This year’s RSA Conference in San Francisco gave security professionals, executives and other attendees a lot to choose from as they tried to help their organizations prevent cyberattacks and mitigate the risk of insider threats. Apple’s current flap with the FBI on encryption was a big point of discussion throughout the event, including during keynotes. Amit Yoran, the President of RSA, came out strongly against government backdoors and weakening encryption.
Fasoo’s theme this year was Design Your Data Security Blueprint and visitors to the Fasoo booth got to see how the Fasoo Data Security Framework and Sparrow could help them achieve their goal of protecting their sensitive data from getting into the wrong hands.
A lot of conversations centered on the understanding that it’s not a matter of if I get hacked, but when. I spoke to one gentleman who was talking about the concept of security crumple zones where you assume that some layers of your security will get breached. The concept is similar to car safety, where the ultimate goal is protect what is most valuable. Fasoo was showing attendees a multi-layered approach to data security that relies on a data-centric security model with people-centric policies. This allows an organization to protect critical data immediately and adjust access control policy as roles and people change.
As concerns about inevitable data breaches have reached the board level in organizations, talk has turned to mitigating risk, as opposed to stopping breaches. Most people understand that you can’t eliminate risk, but you need to minimize its negative affects.
To have some fun with this topic, Fasoo had a game called “What’s My Risk” where contestants spun a wheel to pick a risk, like lose a laptop. They would pick a possible solution that showed what they did to help mitigate the risk; choices included “Do Nothing”, “implement Endpoint Encryption”, “use DLP”, and use the Fasoo Data Security Framework. This generated a conversation to discuss if they were protected, protected somewhat or not protected at all. The contestant got a Fasoo Data Security t-shirt with the outcome for their participation.
Participants had a chance to qualify for an Apple Watch if they posted a picture of themselves on the expo floor wearing a Fasoo Data Security t-shirt and post it on the Fasoo Facebook page. Check it out to see who posted their picture.
Another main topic during the show was threat analysis and approaches to eliminate or at least reduce the damage done by cyber and insider threats. During his keynote, Amit Yoran said, “We are only pretending when we think that firewalls, anti-virus, etc. are going to be good enough. Yet, that isn’t translating into actual changes.” A lot of the attention is still focused on infrastructure, but conversations finally are turning to protect the data itself and really understand how people are using or misusing sensitive information.
A lot of visitors to the Fasoo booth were very interested in how Fasoo RiskView can help them understand user behavior and how it may indicate risk to sensitive data. By using machine learning algorithms. it can help an organization define baseline normal usage patterns and then detect anomalies to help predict potential threats. The current state of malware and zero-day attacks are so sophisticated that applying strong encryption and controlling permissions to that data is still the only way to truly protect it. Understanding the usage of both protected and unprotected data is a more focused approach to threat analysis than many are currently using.