RSA: Looking for opportunities or attending a vanity fair?
Klaudia Zaika
CEO at Apriorit | Talk about cybersecurity | Custom software development | Expertise in SaaS, XDR, EDR, SIEM, SOAR, DLP | Windows, Linux, and MacOS kernel & driver development | Embedded Systems | Reverse Engineering
This was my first experience in attending such a large conference as RSA. I find it difficult to describe how large it really was! Five whole buildings were occupied by the conference events, which included numerous reports, exhibitions, and meeting rooms.
While preparing for the conference, I thoroughly planned my itinerary to squeeze in it all the reports I wanted to attend and to meet all the interesting people I wanted to get acquainted with. However, it turned out to be quite useless as I couldn’t imagine at that moment the scale of the conference and how much time it would spend to get from one building to another. Moreover, wearing casual business clothes and high heels, I took me 15 minutes to go to the next building :) It’s just a kindly note for those who are like me.
In a word, this conference can be compared to the airport. Just incredibly large!
About reports
I spent most of my time listening to the reports devoted to ransomware and destructive attacks.
Briefly about the main trends and ideas:
1. Blockchain technologies will occupy the coming era of ransomware. Everyone can expect to get a message requiring them to transfer funds to blockchain servers. What is more, in 80% of cases, these servers won’t be real and money will just disappear.
2. Ukraine took the first place by the scale of the NotPetya attack damage:
The statistic data on the slides and reporter’s speech created an impression that the situation in Ukraine is dire. Being a citizen of Ukraine myself, I felt that I didn’t know a lot of things about my own country. However, we were able to deal with the after-attack situation quite well and recover from it quite quickly.
3. Data backups will save the world from the destructive attacks. 80% of such attacks will be detected and prevented by file system and network filters, 18% by Artificial Intelligence systems. All the same, there are still those 2%, so called zero-day attacks, we are unable to protect our data from. For this reason, all the global protection products have to offer the backup functionality to be able to restore the data in case the system has been attacked.
4. When designing a protection system for your enterprise, pay close attention not only to the operational department but also to the production one. These two departments are closely connected with each other, and failure of the production one can cause even more considerable losses.
5. When installing new applications to your phone, it is important to carefully read what you are asked about. You can be asked an administrator password, permission to load in the boot mode, etc. You have to stay alert. In case some untrustworthy application has been installed, reboot your device to start working in the boot mode and delete this application.
6. What can be done with the attacks on the global scale and how can our data be secured from them?
In the United States, it is a common practice to hold the training sessions for the employees to increase their awareness about how an attack and ransomware look like and what has to be done if a dangerous situation arises. Also, an idea was presented about providing a possibility of sending an immediate incident response for further expert analysis at the state level. I personally think that such training sessions have become an obligatory measure in our modern world, where people have to be very well aware about the cyber threats that can affect them and what to do if you’ve become a victim of one. As Benjamin Franklin said: “An ounce of prevention is worth a pound of cure”.
At the end, the WannaCry creator was led under guard into the conference room. Immediately there fell complete silence. It felt as if they brought a murderer to the room. Someone from the audience asked about how he felt after committing such a crime. Someone asked what he was doing now. He said that he is creating a bot outside of the United States. As for WannaCry, he said that he had created it not for himself and definitely not to attack the whole world. I liked him very much - he had the most charming wide smile and looked completely different from a guy who is hacker! Very cute, without any doubts :)
7. Also I visited the Car Hacking section completely by accident. I had a meeting appointed there, but it was canceled. There I was lucky to catch the Gears Fuzzing report. We are fuzzing the applications, and other people are fuzzing the engines! Automotive domain has been rapidly developing, and remote control and artificial intelligence have been actively employed and tested to be resistant to various kinds of threats. However, the same fuzzing techniques are used - entering selection of input data and investigating behavior of an engine instead of software :)
8. There was an excellent report that had to do with Threat Intelligence. The reporter recommended useful links to the third-party libs:
- #cymon.io https://www.cymon.io/
- #staxx https://www.anomali.com/platform/staxx
- #HarbingerThreat Intel Corporation https://github.com/exp0se/harbinger
These links are quite popular. After getting back to Ukraine, we offered to employ them as an analysis engine to our customers.
9. Deception – red line of the conference! For DB, server, encrypted network protocol! Even when you met an old friend who is working in progressive company in California. On question “what’s new?” he said that he had found a lot of good concepts for Deception!
10. Unfortunately, it was simply impossible to attend all the reports I would like to attend as a lot of them were conducted simultaneously, some of them were overlapped by meetings, and some I just overslept. Some reports started at 7 AM! So I’m very glad that I got my share of interesting information and news of the cyber threat world!
Exhibition
It’s just impossible to imagine the feelings of a person who was engaged into development of similar products as those ones presented on the exhibition, tried to get demos of them, get details about their functionality and behavior. And here they were all available and you could ask for a detailed demonstration or description of their features and functionalities. I tried to learn and memorize everything that I saw and heard! During the event, I got a feeling as if I could embrace the whole world!
Approximate statistical data about the products presented at the exhibition:
- 45% - the USA companies expected for the conference in the USA.
- 25% - the Israel companies. So really Israel is a Cyber Security country.
- 25% - the South Korea companies. These guys are very open to discuss any technical opportunities and to invite you to their friends when they are confident in partnership.
- 5% - the European companies. Most of them are startups, which are looking for some collaboration and partnership. This is very cool!
In general, there were a lot of companies of various sizes from different countries.
The representatives of the marketing agencies stood near the mainboards. There were able to provide a thorough explanations of technical details of their products.
There were a couple of funny stories when the companies recommended partnership with @Apriorit to each other.
Of course, each day of the exhibition ended with treatments from the conference sponsors:
There were larger events for which we didn’t have enough strengths left :) Apart from the conference, we had a lot of meetings with our current customers.
RSA is a fruitful event on Cyber Security arena! Hope to see you all guys, whom we met up with, at next RSA!
Please feel free to ask me about the event, technologies and share some other useful information.
Apriorit #CyberSecurity #RSAC #RSA2018 #ITevent #Ransomware #DestructiveAttacks #Ideas #blockchain #NotPetya #Petya #cyberattack #WANNACRY #databackup #Filesystem #Database #DatabaseProtection #NetworkProtection #AI #ArtificialIntelligence #ZeroDayAttack #Protection #datarecovery #datarestore #SystemProtection #EnterpriseCyberSecurity #CyberSecurityTips #MobileCyberSecurity #DataSecure #cybersecuritytraining #employeeawarenesstraining #WannaCryCreator #CarHacking #GearFuzzing #Fuzzing #remotecontrol #Automotive #threat #Threatintelligence #LIBS #Deception #encryption #cyber #RSAStatistics #patrnership