Security Management Strategies for the CIOThe RSA Conference is a valuable resource in staying educated on the latest advances, threats and emerging trends in the information security industry. Here you will find the most current updates and news on the upcoming RSA Conference, scheduled from March 1-5, 2010 in San Francisco.
| TOP STORIES | MORE NEWS | MULTIMEDIA | BLOG | TWITTER |
| TOP STORY |  |
Social networking risks, benefits for enterprises weighed by RSA
panel
Social networking risks for enterprises may be outweighed by the benefits, but
2010 RSA Conference experts say infrastructure providers must improve their security and
organizations must help users understand social networking's privacy ramifications.
| MULTIMEDIA | |
PCI Council
readying end-to-end encryption guidance:
Video: PCI Council general manager Bob Russo said the guidance document will
outline the minimum requirements that need to be met by so-called end-to-end encryption products.
Other technologies being studied include the use of tokenization and chip and PIN technologies to
protect credit card data and how virtualization affects data protection technologies. In this
interview, Russo explains whether the next version of PCI DSS will have any major changes and why
the Council takes a cautious approach to adding changes to the standard.
Botnet expert
assesses the threat landscape:
Video: Joe Stewart, director of research at SecureWorks Inc. says investigators
are getting better at tracking down botnets, but legal issues persist. Stewart discusses the
current threat levels presented by botnets, recent attacks from Operation Aurora and the Black
Energy botnet, and how to protect your enterprise from DDoS and other botnet attacks.
Noted
cryptographer on SSL, encryption and cloud computing:
Video: Cryptographer, Taher Elgamal of Axway Inc., the inventor and initial
driving force behind SSL, explains how applications may be better adapted to defend against attacks
and how cloud computing may alter data protection and authentication. The SSL protocol will be
updated to prevent man-in-the-middle attacks, but researchers need to find better ways to prevent
malware from getting on PCs in the first place, Elgamal said.
Botnets,
malware and capturing cybercriminals:
Video: Malware isn't getting more sophisticated, but cybercriminals have better
tools to control their botnets and deploy more targeted attacks, says Gunter Ollmann, vice
president of research at Damballa, Inc. In this video, Ollmann explains why it is difficult for law
enforcement to track down and prosecute cybercriminals. He describes how modern malware is making
its way into corporate networks and why the recent attacks against Google Inc. and other companies
lacked any sophistication.
VeriSign on
DNSSEC support:
Video: Joe Waldron, a product manager in VeriSign's Naming (DNS) Group, said
engineers are testing and upgrading systems to support security extensions for DNS (DNSSEC). Some
upgrades are needed to handle an anticipated increase in bandwidth. Barring any setbacks, VeriSign
plans to have DNSSEC deployed across .net by the fourth quarter of 2010 and .com by the first
quarter of 2011, Waldron said.
Security
Squad: RSA Conference 2010 in review
Podcast: The editorial team recalls the themes and discussions that dominated the
2010 RSA Conference. Federal cybersecurity issues ruled with the debut of White House cybersecurity
coordinator Howard Schmidt. Microsoft's Scott Charney explained the legal action the software giant
took to disrupt the Waledac botnet. Also, attendees showed interest in social networking security.
In addition, the convergence of cloud computing and identity management was showcased.
RSA Conference 2010: Microsoft's Scott Charney
Podcast: Scott Charney, Microsoft's vice president for Trustworthy Computing,
discusses the software giant's latest legal action to take down the Waledac botnet.
RSA Conference Preview: Former ChoicePoint CISO Rich Baich
Podcast: Rich Baich, who heads Cyber Threat Intelligence Group at Deloitte, shares
his thoughts on RSA Conference 2010 and the current threat landscape.
| MORE NEWS | |
Robert
Maley dismissal, in retrospect, not surprising
As first reported last week in the The Patriot-News of Pennsylvania and other
outlets, Pennsylvania CISO Robert Maley was either fired or resigned under pressure following an
appearance at RSA Conference 2010.
FDIC:
ACH fraud losses climb despite drop in overall cyberfraud losses
Rise in fraudulent electronic funds transfers indicates an overreliance on
authentication, says an FDIC cyberfraud specialist. Small and midsize businesses and their
financial institutions suffered about $120 million in losses due to fraudulent EFTs in the third
quarter of 2009, up from about $85 million in the third quarter of 2007.
Experts
laud IPS virtual patching, but warn against misuse
Virtual patching with intrusion prevention systems can offer a quick fix for
vulnerabilities on an enterprise network, say experts at RSA Conference 2010, but the technique is
no substitute for proper system and application patching.
FBI
asks for more private-sector help reporting cybercrime cases
FBI director talks about the agency's work to track down cybercriminals, but says
it needs helps from private sector.
At
RSA Conference, experts dismiss end-to-end encryption claims
Payment industry "buzz" term isn't really reality, say some industry experts at
RSA Conference 2010.
PCI
tokenization push promising but premature, experts say
Merchants see value in the technology helping to reduce the scope of a PCI
assessment, but a lack of standards and complexity issues are a cause for concern.
Static
source code analysis turned on its head
Caleb Sima, cofounder of SPI Dynamics, explains how the company's CodeSecure
product is different from traditional code analysis tools.
Medical
identity fraudsters target health care information, experts say
Health care organizations say medical identity fraud is on the rise and they're
boosting their online security with anti-fraud measures used in the banking industry.
Medical
identity fraudsters target health care information, experts say
Health care organizations say medical identity fraud is on the rise and they're
boosting their online security with anti-fraud measures used in the banking industry.
Balancing
security, business case for consumer products in enterprise
Security managers looking to curb their network risks struggle with employees'
desire to use consumer-oriented devices and services like smartphones, USB drives and social media.
RSA
Conference panel weighs PCI implications of cloud computing
Cloud computing takes PCI compliance into unfamiliar territory, but auditors will
have to get used to it.
Privacy
protection essential in fight against cybercriminals, experts say
The federal government may need to step in to protect the networks of critical
infrastructure facilities, but it must respect the civil rights of its citizens, RSA panelists
said.
Email
authentication methods critical in fight against phishing
Companies need to implement email authentication in order to protect customers
against increasingly sneaky phishing attacks, experts say.
Customer
gets say during responsible vulnerability disclosure panel
Paying customers are often the overlooked voice in disclosure debates over
software vulnerabilities, but during a RSA Conference 2010 panel discussion, one made his presence
felt.
Social
networking threats put new pressure on healthcare CSOs
Healthcare security managers say their bosses and others are increasing pressure
on them to allow access to social networking and other Internet services.
White
House declassifies CNCI summary, lifts veil on security initiatives
Summary document outlines ongoing initiatives to improve cybersecurity at the
federal level as well as the security of the supply chain and private networks of critical
infrastructure facilities.
Companies
urged to share data breach information
Sharing breach data with law enforcement is necessary for fighting sophisticated
online criminals, panelists say.
RSA
panel: No easy solution for Zeus Trojan, banking malware
Security experts say banking malware is an insidious problem that poses difficult
challenges.
Shamir
acknowledges chip-and-PIN attack as his favorite
Adi Shamir, one of the inventors of the RSA algorithm, discussed
chip-and-PIN authentication at the annual RSA Conference Cryptographers' Panel on Tuesday.
Nigerian
419 scam messages are not from Africa, experts say
A study of 419 advanced fee fraud messages found many of them may be coming from
cybercriminals in Eastern Europe and Asia.
NSA,
cryptoexperts jab at RSA Conference Cryptographers' Panel
A good-natured spat between cryptography pioneers and a former NSA technical
director spices up the annual Cryptographers' Panel at RSA Conference.
Microsoft's
Charney details new botnet protection, IdM technology at RSA Conference
At RSA 2010, Scott Charney discussed Microsoft's new approach to botnet
protection, IdM technologies and cloud computing risks.
Secure
cloud concept built on new Intel processor
RSA along with Intel and VMWare unveiled a proof of concept for creating secure
and compliant cloud services at the 2010 RSA Conference.
Cloud
Security Alliance releases top cloud computing security threats
The Cloud Security Alliance identifies seven top cloud computing security
threats.
Three
security themes to watch for at RSA Conference 2010
Endpoint security, virtualized environments and cyberwarfare could be big themes
at the 2010 RSA Conference.
Cloud
security issues, targeted attacks to be hot-button topics at RSA Conference 2010
Cloud computing concerns will share the spotlight at this year's RSA Conference
2010, with ways to defend against the increasing frequency of highly targeted cyberattacks against
corporate networks.
| RSA CONFERENCE 2009 | |
RSA Conference 2009: Special news
coverage
For a look back at last year's event, check out news, features and podcasts from
SearchSecurity.com's special coverage of RSA Conference 2008.
This was first published in March 2010
Join the conversationComment
Share
Comments
Results
Contribute to the conversation