Security Intelligence Comes to the Foreground
First, it was an excellent conference, likely the quintessential event for C- level execs in enterprise security. It wasn’t a Black Hat, ISSA or BSides type event – it was focused on executive effectiveness in getting enterprise security done right. Security is certainly in the limelight, and the need for security intelligence was evident.
Playing Chess with APTs
Anton Chuvakin gave an interesting presentation paralleling battling Advanced Persistent Attacks with playing chess successfully. I’ve been an avid reader of Anton’s research for over a decade, and I can attest – he is a craftily insightful individual. I would not want to play him in chess!
SIEM Finally Hits Prime Time
If you have experience with Security Information and Event Management (SIEM), I’m sure you are aware it could still be characterized as nascent, even though it’s been around over a decade. SIEM can be characterized as an open ended commitment that never ends – it’s not a project you complete and it’s done, according to the security practitioners I encountered.
Then why would anyone do it? In this security environment, it’s all about visibility. As Lt. Linus J. Barloon said in a great preso made jointly with FireEye, it’s the “single pane of glass” through which a security team can see everything going on. Priceless.
The Sad State of Affairs with Endpoint Security
We met with Peter Firstbrook, and it was incredibly helpful for us, as a young security company with innovations to augment existing endpoint security and system management. Current endpoint security approaches are failing, which is particularly bad since the endpoint tends to be the attack vector for malicious attacks.
Security is still somewhat about maintaining appearances, with highly visible, yet largely ineffectual actions. Erm, like making all users change their passwords with difficult rules – but not figuring out ways to make the users more productive and secure. Seems like many security programs still revolve around token attempts to “just do something.”
It was a great conference – IT security is such a hot area – I heard attendance was 50% higher than two years ago. I guess enterprises have gotten the “wakeup call” on the need for better security!