RSAC 2014: RSA Conference (Day 2)

While I was in meetings this morning, Grant managed to capture the chaos of the moment as the north expo hall opened up.

See larger image.

Day two of the RSA Conference is where things get interesting.

There is plenty of product news to be had at the show, but the trick is to find the stories behind that. Most of my meetings today will center on story development and source work. It’s not that I don’t see value in product news, there is value to a degree, but unless it is overly compelling, I skip product pieces.

Earlier this morning I posted a story written by Grant, who is here at the show with me. He attended a Hacking 101 class, and had a blast with it. I think he learned some valuable lessons about hacking and the method to the madness.

In other news of note, during his keynote address this morning, Art Coviello, Executive Vice President of EMC Corporation and Executive Chairman of RSA called for international cooperation on major issues including cyber war, surveillance, privacy and trust on the Internet, between the government and private sector. In addition, he also made an argument for intelligence-driven security solutions, something that RSA has been pushing for years. However, some feel that might easier said than done.

“Intelligence driven security may be seen as the future of network security, but detection and prevention alone are not sufficient.  Recent data breaches have proven that. A well laid out security architecture needs to have layers and defense in depth. We should assume that detection and prevention tools can only go so far.

“The next and last layer of defense needs to be around data and information, and that means surrounding information with strong encryption, authentication and access controls which provide the additional layers necessary to protect consumer and corporate information.” – Prakash Panjwani, SVP and General Manager, Data Protection, SafeNet

Today’s topic is Whitelisting. It’s a handy security control, but it needs to be used with caution. When asked, Pierluigi Stella, the Chief Technology Officer of Network Box USA, offered his thoughts.

“Whitelisting is a term used a tad too loosely in my opinion. My customers use it for both email addresses and URLs. Whitelisting email addresses needs to be done carefully; a spoofed email address may carry a zero day threat, which your anti-spam could’ve stopped. Whitelisting of URLs can be a problem as well; it means putting implicit trust in the content of the URL at all times.

“People who whitelist their own email address, thus inviting huge amounts of spam coming from themselves. This is an exceedingly dangerous practice, considering that the anti-spam is a great tool to help block zero day attacks. Another equally precarious move is the whitelisting of entire domains – now that’s truly a bad practice, no exceptions. Spoofing of domains is all too common and whitelisting of entire domains should be avoided at all costs.”

Leave a comment and offer some pros and cons about whitelisting, as I’d like to get a wider take on the topic. If you’re at the RSA conference and see me out and about, don’t hesitate to say hi. If you’re reading along at home, I plan on updating this post later today.