the cloud. That may change at RSA Conference 2011..
Cloud computing security summit draws growing crowd
Cloud Security Alliance event expands to accommodate growing interest.
security career experts to dish out practical advice at RSA Conference 2011
Information security growth is fueling fierce competition among job applicants, according to Lee Kushner and Mike Murray, IT security career experts who follow the industry closely. Both career experts will be participating in an information security career development session at the RSA Conference 2011.
B-Sides brings its buzz back to San Francisco and RSA Conference
Security B-Sides isn't just for big conference rejects any more. This little-conference-that-could has grown up and become a force on the information security speaking scene. Its latest incarnation springs up Monday, a day ahead of the official start of RSA Conference 2011, around the corner from the giant Moscone Center, home to the security industry's biggest annual event.
RSA Conference coverage 2010
In anticipation of the upcoming RSA Conference 2011, check out our in-depth coverage of last year's event.
Bruce Schneier on cyberweapons and cyberespionage
In this RSA Conference 2011 interview, security luminary Bruce Schneier, discusses offensive cyberweapons and cyberespionage as well as looking at how critical infrastructure is standing up to cyberattacks.
Bruce Schneier: What is cyberwar?
In this RSA Conference 2011 interview, security expert Bruce Schneier, Chief Security Technology Officer of BT Group tries to answer the question, "What is cyberwar?" Schneier discusses the difference between cyberwarfare and cyberespionage, who you report a cyber attack to and what exactly classifies as a cyber attack.
Expert Bruce Schneier's Stuxnet malware analysis
In this RSA Conference 2011 interview, security luminary Bruce Schneier, breaks down his Stuxnet malware analysis. Schneier discusses who could have benefited from creating Stuxnet, how the main stream media hype affected the Trojan, how it could have been implemented and more.
CISO interview: Choosing enterprise risk management policy
In this video interview from RSA Conference 2011, CISO Scott Sysol discusses his organization's enterprise risk management policy on various emerging technologies, such as smartphones, social networking and cloud computing.
Microsoft's Scott Charney on fighting botnets, rogue antimalware
In the final segment of SearchSecurity.com's exclusive RSA Conference 2011 video interview with Scott Charney, Microsoft's Corporate Vice President of Trustworthy Computing, he discusses a variety of concerns on the enterprise threat landscape, including fighting botnets and rogue antimalware.
Q&A: The state of the Microsoft Trustworthy Computing initiative in 2011
In this exclusive video interview from RSA Conference 2011, Microsoft Corporate Vice President of Trustworthy Computing Scott Charney and SearchSecurity.com Senior Site Editor Eric B. Parizo discuss the state of Microsoft's Trustworthy Computing initiative in 2011.
Microsoft's Scott Charney on cloud computing and privacy
In this exclusive video from RSA Conference 2011, Microsoft Corporate Vice President of Trustworthy Computing Scott Charney discusses cloud computing and privacy, including what his mom taught him about cloud computing.
Scott Charney: Microsoft security policy and collective defense
In this video, Scott Charney, Microsoft VP for Trustworthy Computing, discusses collective defense, the Microsoft security policy proposition for securing consumer computers on the Internet.
RSA 2011: Attendees talk threats, security solutions
In this video from the RSA exhibitor show floor, they share their views of the state of the threat landscape, the evolution of the RSA conference and the kinds of security vendor technologies that appeal to them. At RSA Conference 2011 attendees looked for security technologies that addressed complicated cloud computing data protection issues. While businesses continue to invest in ongoing compliance projects, security professionals attending the conference said their top concern was on finding ways to defend against targeted attacks.
Secure application development processes improving, expert says
In this interview conducted at RSA Conference 2011, Gary McGraw, chief technology officer at Cigital Inc., a software security and quality consulting firm, explains how more organizations are embracing software development processes to improve the code they are producing. Using the right tools and procedures helps eliminates serious vulnerabilities and reduces the risk of successful attacks, McGraw said.
CISO details DLP deployment issues at RSA Conference 2011
In an interview at RSA Conference 2011, Larry Whiteside Jr., CISO of the Visiting Nurse Service of New York, outlines some of the successes and the pitfalls of deploying data loss prevention software for the first time. Whiteside took part in a panel discussion giving RSA attendees tips on how to successfully deploy DLP on endpoints by carefully rolling it out in stages.
RSA 2011: Dan Kaminsky on the ROI of DNSSEC for enterprises
In a brief interview following a presentation on DNSSEC at RSA Conference 2011, network security expert Dan Kaminsky explained why enterprises need to pay attention to DNSSEC deployments.DNSSEC, or DNS Security Extensions, are a set of protocols that introduce PKI into the Domain Name System (DNS). The networking experts behind the protocol change have been making steady progress rolling out the systems to support the secure protocol.
Mobile malware targeting Android, iPhones, says Kaspersky Lab
Mobile malware has been increasing in scope and intensity explains Denis Maslennikov, senior malware analyst on Kaspersky Lab's global research and analysis team. As Maslennikov explains, mobile malware infections are still fairly rare, but they have targeted smartphones running nearly every platform. There have been examples of successful malware infections hidden in mobile applications installed on unlocked devices. Other infections continue to rely on more heavy user interaction via SMS or text message, getting victims to dial a pay-number.
VeriSign CSO on new IPv6 threats, Internet stability and security
VeriSign CSO Danny McPherson talks about the new threats posed by the move from IPv4 to IPv6 and the issues hindering the the adoption of the next Internet protocol.
Security researcher calls for greater focus on supply chain
Hart Rossman, vice president and CTO for cyber programs at SAIC says more needs to be done to secure hardware and software moving in the global supply chain. Rossman explains the threat posed by poorly manufactured, bogus parts and software.
Advice and suggestions for getting the most out of RSA 2011
In this edition of Patrolling the Channel, Kevin McDonald of Alvaka Networks shares his advice for getting the most out of your trip to the 2011 RSA Conference, including suggestions for specific sessions.
RSA Conference 2011 preview: State of APT
In this RSA Conference 2011 preview video, SearchSecurity.com News Director Robert Westervelt moderates a discussion on the state of the advanced persistent threat (APT). Speakers include SearchSecurity.com Senior Site Editor Eric Parizo, and Research Director Josh Corman of The 451 Group.
RSA Conference 2011 preview: Mobile Security
In this RSA Conference 2011 preview video, SearchSecurity.com News Director Robert Westervelt moderates a discussion on the growing threat posed by mobile devices and the state of the network perimeter. Speakers include SearchSecurity.com Senior Site Editor Eric Parizo, and Research Director Josh Corman of The 451 Group.
RSA Conference 2011 preview: Compliance
In this RSA Conference 2011 preview video, SearchSecurity.com News Director Robert Westervelt moderates a discussion on information security compliance. Speakers include SearchSecurity.com Senior Site Editor Eric Parizo, and Research Director Josh Corman of The 451 Group.
RSA Conference 2011 preview: Trends and Tips
In this RSA Conference 2011 preview, SearchSecurity.com News Director Rob Westervelt and Senior Site Editor Eric Parizo discuss possible tips and trends with Joshua Corman, research director of enterprise security practice for the 451 Group..
Computers for non-profit organizations hit hard by malware
In a session at RSA Conference 2011, David Compton, system administrator for a non-profit, related the particular difficulties he had cleaning up malware infections.
Defense secretary outlines Pentagon cyber strategy
In the face of heightened cyberthreats, the Pentagon is pursuing a multi-pronged defense strategy that includes a reliance on private sector participation.
RSA Conference 2011: R, S and A win Lifetime Achievement Award
The trio that developed the algorithm at the heart of a company and the security industry were honored this morning at RSA Conference 2011 with the RSA Lifetime Achievement Awards.
enhances enterprise identity management
Verizon enhanced its enterprise identity management services with new cloud-based services.
Micro announces new data security products, services
Trend Micro made a series of announcements including new products for preventing data loss at the endpoint, endpoint encryption, an email scanner and a data protection service.
launches One Vault Messenger for BlackBerry devices
SRA has launched One Vault Messenger, which is a short message service (SMS) encryption product for BlackBerry mobile devices.
announces two-factor authentication application
Gemalto's Protivia Mobile One Time Password application provides two-factor authentication for users on iPhones, BlackBerrys and some Windows smartphones.
offers cloud-based data tokenization service
nuBridges announced its Tokenization as a Service (TaaS) cloud-based data tokenization service, and promised customers ownership of their data even if they cancel the service.
moving forward with VM security gateway
Juniper Networks has begun unifying products from its acquisition of Altor Networks, combining vGW Virtual gateway with SRS Series Services Gateway for virtual machine security.
updates network forensics tools
Solera Networks has updated its OS network forensics platform, adding reporting of malware threats, new application classification and tools to give more visibility into the network.
and CloudShield partner to prevent data breaches
Fidelis Security Systems and CloudShield Technologies Inc. have entered into an agreement to offer Fidelis' data breach prevention solutions on CloudShields bladecenter.
Cloud Trust Authority addresses cloud computing security issues
RSA, a division of EMC, has announced Cloud Trust Authority to address cloud computing security issues. It includes features from VMware and RSA's own GRC platform.
Cisco security strategy focuses on contextual security
Networking giant Cisco Systems is realigning its enterprise security strategy with a new emphasis on contextual security that seeks to protect emerging technology like the iPad.
provides multifactor authentication for HealthVault
PhoneFactor has been selected by Microsoft to provide multifactor authentication for HealthVault users.
integrates SIEM tools with Enterprise Random Password Manager
Lieberman has announced a new version of Enterprise Random Password Manager that integrates with ArcSight ESM, RSA enVision and Q1 Labs QRadar.
launches mobile device security service
Zscaler launched its mobile device security service to provide continuity of each user's security policy across a variety of devices including iPhones, iPads and Android devices.
Finder releases new data loss prevention products
Identity Finder has added to its line of data loss prevention products with Identify Finder 5.0 for Windows and Mac operating systems, plus a new Identity Finder DLP console.
upgrades SecureMail with email security policy enhancements
Voltage announced SecureMail v4 to make email security management easier for the user, including support for Microsoft Exchange and BlackBerry devices.
unveils NMS antimalware appliance at RSA Conference 2011
ValidEdge unveiled its Network Malware Security system, designed to stop unknown zero-day malware and single-target malware attacks.
demonstrates enterprise platform for secure virtualization
LynuxWorks demonstrated its enterprise platform for secure virtualization running on multiple devices and using ValidEdge Network Malware Security (NMS) LynxSecure.
announces Sentinel service to detect website vulnerabilities
WhiteHat announced the Sentinel PreLaunch (PL) service to detect website vulnerabilities and verify them with WhiteHat's Threat Research Center.
enhances NeXpose to address Flash security issues
Rapid7 announced NeXpose 4.10.4 to address Adobe Flash security vulnerabilities and cross-site scripting (XSS) attacks.
of defence forms openWAF to develop open firewall
Art of defence has formed a community to develop an open source Web application firewall, contributing its own dWAF code as a starting point.
previews mobile encryption platform
Echoworx previewed its mobile encryption platform, promising support for all major smartphone operating systems as well as future tablets.
announces All-In-One security client
Commtouch calls its new All-In-One security client a "triple play" of messaging security, Web security and antivirus.
accepting applications for early adopters
Lumension announced its an early adopter program for companies to try its Intelligent Whitelisting product for endpoint security.
announces Endpoint Intelligence Center
Lumension announced the Endpoint Intelligence Center to protect endpoint computers from threats, malware and third-party software vulnerabilities.
This was first published in February 2011