7 Vivid Images Security Experts Invoked At RSA 201210:00 AM EST Tue. Mar. 06, 2012
Security vendors and researchers sometimes use colorful imagery to illustrate the magnitude of the threats they face. At RSA 2012, we heard the usual battleground imagery, and a requisite sprinkling in of references to Sun Tzu's The Art Of War, but there were other examples that framed security industry issues in more creative ways.
Here are seven of the most memorable examples from this year's event.
RSA President and Chairman Art Coviello invoked Sun Tzu's The Art Of War in his keynote at RSA 2012, paraphrasing the part that says, "If the trees are moving, then your enemy is advancing," to illustrate the need for companies to remain ever vigilant against attacks.
People in the security industry as a whole have "been going through hell" in the past year, Coviello told attendees. "In our interdependent world, we need to understand that an attack on one of us is an attack on all of us," he said. "But, together, we can all learn from these experiences and emerge from this hell smarter and stronger than we were before."
Enrique Salem, president and CEO of Symantec, described the younger generation, i.e. those born in the 1990s, as "digital natives" who use social networking, cloud and mobility as readily as they use oxygen. The influence of these digital natives cannot be underestimated, Salem said.
"This is the future of business," Salem said in a keynote at RSA. "It is a freight train of change that is hitting like a sledgehammer."
The Anonymous attacks have fueled security spending, but they've also fueled the practice of selling on fear, said David Litchfield, chief security architect at Accuvant, a Denver-based security solution provider, in a panel discussion at RSA. In his view, vendors would be better served by advocating adherence to security best practices.
"Anonymous is a useful tool for people who excel at [fear, uncertainty and doubt]," Litchfield said at RSA. "It has got out of hand and is being used as a stick to beat people. It's selling FUD, and we need to get away from that in the security industry."
In a presentation at RSA, Joshua Corman, director of security intelligence for Akamai Technologies, and Gene Kim, a security researcher and founder and former CTO of Tripwire, gave credit to Amazon for Chaos Monkey, a testing feature for Amazon Web Services that randomly kills processor and server instances to test the system's response to unexpected outages.
Corman and Kim said a similarly strenuous approach to testing is also seen in what they called "Rugged Security," an approach that marries DevOps, a set of processes for collaboration between software developers and IT operations teams, with security.
In a panel discussion on Lulz Security at RSA, Roel Schouwenberg, senior antivirus researcher at Kaspersky Lab, said despite popular belief, hackers don't always target organizations with the least amount of security technology.
"It's not about running faster than the slowest guy when the bear is chasing you," Schouwenberg said. "Sometimes, bears will ignore the slowest guy and go after the fastest guy, because the fastest guy poses the bigger threat."
Bruce Schneier, a renowned security technologist and CTO of BT, used the term "feudal security" to describe the phenomenon of people depending on vendors to protect their private information. The lobbying efforts of these companies have led to a "hands-off policy" in the U.S. by government regulators, placing consumers at a disadvantage when it comes to data control.
Tom Reilly, vice president and general manager of HP Enterprise Security, and Hugh Njemanze, CTO and VP of worldwide R&D, said the fast pace of threats requires closer collaboration between security experts. They see parallels to the 12th-century Japanese samurai code of conduct, called Bushido, which embraces the idea of banding together to address issues of common importance.