RSA 2019: Sifting Through the Buzz
  • Table of contents

The author

user_image
Gil

Table of contents

Related Articles

Research

Facebook Hidden Friends Vulnerability (With “fb-hfc” released)

We reported the hidden friends vulnerability to Facebook; this lets attackers reconstruct the private Friends...
May 29, 2014
Learn more
Tech Talks

Welcome to The Cyber Feed

Over the past three decades, IT security solutions have developed to effectively secure most networks...
Jun 30, 2015
Learn more
Tech Talks

RSA 2019: Sifting Through the Buzz

Mar 21, 2019

At the top cyber security conference of the year, it can sometimes be difficult to sift through the buzz and to discover the real cyber security issues facing organizations. Below is a brief recap of the Trending Cyber Threats and Capabilities we observed at RSA 2019 held during the first week of March in San Francisco.

EVOLVING ATTACK VECTORS AND OBFUSCATION CAPABILITIES

  • DNSpionage – involves faking certifications, intercepting emails and redirecting confidential information to threat actors.

  • Cloud adoption at scale increases complexity and security risks – IDC estimates that by 2020 more data will be stored on public clouds than on consumer devices; and by 2022 more than on enterprise systems. Cloud services are now serving as core functions to all aspects of business operations. Though, when it comes to multi-cloud environment deployment, the concern is that inconsistent, poorly managed policy enforcement is increasing the chances of potential compromise and breach.

DETECTION AND RESPONSE OUTSOURCING TO MDR PLAYERS 

Due to increasing attack sophistication and shortfall of talent in the market:

  • The need to outsource to experts in order to get relevant insights for informed decisions.
  • Effective tools for connecting digital environment threats with internal security, reducing time to detect and mitigate threats as a crucial factor to security posture

ZERO TRUST-RELATED OFFERINGS 

With a rapid growth of internal and external entry points accessing corporate data – firewalls are increasingly questionable as the first line of defense. The zero-trust model, widely discussed by tech giants like Microsoft, Google and others at the conference, depends upon continuous analysis to ensure that assets are fully secure.

IOT SECURITY GETTING FOCUS FROM BOTH ENDS

The pressure to secure smart devices is driven first by cyber experts who address IoT vulnerabilities like poorly written algorithm or a line of code enabling a backdoor, and secondly, by device manufacturers feeling the pressure to secure IoT devices in the design phase.

PRIVACY LEGISLATION WILL SHAPE THE INDUSTRY FURTHER

Data privacy regulations (e.g. GDPR, and California Consumer Privacy Act from Jan.1 2020) are making cyber resilience more complex both in terms of compliance and cyber security. Major global tech players are concerned with contradictions regional laws are creating and are openly pushing for global privacy laws that will also be risk-based and not serve solely as a guidance everyone should blindly comply with.

AI IS THERE: FOR BETTER OR WORSE

Companies like McAfee and Cisco used their keynotes to address AI issues as something inevitable but having its limitations and flaws when it comes to countering advanced threats, or validating alerts and delivering less false positives. Also, serving as the foundation for better defense, threat detection and innovations, AI and machine learning are just as likely to be leveraged by criminals and nation-states bringing security challenges to a whole new level.

Uncover your compromised credentials from the deep and dark web

Fill in your business email to start