Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.
The industry is heading to the world’s leading information security conference, RSA Conference, taking place February 24-28, 2020 in San Francisco. What will be hot at this year’s conference? According to Mirko Zorz, editor-in-chief of Help Net Security, in an interview with Mark Cooper, aka The PKI Guy in The PKI Guy’s Q&A Series, “I’ve been coming to RSAC for nearly 20 years and it’s definitely the place where you can find out what industry leaders are thinking.” Zorz anticipates these topics will get a lot of attention this year:
- Voting, election security and the impact of disinformation campaigns
- Using machine learning and artificial intelligence
- IoT, the insecurity of medical devices, car hacking
- The implications of GDPR and the introduction of CCPA
- The insecurity of Industrial Control Systems and the increased convergence of IT and OT
- The impact of open source tools on product security
Oregon companies will at RSAC 2020 in full force. Here are Cyber Oregon sponsors that will have a presence:
CrowdStrike, Booth 5345 (North Hall)
CrowdStrike continues to expand its CrowdStrike Falcon platform, adding new capabilities and gaining important new partnerships. CrowdStrike will present throughout the conference, including a keynote, “Hacking Exposed: Global Threat Brief” on Wednesday, February 26. For details about presentations, please visit the blog post: CrowdStrike’s Approach Echoed in RSA 2020 Theme, “Human Element.”
Eclypsium, Booth 29 (Early Stage Expo)
Eclypsium defends enterprises and government agencies from vulnerabilities and threats hidden within firmware that are invisible to most organizations today. At the conference, it will showcase its enterprise firmware protection platform.
Fidelis Cybersecurity, Booth 1441 (South Hall)
Fidelis Cybersecurity will be presenting the APT28 attack simulation. APT28 is the advanced persistent threat that targeted the Democratic National Committee email system in the 2016 Presidential Election. According to the Fidelis blog post, “APT28, commonly referred to as “Fancy Bear,” employs sophisticated methods consistent with the capabilities of nation-state sponsored threat actors.”
The human element is the overarching theme at this year’s RSA Conference. Fidelis offers these 5 tips for putting the human element front and center; read more on the blog post:
- Enable your Cyber Warriors to know the terrain better than your adversary.
- Understand the attacker’s motives and objectives.
- Engage the attacker prior to impact.
- Decide and act faster than the attacker.
- Shape the attacker’s experience.
Fortinet will discuss secure SD-WAN and the need to protect branch connectivity, building Zero-Trust network access, and the latest innovations in AI-driven security operations, and dynamic cloud security. Ken Xie, Fortinet’s founder, chairman, and CEO will deliver a keynote “On the Edge of Something Big: Security’s Next Frontier,” on Thursday, February 27. For more information on presentations and activities, please visit the blog post Fortinet at RSA 2020: Building the Secure Network of Tomorrow.
McAfee has extensive presentations planned, including a keynote, “Obvious and Not-So Obvious Lessons Learned on the Path to Cloud-First IT,” on Monday, February 24. McAfee’s senior principal engineer and chief data scientist, Celeste Fralick, says that AI and humans have equally important roles in cybersecurity. “There are tasks that humans currently excel at that AI could potentially perform someday. But these tasks are ones that humans will always have a sizable edge in, or are things AI shouldn’t be trusted with.” For a schedule of presentations, please visit the blog post.
Palo Alto Networks has worked with tens of thousands of organizations to prevent cyberattacks. It will be showcasing its Security Operating Platform that combines the latest breakthroughs in security, automation, and analytics. Greg Day, vice president and CSO, EMEA at Palo Alto Networks, is on the committee that selects presentations for the conference. In his blog post, What the Cybersecurity Industry Needs to Discuss at the RSA Conference 2020, he outlines key topics that will be discussed – or should be – at this year’s conference:
- Fakes and deep fakes are the new buzzwords.
- Smartphones are being used in surveillance attacks.
- Ransomware is getting more sophisticated as companies pay out.
- Supply chain attacks are on the rise.
- DevOps speeds up software development but increases security risks.
- Emulation and decoy environments must be credible.
- Cloud incident response requires new tools and skills for in-house security teams.
- Artificial intelligence and machine learning.
- Hardware and firmware attacks are back.
- Power users need protection.
- The security industry is finally taking action on DNS spoofing.
PKI Solutions will be crypto adventuring throughout RSAC. Mark Cooper, president and founder of PKI Solutions, aka The PKI Guy, will be presenting “Quantum Preparedness: Take Action Now Before the Crypto Sky Falls” and “The Secrets to Secret Management” in partner booths. Read the blog post, The PKI Guy’s Next Crypto Adventure, for details. You can participate in the RSAC 2020 contest, “Name The PKI Guy’s Next Adventure Contest and Win!” whether you are attending in person, or in spirit. Simply fill in the blank, “The PKI Guy and ________” and submit to [email protected] and post on social media and tag #ThePKIGuyAdventure for your chance to win two complimentary online PKI courses taught by The PKI Guy himself. Contest details are available here: https://www.pkisolutions.com/the-pki-guys-next-crypto-adventure/
Splunk will be showing its Security Operations Suite (SOC) that can spot fraudsters, malicious insiders, and APTs with machine learning-based detection. The company will be showcasing a variety of use cases through demos and theatre presentations; for a full list, please visit the blog post: Security is Everything at RSAC 2020. Splunk will be presenting “Modernizing the Security Operations Center: A Security Leader Panel.” For a complete listing of presentations and activities, please visit: https://www.splunk.com/en_us/about-us/events/rsa.html
Zscaler believes the perimeter has expanded and that security teams must now look at ways to provide secure access to apps across hybrid environments — and ensure that data remains protected as they do so — without getting in the way of transformation and without introducing risk. Read the blog post, “Zscaler at RSA: They Can’t Attack What They Can’t See,” for more information.
Stay tuned for more news and updates next week!