April 30, 2015 – Gregor Jeffery
Earlier in April Tesserent attended the annual RSA Conference in San Francisco. Regarded as the largest and most comprehensive security event globally, a record 33,000 attendees gathered at the five day conference.
RSA Conference 2015 – Moscone Centre, San Francisco.
From the sheer size and focus of RSA, there was a unanimous feeling that IT security has finally been accepted into the mainstream. Unlike many Australian industry conferences, there were barely any filler presentations or exhibitors. If you were not directly in the security industry, there was no point being there.
It was hard to ascertain a single theme for 2015. In previous years SIEM, Identity Management and Mobile Device Management have all had their turn on centre stage. These technologies were still apparent as were Endpoint, Web Application Firewall, Multi-factor Authentication and Data Leakage Prevention. However the message seemed to be one of consolidation of such technologies into security platforms that can do everything. As M&A activity in the security space continues, one-trick pony companies are snapped up by the security giants to bolster their platforms. Prominently co-branded sponsors included: Bit9 and Carbon Black, Sourcefire and Cisco, and Mandiant and FireEye.
The Internet of Things (IoT) was a hot topic. Although, much like the buzz around the term Cloud Computing a few years ago, IoT has some way to go before a solid definition materialises and the market matures.
Cisco live wireless traffic
Cisco had a grand presence at RSA Conference. Of particular interest in the main foyer was a large installation of screens displaying live wireless traffic on the free conference network. Almost half of all traffic was over HTTPS. Bandwidth hogs included Apple iOS updates, HBO and live NBA games. Attacks from China and from inside the USA were common as were a large number of phishing attempts.
Cylance detecting a new Cryptolocker variant
There was a lot of buzz around the Cylance stand. A relatively young company, they proclaimed “AV Is Dead”. Their new approach to preventing and detecting anti-virus is based on machine learning.
“Cylance technology is able to detect previously unknown malware by comparing the malware’s DNA against those of tens of millions of existing malware. Cylance seeks to change the AV landscape by using machine-learning technology to protect and block threats that no one has seen before. Cylance believes that protection should not be reactive, but should raise the barrier to entry with machine-learning technology that has the ability to adapt and learn.”
An in-depth demonstration pitted the Cylance AV engine against other well known AV engines. Their solution was shown to detect new variants of malware created on the spot unlike competitor platforms that required an update to their malware database.
Zscaler Breaks Free
Zscaler showcased an interesting approach to beating the competition… literally. Attendees were invited into their demolition sandbox, complete with Perspex windows for the audience’s protection, select a weapon of choice (the baseball bat was a common favorite) and smash a competitor’s appliance into smithereens.
While it’s not always a wise strategy to trash talk your competition, the Zscaler spectacle attracted a lot of attention and delighted apparent ex-customers to finally do to their old firewall what they had always dreamed of doing.
As the Zscaler rep shouted in the countdown to demolition: “There’s only two ways to get rid of these things: Zscaler or a sledge hammer!”