RSA Conference 2010 – Wrap Up

The RSA Conference in San Francisco, CA just concluded and it was overflowing with the latest security information, insights and news. There’s been a lot of buzz about this security event and we’ve compiled a few of those links for you.

Studies and research

• NSS Labs Study on social attack aversion – NSS Labs released its latest study on how well web browsers avoid social engineering attacks.
• Veracode’s State of Application Security – Around 58 percent of the applications tested by application security testing service provider Veracode in the past year-and-a-half failed to achieve a successful rating in their first round of testing.
• McAfee on intellectual property risks – McAfee analyzed a commonly used software for housing intellectual property called Perforce and released its findings during a session at the RSA security conference.
• Fifteen Common Activities from BSIMM2 – In addition to highlighting the fifteen most common BSIMM activities, the article also provides the 30 firm data for all 110 activities in public for the first time.

Presentations and sessions

• Visualizing the Zeus attack against government and military – This presentation will focus on specific tools and methodology to aid you in establishing security data visualization practices in your environment.
• Cryptographers Panel – Adi Shamir said that he is working with a team of researchers who have put together a paper that describes an attack that will break AES 128 within 10 rounds.
• Wisdom of ‘Foolishness’ – A panel of leading cryptographers reveal some of the lessons they have learned while making seemingly imprudent decisions.
• Pre-debate on ‘Proving the Worth of Security Metrics with Real-World Data’ – A warm up session between the panelists who are up to discuss the value of security measurements.

Some announcements and news from the conference floor

• Symantec exhibit makes cybercrime tangible – The security company gave tours of its Black Market at the RSA security conference here this week.
• DHS to extend Einstein technology to private sector – The White House did confirm this week that the latest version, called Einstein 3, involves attempting to thwart in-progress cyberattacks by sharing information with the National Security Agency.
• Microsoft wants to put infected PCs in rubber room – Charney is the latest to champion the idea that infected PC users should be put in their own rubber room, so the malware, spam, and other attacks they generate can’t harm others.
• White House outlines secret cybersecurity plan – Howard Schmidt gives a talk during a town hall meeting on how the nation will face impending attacks on the cyberspace front

Interviews (link redirect to MP3 podcasts)

• Jennifer Bayuk – She says that audits do not break down, it’s the response to it that fails.
• Mark Bower, Voltage Security – The director from Voltage Security speaks about E2EE, how it will affect merchants and what we might be seeing in the future from Voltage SecureData Payments POS SDK.
• Andy Hayter, ICSA Labs – This interview with ICSA Labs discusses about anti-virus testing, education of consumers and a new initiative to use the testing ICSA does in the real world.
• Pedro Bustamante, Panda Security – A senior analyst at Panda Security explains his company’s cloud AV product and USB vaccine.
• Scott Charney, Microsoft –  A post-talk Q&A with the VP of Trustworthy Computing at Microsoft about quarantining of infected computers away from the Internet.
• Anton Chuvakin, “Security Warrior” – Anton Chuvakin talks about PCI compliance and log management.
• Edward Haletky, Anton Chuvakin – Edward Haletky chats with Anton Chuvakin about the benefits of virtualization and the issues it faces.
• Jan Hichert, Astaro Internet Security – The CEO of Astaro shares their new security products and how they are using it in social media environments.
• Chris Hoff, Cisco – Chris Hoff explains  a bit on cloud computing and virtualization.
• Mikko Hypponen, F-Secure – The chief research officer of F-Secure converses about malware and how it is evolving to new platforms.
• Jonathan Penn, Forrester – Jonathan Penn of Forrester discusses compliance and why it isn’t equal to security.
• Marty Roesch, Sourcefire – Roesch talks on the security existential crisis, Immunet and virtual appliances.
• Bob Russo, PCI Security Standards Council – Bob Russo, general manager of PCI Security Standards Council, stresses the importance of looking at your security logs and not just turning them on.
• Roel Schouwenberg, Kaspersky Lab – A conversation with the senior AV researcher of Kaspersky on APT, signature-based APT and other topics.
• Hord Tipton, (ISC)2 – The executive director of International Information Systems Security Certification Consortium expounds on the Safe & Secure Online program and other topics.
• Jacob West, Jeremiah Grossman – Two security experts share what they see as the most common vulnerabilities out there and the incentives of the ones who exploit them.

Software downloads

• VerIS Framework – Verizon released its framework for analyzing forensics data to help give organizations a better look into their data breaches.
• Playbook – Matasano offers a virtual appliance that scans for any firewall rules that are outdated, redundant, or could potentially expose a network to security threats.
• Forefront Identity Manager 2010 – Microsoft released its new identity management software, a system corporations can use to manage employees and others within an organization.

Finally, here is the official photo set from the conference and the compilation of video and audio from the keynote presentations. Watch out for RSA Europe coming this October.