At the end of February, the RSA Conference 2020 attracted 36,000 participants, 704 speakers, and 658 exhibitors to the Moscone Center in San Francisco. The theme of this year's RSA Conference was the "Human Element". Every year, new security technologies are emerging, new strategies are being employed, and new attack and defense techniques are being developed. Still, there is only one thing that does not change: us, the Human Element within cybersecurity.
In this blog post, we highlight five noteworthy themes from the RSA Conference 2020.
1. Cybersecurity Visibility Gaps
Russell Eubanks, CIO, and CISO at the Federal Reserve Bank of Atlanta discussed cybersecurity visibility gaps that every successful CISO has to face and actionable steps to fill these gaps. Eubanks also paired each gap with critical questions to help the successful CISO evaluate their level of visibility.
According to Eubank, the first visibility gap is "your compliance requirements". He emphasized that we could have a better level of security by going beyond the compliance requirements. Instead of just taking minimal cybersecurity measures to be compliant, he suggested considering compliance as an opportunity and doing more for cybersecurity.
"Your security tools" is the second visibility gap every CISO must fill. The first critical question about this gap is:
"Are your security agents providing their intended value?"
It is indeed a question that all CISOs have in mind. Most of the organizations have limited capabilities to assess the effectiveness of their security controls.
The third visibility gap Eubank mentioned is "your strategic plan". He posed these critical questions:
"Do you do have a Strategic Plan? If yes, are you on track today? Prove it!"
He mentioned that there is not even a strategic plan in many organizations. Even if they have a strategic plan, It is challenging to track daily.
These visibility gaps that Eubanks highlights, the top three, are the reasons why we founded Picus. When we foresaw these gaps 7 years ago, we pioneered the emergence of novel security technology: "continuous security validation." Picus provides CISOs with the required visibility to learn how security tools perform against live and dynamic cyber threats. Moreover, we enable CISOs to keep track of how daily cybersecurity operations in organizations have had an impact on cyber resilience, and we help them to make strategic plans by prioritizing risks.
2. Cybersecurity Frameworks
The most trending framework at RSAC 2020 was the MITRE ATT&CK framework that was discussed in several sessions. The "MITRE ATT&CK: The Sequel" session provided hands-on experience in identifying adversaries’ objectives and behavior, and designing and validating critical controls by using the framework. Threat detection with Sigma rules was also shown in the session.
3. Industrial Control System (ICS) Security
ICS security was another trending topic at RSAC 2020. Robert Lee, CEO, Dragos, presented "The Industrial Cyberthreat Landscape: 2019 Year in Review". In this keynote, Lee discussed new vulnerabilities, threats, and adversaries with the annual Dragos Year in Review report. He also shared the lessons learned from specific incident response cases.
ICS was also mentioned as one of the top three priorities for the US Cybersecurity and Infrastructure Security Agency (CISA) by Christopher Krebs, director of CISA. Krebs also stated that ransomware is a "national crisis." "I think we're on the verge of a national crisis when it comes to ransomware," Krebs said.
4. Cloud-Native Threats
Cloud misconfigurations have become a further enterprise risk. Steve Grobman, CTO, McAfee, presented an attack that allowed unexpected use of cloud-native technologies to get a reverse shell into an instance of Amazon Web Services. He demonstrated how simple it is to exploit cloud misconfigurations.
Rich Mogull and Shawn Harris presented ten cloud kill attacks and prevention methods in the "Break the Top 10 Cloud Attack Killchains" session. According to their experiences, the most common cloud killchains are: credential exposure, exposed SSH/RDP/remote access, inadvertent exposure of database, object storage public data exposure (S3, Azure Blob), SSRF, cryptomining, network attack, compromised secrets (Instance/VM), novel cloud data exposure and exfiltration, and subdomain takeover. Therefore, most of these cloud attacks are related to data exposure caused by cloud misconfigurations.
5. The Cryptographers' Panel
The panel moderated by Zulfikar Ramzan, CTO of RSA, gathered the top cryptography experts, Whitfield Diffie, Ronald Rivest, Adi Shamir, Tal Rabin, and Arvind Narayanan. They discussed diverse topics, including privacy, blockchain, the integrity of elections, Crypto AG case, crypto wars, and artificial intelligence.
Explore RSAC 2020 Content
A single blog post simply cannot recapture the wealth of detail, insight and highlights from the event. To explore slides and recordings of the sessions held at RSAC follow the link here.