Conference Coverage

RSA Conference 2015 special coverage: News, analysis and video

San Francisco – April 20-24, 2015


The U.S. iteration of the RSA Conference is the information security industry's biggest annual conference. The event, which runs from Apr. 20-24 at the Moscone Center in San Francisco, showcases cybersecurity's hottest trends, tactics and technologies. SearchSecurity's editors will be covering all aspects of RSAC 2015, so check back often for keynote coverage, exclusive interviews and in-depth coverage of hot-button items like threat intelligence, Internet of Things security, nation-state cyberespionage and much more. 

Top news stories from RSA 2015

RSA's Yoran pushes for radical change in infosec
New RSA President Amit Yoran says the information security industry and RSA need radical change to stop evolving threats.

Business savvy key to security success
Executives are finally paying attention to security, but experts say to benefit infosec leaders must learn business-savvy security skills and think long term.  

1Top-tier threats and risks-

Understanding and defending against digital adversaries

From nation-state cyberespionage and hacktivisim to targeted attacks and social engineering, the enterprise threat landscape has never been so varied and dangerous. Learn about the latest cyberattack trends and risk mitigation tactics from experts at RSA Conference 2015.


Despite benefits, skepticism surrounds bug bounty programs

Some people think bug bounty programs are the answers to vulnerability woes, yet others remain skeptical of the negative impacts they present. RSA Conference panelists discussed both sides of one of today's hottest and most controversial IT topics. Continue Reading


Open source threat model aims to make enterprise safer with less work

An open source threat model is aiming to be a repository for risk assessment with the aim of allowing enterprise to focus on creating the right security controls for each business. Continue Reading


Industry experts warn only cyberliability insurance covers breaches

Cyberliability insurance gains popularity as industry experts warn that, contrary to popular belief, general insurance won't protect against cyberattacks. Continue Reading


Port monitoring critical to detecting, mitigating attacks using SSL

As SSL traffic increases, so inevitably will the number of attacks using it to hide. A session at RSA Conference 2015 explained why hackers love SSL, and how enterprises can defend against them. Continue Reading


Insider threat programs need people, not technology

A panel discussion at RSA Conference 2015 outlined strategic methods enterprises can use to build and advocate for an insider threat program. Continue Reading


Insecure SSL coding could lead to Android man-in-the-middle attacks

Researchers have found thousands of apps that feature insecure coding practices in implementing SSL protocols, which could lead to Android man-in-the-middle attacks. Continue Reading


NIST wants help building the one ID proofing system to rule them all

The U.S. government wants to solve the weaknesses in online ID proofing systems, but it needs the help of enterprise and security professionals in order to overcome privacy concerns and other issues. Continue Reading


Can supply chain security assuage Huawei security concerns?

Huawei's U.S. CSO pitched the rigor of its supply chain security processes to RSA Conference 2015 attendees, but they remained skeptical at best on whether to trust the Chinese networking and security vendor. Continue Reading


Microsoft looks to boost Azure security with bug bounties

At RSA Conference 2015 Microsoft expanded its bug bounties. The program will now include three new products, including Azure and Hyper-V. Continue Reading


RSA Conference 2015 preview: Is IoT hype justified?

The Internet of Things dominates the agenda at RSA Conference 2015, but experts believe enterprises should focus their attention on threat intelligence and other topics. Continue Reading

2Emerging technologies-

IoT, threat intelligence and security analytics

As interest in threat intelligence and security analytics skyrockets, plenty of other emerging technologies related to the Internet of Things, cloud computing, big data and the consumerization of IT are having a tremendous effect on enterprise information security programs. Learn what experts and practitioners are doing to get ahead of the negative security implications of emerging technologies.


Cloud visibility a top concern ahead of RSA Conference 2015

In the cloud security realm, experts say improved cloud visibility and big data analytics are expected to be major themes at this year's RSA Conference. Continue Reading


CSA, (ISC)2 introduce new cloud security certification

The Cloud Security Alliance and the International Information Systems Security Certification Consortium introduced a new, jointly developed cloud security certification. Continue Reading


Waratek grabs RSA Innovation Sandbox honors

Runtime application self-protection startup Waratek wins coveted RSA Innovation award. Continue Reading


Threat intelligence programs maturing despite staffing, tech obstacles

A Forrester analyst told RSA Conference 2015 attendees that enterprise threat intelligence programs are maturing, though obstacles like nascent technology and hard-to-find employees mean some firms may never reach full maturity. Continue Reading


Government cybersecurity experts push for better information sharing

At RSA 2015, former federal officials called for better government cybersecurity cooperation between agencies and with the private sector. Continue Reading


IoT discovery and federation controls lacking

IoT discovery and federation controls are lacking. Benjamin Jun says the answer is to build better IoT federation and trust protocols. Continue Reading


How WestJet Airlines nixed network complexity, boosted security

At an RSA Conference session, attendees learned how WestJet Airlines' Security Architecture Made Simple with software-defined security and automation reduced network turbulence. Continue Reading

3Managing security-

Exploring enterprise security management issues

A CISO's life is rarely ever dull. Security policies, metrics and program management issues may not seem exciting, but each can be key to preventing a devastating data breach or security incident. Learn how to get ahead of these and other vexing enterprise information security management issues with advice from experts at RSA Conference 2015.


IT security and compliance: Get leadership on board to find balance

At an RSA Conference 2015 session, finance information security officer Steve Winterfeld explained why having complementary IT security and compliance strategies requires leadership buy-in and cooperation. Continue Reading


Successful women in security tout need for mentoring, encouragement

Female infosec pros say the industry needs to do more to not only encourage women to pursue infosec careers, but also help mentor them along the way. Continue Reading


Hiring millennials key to reducing security workforce shortage

At RSA Conference 2015, speakers at an (ISC)2 panel said attracting and hiring millennials is a huge key to alleviating the worsening information security workforce shortage. Continue Reading


Qualys introduces new Web application firewall, cloud agent at RSA 2015

Qualys introduced three new offerings at RSA Conference 2015, including an improved Web application firewall and a new cloud agent platform. Continue Reading


Amazon, Google highlight cloud provider security issues at RSAC 2015

Amazon, Google, Microsoft and others discussed a range of cloud security issues during a panel discussion at RSA Conference 2015. Continue Reading


Charney: Cloud computing transparency, control key to better security

At RSA Conference 2015, Microsoft's Scott Charney said cloud security products are the future, but to gain the trust of enterprise customers, they need to offer better cloud computing transparency and control. Continue Reading


Cloud privacy, security improving, but obstacles remain

At RSA Conference 2015 security officials from Microsoft, Google and more discussed cloud security and privacy improvements and top threats today. Continue Reading


Pescatore on security success: Breach prevention is possible

At RSA Conference 2015, John Pescatore offered real-world case studies proving that information security technologies can help prevent data breaches. Continue Reading


Effective data breach response plans hinge on human preparedness

Experts at a Verizon event at RSA Conference 2015 say no data breach response plan is complete until certain human factors are considered. Continue Reading


RSA attendees ponder how to trim bloated security portfolios

At a roundtable discussion at RSA Conference 2015, security admins pondered what to do about bloated security portfolios. Continue Reading


Clarity needed to cultivate next-gen cybersecurity workforce

Millennials are hesitant to pursue a career in cybersecurity, mainly because they aren't sure exactly what the job entails -- and if they have the proper training for it. Continue Reading


On healthcare data security, not all security pros see unique challenges

At an RSA Conference 2015 discussion on healthcare data security, experts with decades of experience perceive a unique challenge, while security pros see similarities with other verticals. Continue Reading


DevOps explained: Why experts call DevOps and security a perfect match

At RSA Conference 2015, a pair of DevOps proponents explained why the nascent movement to integrate development and IT operations staff pays security dividends. Continue Reading

4Filmed at the show-

RSA 2015 video

Our editors and reporters talk with security experts on the hottest topics emerging from this year's RSA Conference.


Watters: 'Cyber officers' are now risk officers for businesses

More data is thought to be a good thing in terms of threat intelligence, but iSight CEO John Watters says enterprises need to be aware of the quality and context of the data when assessing risk.


Growing threats make security vulnerability management essential

At RSA Conference 2015, Qualys CTO Wolfgang Kandek said enterprises need to be smart about how they tackle security vulnerabilities because there are simply too many for organizations to handle.


Haven't suffered a network security breach recently? Think again

If you think your organization hasn't suffered a network security breach in the last six months, you're just not looking closely enough, according to Eric Cole at RSA Conference 2015.


Advice to help today's CISOs succeed at security leadership

Renee Guttmann, vice president of the Office of the CISO at Accuvant, talks to SearchSecurity about security leadership, and offers advice to today's aspiring CISOs.


Why Web browser security is a goldmine for attackers

Video: Robert 'RSnake' Hansen of WhiteHat Security discusses Web browser security, third-party software vulnerabilities and the sad state of browser security throughout the industry.


Too much emphasis on threat intelligence sharing, Gula says

Tenable founder Ron Gula says sharing information to detect threats is great, but getting the security posture properly designed is the better option.


Security information sharing, visibility a missed opportunity

Video: Security information sharing and visibility platforms are being overlooked, according to Cisco's Martin Roesch, and that's a mistake.


IT consultants leading edge of Internet of Everything security

Cisco security services SVP Bryan Palma discusses how Cisco's consulting teams have an early view of how the Internet of Everything will roll out.


Want to increase IT security budget dollars? Get in your CEO's head

John Dickson, principal at Denim Group, talks to SearchSecurity at RSA Conference 2015 about tried and true ways security admins have been able to attain security dollars despite tight resources.


Inside the WhiteHat Aviator Web browser controversy

Robert 'Rsnake' Hansen of WhiteHat Security discusses the Aviator Web browser, why Google lashed out against it, the challenges of browser security and lessons learned for developing secure software.


Schneier: Incident response management key to surviving a data breach

Video: Bruce Schneier, CTO of Resilient Systems, talks to SearchSecurity about the importance of strong incident response management in reaction to the 'year of the data breach.'


Google's Adrian Ludwig talks about fighting Android threats

Google is fighting a constant battle against Android malware and vulnerabilities, and Adrian Ludwig, Google's lead for Android security, talks to SearchSecurity about how protections are getting better.


McGraw: IEEE helps find software development design flaws

Secure software expert Gary McGraw says the IEEE Center for Secure Design can help companies find patterns in their software security flaws.


Shadow cloud problem growing, SkyHigh Networks says

Kamal Shah of SkyHigh Networks talks with SearchSecurity about the rapid adoption of shadow cloud apps and services in the enterprise.


(ISC)2 responds to criticism with global academic program

(ISC)2 executive director David Shearer responds to criticisms about the organization's lack of introductory certifications within its global academic program.


McGraw: Software security testing is increasingly automated

Security software expert Gary McGraw says testing for security flaws must be automated if everything is going to be checked.


Bruce Schneier: Time for society to decide on Internet surveillance

Security expert Bruce Schneier says it's time to ensure a secure Internet exists for everybody, even if it makes Internet surveillance harder.


Cisco Security Services set for 2x product growth in 2015

Cisco's Bryan Palma discusses Cisco's strategy for security services and talks about the recent Neohapsis acquisition.


Network security improved by Cisco data mining

Cisco network security involves numerous users and products; Martin Roesch explains why the huge amount of data that results from this is a good thing.


From the frontlines: Horror stories on information breach response

Video: KPMG's Ronald Plesco has seen some crazy things in his time helping organizations in security incident response, and he shares some of them with SearchSecurity.


Stale, dead apps emerging as serious mobile security risks

At RSA 2015, Appthority president and co-founder Domingo Guerra outlines emerging mobile security risks enterprises must be aware of -- and the issues aren't limited to just bring your own devices (BYOD).

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.