Q: Dan, thanks for taking the time to share your RSA Conference 2017 observations with us. What new technologies or breakthroughs did you learn about last week?
A: My pleasure. Many companies introduced new applications and systems at the conference, too many to list in fact. However, a recurring theme I heard from vendors was around DXL or Data Exchange Language. DXL is a standardized data stream which will allow security appliances and applications from separate vendors talk to each other.
There are many security network systems and applications producing data, but there are very few ways to exchange and store this information in a standardized format. This is something that many organizations are wanting to do.
As an example, your data loss prevention solution in the future will provide a DXL data stream to your incident response tool, which will then create an incident without any customized parsing required.
Bottom line is, this will allow data sharing between security tools to be much easier.
Q: Dan you’ve been a Virtual CISO many times, did any CISO’s talk at the conference about what their role looks like in 2017?
A: Yes, I actually had the opportunity to sit in a round table discussion made up of three security leaders. One of the panelists referred to themselves as the CDO – The Chief Discipline Officer. I found that quite funny and telling at the same time.
Q: What other cool new technologies did you hear about at the conference?
A: Well the Internet of Things or “IoT” was a hot topic in many of the sessions I attended. One speaker even talked about a toilet that can be controlled using a smartphone. Yes – you heard me a right – a smart toilet! When you wake up in the middle of the night you can open the app on your smartphone to switch on a light to guide you to the bathroom and warm up the toilet seat before you arrive.
There was also consensus that everything in your life will be connected to the internet and that within the year (or so) the Internet of Things will really just be the internet… not so different from the various networks we connect to now.
Q: What about security and IoT?
A: Security has definitely become a large concern regarding connected devices. Manufacturers are beginning recalls due to various security issues that simply weren’t accounted for during development. The fear of being tied to a Mirai botnet attack has finally gotten the attention of manufacturers; unfortunately it’s too little too late in some cases.
Q: What about Industrial Systems? Were there any discussions on security concerns in this area?
A: Great question. I had the opportunity to hear a speaker talk about the Industrial Internet of Things. Computer systems have been used by factories and plants for many years now and many of these systems are internet accessible. Attackers have caught onto this and are concentrating their attack on these systems. To make matters worse, many companies do not have an incident response plan in place to deal with these types of attacks.
Q: Overall what did you think of this year’s RSA Conference?
A: As always I’m glad I made the trip. Attendance reached a record 43,000 attendees and there were 550 companies setup in Expo Hall. I just wish there were more hours in the day as I was only able to visit about two thirds of the exhibitors.
I also appreciated some of the support material RSA had for the conference. These included a pre-conference webinar that covered some key items such as the expansion of the conference to the nearby Marriot Marquis hotel and the official smartphone app that allowed attendees to easily view and reserve seats for sessions.
Learn more about Online Business Systems’ Risk, Security and Privacy practice by clicking here.
If you would like to learn more about RSA Conference 2017 or any of the highlights discussed in this blog, feel free to contact Dan Lapierre.