Conference Coverage
RSA Conference 2015 special coverage: News, analysis and video
San Francisco – April 20-24, 2015
Introduction
The U.S. iteration of the RSA Conference is the information security industry's biggest annual conference. The event, which runs from Apr. 20-24 at the Moscone Center in San Francisco, showcases cybersecurity's hottest trends, tactics and technologies. SearchSecurity's editors will be covering all aspects of RSAC 2015, so check back often for keynote coverage, exclusive interviews and in-depth coverage of hot-button items like threat intelligence, Internet of Things security, nation-state cyberespionage and much more.
Top news stories from RSA 2015
RSA's Yoran pushes for radical change in infosec
New RSA President Amit Yoran says the information security industry and RSA need radical change to stop evolving threats.
Business savvy key to security success
Executives are finally paying attention to security, but experts say to benefit infosec leaders must learn business-savvy security skills and think long term.
1Top-tier threats and risks-
Understanding and defending against digital adversaries
From nation-state cyberespionage and hacktivisim to targeted attacks and social engineering, the enterprise threat landscape has never been so varied and dangerous. Learn about the latest cyberattack trends and risk mitigation tactics from experts at RSA Conference 2015.
Despite benefits, skepticism surrounds bug bounty programs
Some people think bug bounty programs are the answers to vulnerability woes, yet others remain skeptical of the negative impacts they present. RSA Conference panelists discussed both sides of one of today's hottest and most controversial IT topics. Continue Reading
Open source threat model aims to make enterprise safer with less work
An open source threat model is aiming to be a repository for risk assessment with the aim of allowing enterprise to focus on creating the right security controls for each business. Continue Reading
Industry experts warn only cyberliability insurance covers breaches
Cyberliability insurance gains popularity as industry experts warn that, contrary to popular belief, general insurance won't protect against cyberattacks. Continue Reading
Port monitoring critical to detecting, mitigating attacks using SSL
As SSL traffic increases, so inevitably will the number of attacks using it to hide. A session at RSA Conference 2015 explained why hackers love SSL, and how enterprises can defend against them. Continue Reading
Insider threat programs need people, not technology
A panel discussion at RSA Conference 2015 outlined strategic methods enterprises can use to build and advocate for an insider threat program. Continue Reading
Insecure SSL coding could lead to Android man-in-the-middle attacks
Researchers have found thousands of apps that feature insecure coding practices in implementing SSL protocols, which could lead to Android man-in-the-middle attacks. Continue Reading
NIST wants help building the one ID proofing system to rule them all
The U.S. government wants to solve the weaknesses in online ID proofing systems, but it needs the help of enterprise and security professionals in order to overcome privacy concerns and other issues. Continue Reading
Can supply chain security assuage Huawei security concerns?
Huawei's U.S. CSO pitched the rigor of its supply chain security processes to RSA Conference 2015 attendees, but they remained skeptical at best on whether to trust the Chinese networking and security vendor. Continue Reading
Microsoft looks to boost Azure security with bug bounties
At RSA Conference 2015 Microsoft expanded its bug bounties. The program will now include three new products, including Azure and Hyper-V. Continue Reading
RSA Conference 2015 preview: Is IoT hype justified?
The Internet of Things dominates the agenda at RSA Conference 2015, but experts believe enterprises should focus their attention on threat intelligence and other topics. Continue Reading
2Emerging technologies-
IoT, threat intelligence and security analytics
As interest in threat intelligence and security analytics skyrockets, plenty of other emerging technologies related to the Internet of Things, cloud computing, big data and the consumerization of IT are having a tremendous effect on enterprise information security programs. Learn what experts and practitioners are doing to get ahead of the negative security implications of emerging technologies.
Cloud visibility a top concern ahead of RSA Conference 2015
In the cloud security realm, experts say improved cloud visibility and big data analytics are expected to be major themes at this year's RSA Conference. Continue Reading
CSA, (ISC)2 introduce new cloud security certification
The Cloud Security Alliance and the International Information Systems Security Certification Consortium introduced a new, jointly developed cloud security certification. Continue Reading
Waratek grabs RSA Innovation Sandbox honors
Runtime application self-protection startup Waratek wins coveted RSA Innovation award. Continue Reading
Threat intelligence programs maturing despite staffing, tech obstacles
A Forrester analyst told RSA Conference 2015 attendees that enterprise threat intelligence programs are maturing, though obstacles like nascent technology and hard-to-find employees mean some firms may never reach full maturity. Continue Reading
Government cybersecurity experts push for better information sharing
At RSA 2015, former federal officials called for better government cybersecurity cooperation between agencies and with the private sector. Continue Reading
IoT discovery and federation controls lacking
IoT discovery and federation controls are lacking. Benjamin Jun says the answer is to build better IoT federation and trust protocols. Continue Reading
How WestJet Airlines nixed network complexity, boosted security
At an RSA Conference session, attendees learned how WestJet Airlines' Security Architecture Made Simple with software-defined security and automation reduced network turbulence. Continue Reading
Your Guide to Info Sec Certifications
We’ve collected 30+ certifications for you. Which vendor-neutral and vendor-specific security certifications are best for you? Save time by downloading our list organized by experience level.
3Managing security-
Exploring enterprise security management issues
A CISO's life is rarely ever dull. Security policies, metrics and program management issues may not seem exciting, but each can be key to preventing a devastating data breach or security incident. Learn how to get ahead of these and other vexing enterprise information security management issues with advice from experts at RSA Conference 2015.
IT security and compliance: Get leadership on board to find balance
At an RSA Conference 2015 session, finance information security officer Steve Winterfeld explained why having complementary IT security and compliance strategies requires leadership buy-in and cooperation. Continue Reading
Successful women in security tout need for mentoring, encouragement
Female infosec pros say the industry needs to do more to not only encourage women to pursue infosec careers, but also help mentor them along the way. Continue Reading
Hiring millennials key to reducing security workforce shortage
At RSA Conference 2015, speakers at an (ISC)2 panel said attracting and hiring millennials is a huge key to alleviating the worsening information security workforce shortage. Continue Reading
Qualys introduces new Web application firewall, cloud agent at RSA 2015
Qualys introduced three new offerings at RSA Conference 2015, including an improved Web application firewall and a new cloud agent platform. Continue Reading
Amazon, Google highlight cloud provider security issues at RSAC 2015
Amazon, Google, Microsoft and others discussed a range of cloud security issues during a panel discussion at RSA Conference 2015. Continue Reading
Charney: Cloud computing transparency, control key to better security
At RSA Conference 2015, Microsoft's Scott Charney said cloud security products are the future, but to gain the trust of enterprise customers, they need to offer better cloud computing transparency and control. Continue Reading
Cloud privacy, security improving, but obstacles remain
At RSA Conference 2015 security officials from Microsoft, Google and more discussed cloud security and privacy improvements and top threats today. Continue Reading
Pescatore on security success: Breach prevention is possible
At RSA Conference 2015, John Pescatore offered real-world case studies proving that information security technologies can help prevent data breaches. Continue Reading
Effective data breach response plans hinge on human preparedness
Experts at a Verizon event at RSA Conference 2015 say no data breach response plan is complete until certain human factors are considered. Continue Reading
RSA attendees ponder how to trim bloated security portfolios
At a roundtable discussion at RSA Conference 2015, security admins pondered what to do about bloated security portfolios. Continue Reading
Clarity needed to cultivate next-gen cybersecurity workforce
Millennials are hesitant to pursue a career in cybersecurity, mainly because they aren't sure exactly what the job entails -- and if they have the proper training for it. Continue Reading
On healthcare data security, not all security pros see unique challenges
At an RSA Conference 2015 discussion on healthcare data security, experts with decades of experience perceive a unique challenge, while security pros see similarities with other verticals. Continue Reading
DevOps explained: Why experts call DevOps and security a perfect match
At RSA Conference 2015, a pair of DevOps proponents explained why the nascent movement to integrate development and IT operations staff pays security dividends. Continue Reading
4Filmed at the show-
RSA 2015 video
Our editors and reporters talk with security experts on the hottest topics emerging from this year's RSA Conference.
Watters: 'Cyber officers' are now risk officers for businesses
More data is thought to be a good thing in terms of threat intelligence, but iSight CEO John Watters says enterprises need to be aware of the quality and context of the data when assessing risk.
Growing threats make security vulnerability management essential
At RSA Conference 2015, Qualys CTO Wolfgang Kandek said enterprises need to be smart about how they tackle security vulnerabilities because there are simply too many for organizations to handle.
Haven't suffered a network security breach recently? Think again
If you think your organization hasn't suffered a network security breach in the last six months, you're just not looking closely enough, according to Eric Cole at RSA Conference 2015.
Advice to help today's CISOs succeed at security leadership
Renee Guttmann, vice president of the Office of the CISO at Accuvant, talks to SearchSecurity about security leadership, and offers advice to today's aspiring CISOs.
Why Web browser security is a goldmine for attackers
Video: Robert 'RSnake' Hansen of WhiteHat Security discusses Web browser security, third-party software vulnerabilities and the sad state of browser security throughout the industry.
Too much emphasis on threat intelligence sharing, Gula says
Tenable founder Ron Gula says sharing information to detect threats is great, but getting the security posture properly designed is the better option.
Security information sharing, visibility a missed opportunity
Video: Security information sharing and visibility platforms are being overlooked, according to Cisco's Martin Roesch, and that's a mistake.
IT consultants leading edge of Internet of Everything security
Cisco security services SVP Bryan Palma discusses how Cisco's consulting teams have an early view of how the Internet of Everything will roll out.
Want to increase IT security budget dollars? Get in your CEO's head
John Dickson, principal at Denim Group, talks to SearchSecurity at RSA Conference 2015 about tried and true ways security admins have been able to attain security dollars despite tight resources.
Inside the WhiteHat Aviator Web browser controversy
Robert 'Rsnake' Hansen of WhiteHat Security discusses the Aviator Web browser, why Google lashed out against it, the challenges of browser security and lessons learned for developing secure software.
Schneier: Incident response management key to surviving a data breach
Video: Bruce Schneier, CTO of Resilient Systems, talks to SearchSecurity about the importance of strong incident response management in reaction to the 'year of the data breach.'
Google's Adrian Ludwig talks about fighting Android threats
Google is fighting a constant battle against Android malware and vulnerabilities, and Adrian Ludwig, Google's lead for Android security, talks to SearchSecurity about how protections are getting better.
McGraw: IEEE helps find software development design flaws
Secure software expert Gary McGraw says the IEEE Center for Secure Design can help companies find patterns in their software security flaws.
Shadow cloud problem growing, SkyHigh Networks says
Kamal Shah of SkyHigh Networks talks with SearchSecurity about the rapid adoption of shadow cloud apps and services in the enterprise.
(ISC)2 responds to criticism with global academic program
(ISC)2 executive director David Shearer responds to criticisms about the organization's lack of introductory certifications within its global academic program.
McGraw: Software security testing is increasingly automated
Security software expert Gary McGraw says testing for security flaws must be automated if everything is going to be checked.
Bruce Schneier: Time for society to decide on Internet surveillance
Security expert Bruce Schneier says it's time to ensure a secure Internet exists for everybody, even if it makes Internet surveillance harder.
Cisco Security Services set for 2x product growth in 2015
Cisco's Bryan Palma discusses Cisco's strategy for security services and talks about the recent Neohapsis acquisition.
Network security improved by Cisco data mining
Cisco network security involves numerous users and products; Martin Roesch explains why the huge amount of data that results from this is a good thing.
From the frontlines: Horror stories on information breach response
Video: KPMG's Ronald Plesco has seen some crazy things in his time helping organizations in security incident response, and he shares some of them with SearchSecurity.
Stale, dead apps emerging as serious mobile security risks
At RSA 2015, Appthority president and co-founder Domingo Guerra outlines emerging mobile security risks enterprises must be aware of -- and the issues aren't limited to just bring your own devices (BYOD).
Start the conversation
0 comments