Salted Hash: RSAC 2017 Recap

After recovery, and dealing with a serious backlog of email, here's some post-show notes

RSA Expo North Hall
Adam Murray

Last week, Salted Hash was in California for the annual RSA Conference in San Francisco. The week was full of drama between the testing labs and endpoint protection firms, but aside from that we managed to have a few interesting conversations, here's a quick recap.

DevOps was a topic of interest this year, and it's been a constant thing for the last three years. However, Salted Hash spoke to two researchers who reminded everyone about the risks associated with the business trend.

We caught up with Ira Winkler, who recently put out a book somewhat mocking the Advanced Persistent Threat that scares everyone senseless. It was an fun conversation, one full of memories too, because the SEA attack on IDG a while back fits his thoughts on Advanced Persistent Security rather well.

Another interesting conversation with Cybereason centered on threat actors out of China, several of them to be exact, encompassing several agents and agencies. Ironically, the report outlined the growth in privatization in the Communist state.

We got to see a new tool being revealed during the show from TruSTAR, which enables organizations to share a multitude of information about incidents and attacks, anonymously if they choose, between an internal group or the public.

Finally, after the show, ValiMail reached out to Salted Hash with some data surrounding the domains of the conference's top sponsors. According to their research, only one of RSA's 62 sponsors has a correctly configured DMARC record that's set to enforcement.

"ValiMail engineers used their domain to examine the DMARC and SPF record status for RSA’s 62 sponsors, from the 'Diamond' level all the way down to 'Bronze.' What we found was that only one company – Microsoft – had implemented DMARC correctly and set it to enforcement mode. Of the remaining domains, 4 had DMARC records with configuration errors, one was set to limited enforcement, and 15 were set to no enforcement (p=none). That leaves 41 RSA sponsors who have no DMARC records at all. The sponsor cohort is doing better when it comes to SPF, with 41 correctly-configured SPF records, 17 who have published records with errors, and only four who have no SPF record at all."

These stats build on a report issued by the Global Cyber Alliance (GCA) during the RSA conference stating that of the 587 email domains used by companies exhibiting at RSA, only 15 percent had a DMARC record. Moreover, of the 90 domains with a DMARC record, 66 percent have it set to monitoring-only, providing no enforcement whatsoever.

“As world leaders in cyber security, we can do better," said Philip Reitinger, President and CEO of GCA. "DMARC is one of the cyber security protocols that can broadly reduce risk, and the more it is implemented, the more protection if offers for everyone.”

Any memories from RSA? Head to Facebook to let us know.

Copyright © 2017 IDG Communications, Inc.

How to choose a SIEM solution: 11 key features and considerations