RSAC 2017 focuses on five hot topics

Monday, February 13, 2017

RSA, the annual global security event, will open on February 13, us time. Several hot security topics, technology trends and controversial issues have attracted the attention of the global information security community.

Unlike previous RSA conferences, it's hard to say which or which two themes will be the focus of the conference. It is expected that Internet of things (IOT) security, machine learning, security operation analysis and platform, blackmail Trojan will be the main topics to be discussed. In addition, the new U.S. government's cyber security policy will also be focused.

This year's RSA conference invited keynote speakers such as General Alexander, former director of national security administration, Brad Smith, President of Microsoft, McCaul, chairman of Homeland Security Council, and Chris young, CEO of McAfee.

The rise of machine learning

Machine learning has been a hot word in the security field recently. This RSA conference should continue to focus on this topic. It is expected that the topic of artificial intelligence and machine learning will be the king of popularity in this RSA, and will be discussed by major enterprises.

At present, large and small security vendors are moving from signature based anti-virus and malware products to machine learning mode, instead of relying on existing malware definitions to detect threats. Despite some defects, users continue to question the effectiveness of the software. Recently, traditional anti-virus software has been criticized by the industry. But it remains to be seen whether the advanced threat detection products of machine learning can really replace anti-virus software.

Some security professionals believe that machine learning should be regarded as the intelligent layer of security defense, which can accelerate and automate some analysis. That is to say, machine learning, although limited at present, does not mean that it cannot play an important role in appropriate application cases.

The interest in artificial intelligence (machine learning) actually comes from network security users. In the process of pursuing this known unknown in the security industry, a large number of growing logs and alarms have caused great pressure on Enterprises: more than 37% of security personnel have to face up to tens of thousands of alarms every month, and 52% of them are false alarms that make people false alarm. It is almost impossible to find and judge all abnormal behaviors by human.

Internet of things security and DDoS attack

The security topic of the Internet of things will be one of the important contents of RSA discussion. Previous RSA conferences also discussed the IOT threat, but mainly in theory, the world-renowned DDoS attack last year turned the threat of the Internet of things into reality.

Compared with the data leakage events that often occupy the media's top column, DDoS attacks have been bothering enterprises, but they are regarded as more minor troubles than major threats. Until October 2016, the United States broke out an unprecedented DDoS attack: the peak traffic exceeded 1TB, resulting in a large area of network disconnection in the east of the United States. This DDoS attack is more concerned than ever because of the Mirai botnet feature that launched the attack. Some security vendors are expected to release new products to deal with DDoS attacks, but this attack makes the industry more worried about the security of the Internet of things (IOT).

Botnets usually hijack computers to launch attacks, but Mirai botnets use intelligent devices connected to the Internet of things, such as surveillance cameras and digital video recorders. That is to say, it security personnel who have been responsible for the security of computers and mobile computing devices for many years now have to worry that the next security threat may come from air conditioning monitors, elevators or even smart toothbrushes.

More and more organizations are deploying IOT devices, which provides greater opportunities for botnets. As the only Chinese institution involved in the coordinated handling of the US outage, 360 released data showing that the number of IP devices actually infected worldwide is more than 600000.

In this context, it is expected that many RSA attendees would like to know how to deal with the security threats of smart devices. We hope that the security industry will be ready for the next record DDoS attack on critical infrastructure.

From Siem to security operation and analysis platform architecture

With the focus of security shifting from protection to detection and response, traditional log management and event related products have been unable to meet the security needs. Artificial intelligence and machine learning algorithm are needed for real-time data processing and analysis. The operation and analysis requirements of enterprise security will promote integration: with Siem products as the core, it will be integrated into the security operation and analysis platform architecture (soapa) called by ESG group.

In the past, security analysis and operation were mainly based on logs, events and other data. Now, applications, databases, networks and system logs from terminals, networks, Threat Intelligence and malware are also supplemented.

Security experts believe that the security operation and analysis platform architecture (soapa) will include a comprehensive platform including Siem, terminal detection and response, event response, network security analysis, machine learning algorithm and Threat Intelligence, sandbox, so that security analysts can use different tools to conduct real-time data mining and threat disposal.

At present, leading international security companies are developing in this direction, such as IBM's acquisition of resilient systems to obtain event response platform functions; Splunk's acquisition of caspida to obtain machine learning algorithms. In 2016, the domestic 360 enterprise security also released an innovative product called the new generation situation awareness and security operation platform (ngsoc), which integrates EDR, threat intelligence, security analysis, sandbox and other functions into SOC, greatly improving the ability of government and enterprise users to detect and deal with security threats.

Next big terminal Kit

Last year's RSA conference focused on what is known as the next major new category of terminal security. The focus in the security market began to shift to terminal protection, which promoted the breeding of a large number of new security start-ups.

Research Institute ESG in 2016 found that many security manufacturers have released new terminal security products with advanced protection, detection and response functions. Among them, 360, the leading domestic enterprise in security, also released the terminal security protection system including EDR function. Security experts predict that this year will see the gradual maturity and integration of the new generation of terminal security. Terminal security is no longer an independent security field. Security manufacturers will release open APIs, ecological partners and scenarios for network security and safe operation.

Trump effect

RSA conference has been full of controversial topics in the past, and security people think that this year may also focus on another controversial topic. Glade, content manager at RSA conference, believes that the topic of network security has never been so concerned. The US presidential election was attacked by Russian hackers, which made the mainstream understand or at least discuss the national cyber attacks. At present, there are still many unknowns about the new U.S. government's network security policy and its impact on the security industry and even the greater business environment, which will trigger a heated discussion among security participants.

Some technology companies, institutions and conferences have recently opposed President Trump's executive order banning Muslims from seven Middle East countries from entering the United States. Among them, Microsoft, Google and Intel have also submitted legal documents against the executive order. The RSA conference claims not to have been affected by this executive order. McCaul, chairman of the U.S. Homeland Security Council, will give a keynote speech at the conference. He is reported to have promoted the issuance of the executive order. His support for the executive order is expected to be criticized by participants.

Boundless Security Innovation

The theme of this conference is "power of opportunity". Once again, it emphasizes the significance of Security Innovation: when the traditional security model is becoming weak, there is no boundary for security innovation. It is the emphasis on innovation. In addition to the annual innovation sandbox, 10 security innovation enterprises will compete for the "RSAC 2017 most innovative security start-up Award".

This year's RSA conference also set up "RSAC start-up enterprise Exhibition". 40 start-up security enterprises from the United States, Israel and other countries are here to show their new ideas to deal with security challenges.

At a time when the security industry is experiencing disruptive innovation, new entrants may bring new ideas to deal with security challenges.