RSA Announces End of RSA Security Conference

Aims to bring clarity to cloudy marketing messages through exhibit hall chotskies

Bedford, MA., – April 1, 2014 – RSA, the security division of EMC, today announced their intentions to end the popular RSA security conference and establish a new cloud-security, cloud-only conference.

RSA plans to leverage the increasing popularity and VC spending on cloud-security companies to refocus their security conference efforts on all things cloud-security. “We just felt that since 90% of the security vendors are using cloud logos in their marketing literature that we could better serve the security community by adopting the same tactics.” Said Alex Bender, General Manager of RSA Conference. “For over a decade RSA has provided the security community with a cutting edge conference experience unmatched in the industry, but we also need to recognize that the security industry has become cloudy and if we want to maintain our competitive conference advantage we also needed to get cloudy.” Alex went on to add “who knows maybe we will scrap this whole thing for a advanced security analytics only conference in the next couple of years, that noise is making the rounds as well.”

“Honestly I’m not sure what any of this has to do with nephrology, we have been researching clouds for decades and I still do not quite get the connection between information technology and changes in atmospheric CO2 leading to changes in global climate models – but wow do those cloud-security companies raise a ton of money.” Stated Berkeley Labs Scientist David Romp “A cloud may look like just a billowing mass of air, but cloud dynamics in fact involves complicated physics. IT clouds are just a bunch of interconnected tubes or something.”

RSA will officially announce the new RSA Cloud Security Conference at EMC’s IT technology conference EMC world in Las Vegas.

About RSA Conference

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. We help the world’s leading organizations (including 90 percent of the Fortune 500) succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, providing compliance and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption and key management, SIEM, Data Loss Prevention and Fraud Protection with industry-leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated

FORWARD-LOOKING STATEMENTS: This press release contains forward-looking statements within the meaning of U.S. federal securities laws, including expectations regarding the closing of HP’s acquisition of Symantec and the integration, or lack thereof, of its products and technologies into HP’s products and solutions, that involve known and unknown risks and uncertainties that may cause actual results to differ materially from those expressed or implied in this press release. Such risk factors include, among others, satisfaction of closing conditions to the transaction, our ability to successfully integrate the merged businesses and technologies, and customer demand for the technologies and integrated product offerings. Actual results may differ materially from those contained in the forward-looking statements contained in this press release. Additional information concerning these and other risk factors is contained in the Risk Factors sections of HP’s and Symantec’s most recently filed Forms 10-K and 10-Q. HPassumes no obligation to update any forward-looking statement contained in this press release.

Red Dawn: Unit 61398 – Now What?


Some of my ‘so-called’ friends that help organize the RSA Security Bloggers event have decided that folks that attend should actually have blogged something recently, well I haven’t so to make them happy…

With the increasing frequency and severity of advanced threats perpetrated by highly-organized and sophisticated groups and nation-states, enterprises need to realize that they are either compromised or will be soon. Traditional techniques need to be augmented with more sophisticated and exhaustive methods to provide visibility into all aspects of the internal environment – this requires continuous monitoring and analysis of all ingress and egress traffic patterns from every host on the network regardless of the source, destination or type of traffic.

There are 5 key initiatives that every organization should implement:

  1. Invest in security professionals that have strong experience with forensic investigation and incident response
  2. Implement incident response programs that complement and extend current prevention approaches to information security
  3. Deploy network security technologies that provide deep visibility into the state of the internal network and can collect, analyze and archive massive amounts of all network flow data
  4. Ensure network monitoring solutions integrate with existing network security tools, such as IDS/IPS, SIEM, and firewalls
  5. Make security awareness throughout the organization an ongoing element of the information security program

Brevity is a gift shared by very few in the security industry =)

20 Years in Infosec; Time to Party like its *1999

I am not a big fan of AT&T (here), but this video from AT&T released in 1990 is about the most insightful view into modern day infosec I’ve ever seen (here) and since it was produced pre-brick walls on fire and simple clouds to depict complex relationships it is more believable than most security marketing crap.

Neat story;

We began homeschooling this year – why? convictions, ideals, teaching to excellence versus teaching to the medium – as part of this the boys (11 & 13) are to keep up with current affairs of their choosing. My older son was quite intrigued by a story in the Economist about **Iran, something about how if they are bombed it would only slow down their nuclear ambitions, not destroy them, and worse it would dramatically increase global crankiness.

As he was sitting down to prepare his report I received an email from a reporter in Azerbaijan asking for comment on Iran’s cyber-security capabilities, especially as it relates to their nuclear program…a topic I am uniquely unqualified to comment on, but here nor there…so the other morning my son read his report, which included  his dad’s quotes from the Azerbaijani article. As a father it’s cool to draw the world full-circle like that, but the the entire experience made me feel really old and reminded me that a new generation of folks needs to be mentored and enabled.

* why would a disciple of the eternal order of the packet want to party like its 1999?

Perhaps 1999 was the first year that folks actually believed they could make a difference or more likely that was the year that the majority of security products in use today had all been invented by, since then its been a three-way battle between fail, bravado, and dreams deferred to produce iterations of the previously invented, but really nothing new

** disclaimer: I know very little about making money (or Iran), but the markets will be impacted as western powers continue to intentionally spread democracy across the Middle East, do with that information what you will

Searching for Privacy in a World Without Secrets

“I am not a number, I am a free man”

IDC reported that we generated and replicated 1.8 zettabytes – that’s 1.8 trillion gigabytes – of data in 2011. To give you an example of scale you would need to stack CDs from Earth to the Moon and Back again – twice – to represent that amount of data and its expected to grow 50x by 2020. Interesting factoid: Through April of 2011 the Library of Congress had stored 235TBs of data. In 2011 15 out of 17 sectors in the US have more data per company than the US Library of Congress, much of that data is about you.

Facebook is preparing to raise $100 billion, yes a hundred billion, in a highly anticipated IPO next spring. Twitter is valued at $10 billion, and social media companies are pulling massive valuations. In terms of data, roughly 4 billion pieces of content are shared on Facebook every day, and Twitter registered 177 million tweets per day in March of 2011. The success of these companies, and many others, is trade in human commodity. There is an inherent value to your tweet, your wall post, becoming mayor at some DC cafe or posting your location to wherever people post those things, but the real value is simply in your existence as a number in a sea of other 1 and 0’s.

We are entering a world where every aspect of our lives, short of those thoughts we hold deep, will be processed, indexed, analyzed and archived forever. What we search for, our online activity, where and how we drive, what we buy; when and how often, our health, financial, and personal records digitized for quick sale to the highest bidder. Never before have we had the ability to implement systems to handle massive volumes of disparate data, at a velocity that can only be described as break-neck and with this ability comes the inevitable misuse.

The commercial implications for companies seeking access to this depth and breadth of customer intelligence is clear, but this same information federated with the analysis of unstructured video, picture, voice and text data in the hands of our government or one that meant us harm is truly frightening.

Social media is an interesting experiment in applying a large scale operant conditioning chamber to a mass population, the law of effect is a retweet, a friending, being listed on a top x most influential list, or whatever else elicits the desired response. We leap head first off the cliff of technology and only concern ourselves with the implications when they become a problem for us.

The irony is that in our search for identity and individuality in an increasingly digital world we have willingly surrendered that which we used to hold so dear – our privacy.

May future generations forgive us.

Class-action Lawsuit Against HP for Not Disclosing Security Vulnerabilities Has Huge Implications

On December 1, 2011 a Class-action lawsuit was filed in United States District Court Northern District of California against Hewlett-Packard, alleging violations of The California Consumer Legal Remedies Act for Injunctive Relief and the California Unfair Competition Law based on non-disclosure of a known security vulnerability (read the filing here)

Nature of the Action

l. Plaintiff brings this action individually and as a class action against Hewlett-Packard Company (“Hewlett-Packard” or “HP” or “Defendant”) on behalf of all others who purchased a Hewlett-Packard printer (the “HP Printers”).

2. The HP Printer’s suffer from a design defect in the software (which is also sometimes referred to as “firmware” ) that is resident on the HP Printers, which allow computer hackers to gain access to the network on which the HP Printers are connected, steal sensitive information, and even flood the HP Printers, themselves, with commands that are able to control the HP Printers and even cause physical damage to the BP Printers themselves.

3. Despite Defendant’s knowledge of the design defect in the software of the HP Printers. Defendant has failed to disclose the existence of the defect to consumers

4. As a result of the facts alleged herein, Defendant has violated California laws governing consumer protection.

Continue reading

One Warm Coat…Two Changed Lives

<Warning: This post has nothing to do with technology, information security, or anything else I normally blog about>

This post is dedicated to the memory of Stephanie Renee Fong

When I was in my early 20s I met a young women named Stephanie, we quickly grew very close. Stephanie was special to me in many ways, but most of all she always seemed to provide me so much warmth and comfort.

One winter she had bought me this really cool warm coat, she ended up wearing the coat most of the time to the point that the coat smelled like her…which always brought a smile to my face.

Stephanie was allergic to legumes and also suffered from Asthma, which required her to use a special prescription inhaler. I never realized the extent that allergies can impact us until one day in August 1994.  Continue reading

Incomplete Thought: Are You Really Data-Driven or Just Using Data To Prove a Point?

I love data, I love the benefits that data analysis offers, and I love the concept of large amounts of data being massaged, queried, and providing insights through a whole new set of technical innovations – and there are many in data right now. In fact I believe that this year has probably been the largest year for VC investments in database technologies in a really, really long time (Recent VC investment in NoSQL companies; Neotech $10.6m, Datastax $11m, 10Gen $20m, Couchbase $14m + all the $ in big data, BI and analytics)

Continue reading