Menu
Huge turnout at RSA shows hackers are winning

Huge turnout at RSA shows hackers are winning

The high number of attendees and exhibitors at security confab are indication of troubled times

In the battle between enterprises and malicious hackers, the bad guys are clearly winning, judging by the sheer number of people and exhibitors at the RSA security conference going on in San Francisco, this week.

With an estimated 30,000 attendees and more than 400 exhibitors, RSA 2014 is the biggest event since its launch as a conference for cryptographers in 1991.

That's clearly a good thing for RSA, which by one analyst's estimates generates more than $100 million in revenues from the event. It's also a great thing for security vendors because it shows demand for their products is booming.

But the conference's growth is a also sobering reminder of the continuing challenges enterprises face in protecting their networks and data against malicious attackers. The RSA conference is not a Consumer Electronics Show or a Mobile World Congress. If demand for security products is increasing, it's because security tools are not doing the job well enough, enterprises are not implementing them properly or because hackers are finding new ways to breach networks.

Whatever the reasons, the security problems are continuing to grow for companies. It's one thing to have a home alarm system and another thing entirely when it takes guard dogs, perimeter fences, security grills, motion detectors and guns. Then it becomes an indictment of the entire neighborhood.

Year after year, vendors use RSA and similar venues to tout state-of-the-art security technology. Some of the products are enterprise tested and ready. Many are vaporware products fueled by hype from venture capital dollars.

This year is no exception. Two cavernous halls at San Francisco's Moscone Center are filled with vendors offering a dizzying array of products purportedly addressing every conceivable enterprise security need.

There are technologies for predicting, detecting, blocking, responding and mitigating attacks. There are tools that let enterprises measure risk, prioritize assets, control privileged users and monitor network behavior on a continuous basis.

Like every year, some products are touted as trend-setting, just like antivirus tools, firewall technologies, security incident management products, IPS products and data leak prevention tools were pitched a few years ago. This year, the buzz is about automated threat monitoring, network intelligence, data analytics and incident response.

Many vendors are using the breach at Target as a classic example of what could happen to enterprises that fail to implement their specific product or technology.

"If you have an intelligent opponent, it behooves us to make our systems better," says Sam Curry, chief strategy officer and chief technologist at RSA. The best way to do that, he said, is to combine traditional approaches with data analytics and selective automation of crucial processes.

Meanwhile, IT security practitioners have their own priorities. For them, the challenges are more about finding the budget and the resources needed to keep their networks and their data safe. For them, it's about secure design and development, reducing points of failure, and implementing role-based access control and principles of least privilege. It's about metrics and measuring security ROI.

It's also about people. A survey sponsored by Hewlett-Packard Co. and released at the conference shows that about 40% of available IT security jobs this year will go unfilled. About 56% of the 500 companies surveyed had no chief information security officer and only 32% offered a career path in the security field.

"What we see is a great increase in cyber offensive capabilities," on the part of hackers, said Jacob West, HP's chief technology officer. The lack of skilled professionals is creating a skills gap between adversaries and industry, he said. But that's not the only problem. The larger issue is the lack of security roles among application designers, developers, quality assurance teams and operations teams, West said.

For Greg Schaffer, CISO at technology investment firm the Circumference Group, information security is "ultimately about people, not about technology."

Enterprises can implement all the technology they want, but without the right people in place, the technology will do little to help, Schaffer said during a panel discussion.

In the information security space, "success is about incremental progress," he said. Like ants, cyber thieves will find a way to get inside even the best protected home. The key is in being able to detect and eliminate them, when they break in.

Some of the best minds in the industry are working on finding new, repeatable ways of detecting, blocking and responding to attacks in a more effective way. Some day soon they better start working more effectively.

As Gary Gagnon, CISO at MITRE, a technology research firm, said the increases in security budgets that enterprises have seen in recent years cannot be sustained. At some point, enterprises will need to find a way to bend the budget downward again.

Meanwhile, hackers keep breaking into systems, and no one can really say why that is happening, despite the billions of dollars spent on products like the ones showcased at RSA.

This article, Huge turnout at RSA shows hackers are winning, was originally published at Computerworld.com.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Read more about security in Computerworld's Security Topic Center.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Cybercrime and Hackingdata securitysecuritydata protection

Featured

Slideshows

Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Veritas honours top performing trans-Tasman partners

Veritas honours top performing trans-Tasman partners

Veritas honoured its top performing partners across the channel in Australia and New Zealand, recognising innovation and excellence on both sides of the Tasman. Revealed under the Vivid lights in Sydney, Intalock claimed the coveted Partner of the Year 2017 (Pacific) award, with Data#3 acknowledged for 12 months of strong growth across the market. Meanwhile, Datacom took home the New Zealand honours, with Global Storage and Insentra winning service provider and consulting awards respectively. Dicker Data was recognised as the standout distributor of the year, while Hitachi Data Systems claimed the alliance partner award. Photos by Bob Seary.

Veritas honours top performing trans-Tasman partners
An Evening With Eugene Kaspersky for Kiwi partners in Auckland

An Evening With Eugene Kaspersky for Kiwi partners in Auckland

​New Zealand partners came together for An Evening With Eugene Kaspersky in Auckland, an invitation only event as part of Kaspersky Lab Partner Engage. Following an evening of insights and executive networking with the founder of Kaspersky Lab, Eugene Kaspersky, Kiwi partners got up close and personal with Eugene in an unprecedented​ panel discussion. Facilitated by Reseller News, this panel explored channel relationships, successful business strategies, and the latest ground breaking technologies to impact the security market. Photos by Maria Stefina.

An Evening With Eugene Kaspersky for Kiwi partners in Auckland
Show Comments