RSAC 2106: The countdown to let down

image

Expo notes:

Ixia has come out with a L2 IP based device to solve all of your malware and attacks problems! It’s 1U in size, 10G ports, and fail open (that’s good, right? 😱 ) Thru their research, they have a list of known bad IPs, if an attacker comes in they block it. If a user downloads garbage and the malware phones back home, the SYN is sent but the ACK is blocked. The SE was SUPER excited about this. He was floored when I told him it was checkbox on the F5 and that we OEM a market leader in threat intelligence.

The big buzz words throughout were DDoS (almost everyone had one), HSM, Identity, Security Orchestration, blah blah blah. I really had high hopes that I would find something that would help me day to day, sadly I didn’t. As for super cool tech, I found two companies that really blew my mind.

Illumio– Holy smokes, the demo would make you want to buy it right there on the spot. You can see the demo here, it’s really good. Notice the guy sitting down that is using his mobile phone. I spoke with him after the demo. I asked him if he was changing the behavior the traffic via his phone and he confirmed. The tech is based on LINUX iptables and a windows based IP tables. The part that I love about this is, you get access into application flows with ease.

ProtectWise-The GUI demo was off the chain! It is a security software that does transitions on an iPad that I have never seen before. TAPs send traffic to the cloud, they break it down by every network statistic that you can imagine. Total SOC tool if you ask me. The feature I like most, was the reporting. Imagine a timeline where you can see a vulnerability on Monday and on Tuesday, if it has been fixed, it actually shows it. Super cool. This software, like Illimio, is eye candy.

Session Notes:

I was there for the opening keynote. YAWN. You can search for it yourself, it’s a waste of time to watch it. As you would imagine, Apple vs FBI was a hot topic.

I did get to sit thru the Cryptographers Panel and  found it entertaining but really nothing that was jaw dropping. Some of the stories from Whitfield Diffe (as in the cipher DH Diffe-Hellman) were very compelling. Sounds like a super nice guy and you can’t help but like him.

EDIT: Youtube link to the Cryptographers Panel here.

Next was security topics with Adobe (MeMe Rasmussen), Google (Keith Enright) and Microsoft (Brendon Lynch)what a bust this was. Nothing interesting at all here. If you were to close your eyes and imagine what they look like, picture this: Middle aged woman sweating thru her pantsuit, egotistically hipster with his shirt unbuttoned at the top that says “I’m serious but still like to party”, and a door to door vacuum salesperson, respectively. Someone from the audience brought up Apple vs FBI. All three companies said they would be filing an Amicus to side with Apple. They all said that congress should be working on a law for this. Which is a total cop out IMHO. I understand the elected officials should have our (we the people) best interests at heart, but we all know they don’t. They should side on privacy at all costs.

The last meeting I went into was about car hacking and what is next. To sum it up, they don’t believe cars will be driven into walls, they believe hackers will siphon user data over the car LTE connection and grab other info that is transferrable across bluetooth sync.

Unfortunately prior engagements had me leave RSAC at the end of Day 1 and I wish I could have stayed for the entire conference.