Like many people, we spent last week in San Francisco at the RSA 2019 conference geeking out over cybersecurity. As usual, it had a great turnout and engaged crowds. It is always exciting to see so many people dedicated to breaking new ground in cybersecurity, and the energy and enthusiasm at this year’s conference was energizing. If you could not attend RSA 2019, this recap will give you a few highlights.
LMG’ Speaking Sessions
LMG spoke at two RSA 2019 sessions to talk about high priority cybersecurity issues, here is a recap:
Cryptojacking and IoT: We had a very engaged crowd as we explored real-life scenarios showing how easy it is to breach the weak to non-existent security for IoT devices, then use those devices to mine cryptocurrency. With a number of cryptojacking kits available for purchase on the dark web, cryptojacking incidents rose by over 450% in 2018. After this session, the audience left with a new-found awareness of how vulnerable their IoT devices are and asked great questions about how to secure their networks and maintain a strong security posture. The big picture take-away on this topic: with vulnerable devices available in the marketplace, it is important to know which manufacturers are safe. If you do install IoT devices, ensure you follow best cybersecurity practices just like you should with all network devices. At a minimum, ensure your organization:
- Implements endpoint security
- Keeps patches up-to-date
- Selects strong passwords and NEVER uses the default
If you missed the presentation, you can watch the video.
Cloud Breach: This discussion group was very diverse, just like the cloud implementation market. Participants from retail, banking, electronics and more, shared war stories and strategies for defending cloud implementations from hackers. From what you can do to secure your organization to how to respond in the event of a breach, the general consensus was there are a few key best practices you cannot ignore:
- Maintain log files correctly
- Don’t let log files roll over
- Find a safe storage location and ensure useable data can be accessed quickly
Even with a great cloud provider, ensure that you investigate the cloud set-up and maintenance. Default settings are not always the most secure choice, so doing your homework is important to finding the right solution.
Every year there are different buzzwords and cybersecurity trends, 2019 was no exception. All of the usual topics were there, GDPR compliance, the shortage of skilled cybersecurity professionals, building holistic security into your DevOps and more. So many people are talking about these issues, and we wanted to narrow the field to the tactical and actionable items organizations were talking about implementing as soon as they got back to the office. Here are three of the 2019 trends that may be coming to your office soon:
- DNS-based monitoring: While this is not a new term, it seemed to gain traction at RSA this year as a zero-trust approach to network security. The protection functions by blocking whole domains if they contain bad content or known malicious software. For endpoint protection, DNS-based monitoring is much faster than scanning an entire website, but if a known good domain gets malware on a single page, the whole domain might be blocked. You’re also relying on another company to maintain accurate records, meaning good sites can be blocked and bad sites can still slip through. Our take on DNS-based monitoring is that this is a good idea in theory, but can quickly become cumbersome to maintain in reality. If you need every domain approved by an IT specialist, it creates a backlog of work for IT and creates inefficiencies at multiple levels of the organization. This idea needs more refinement to make it efficient and effective.
- A renewed push for network segmentation. While network segmentation has also been around for quite a while, there is a new push to increase segmentation and improve its efficiency. The traditional IT model maintains several sites running through a single endpoint. With the migration to the cloud, this is incredibly inefficient. Using cloud-based managed security for different segments of your business networks is the next logical step in maintaining security, while keeping things efficient. Like any managed service, it is important to make sure that it is configured and managed properly. Even the most expensive solution is useless if it is not used correctly.
- New defense and detection tools. There were a lot of great discussions, during sessions and on the vendor floor, about new strategies around cybersecurity defense and detection. From a security analyst point of view, RSA 2019 showcases many exciting new tools for malware analysis and investigations. Why is this topic important? We saw so many great products that will help organizations build a strong security posture, this glut of great tools should drive prices down and increases innovation. This year’s crop of new tools was so good, it had us rubbing our hands together in glee. No, we won’t name any names. That’s not our style, but know that we are testing new tools in our lab from this show, and we’re pretty excited.
Whether you were inspired by big strategic discussions that will change how your organization does business, or you were in search of tools and tricks to improve your organizations’ security posture, RSA had a wealth of cybersecurity information and resources.