On Thursday, RSA really starts to fall apart.  Everybody is tired, angry, and sick of the Chinese food from Cybereason’s truck.  The booth workers get aggressive, the keynotes get salesy, and everywhere you turn there is another breach horror story. But alas, once more unto the breach.

Buzzwords

It would not be an RSA Conference without buzzwords.

Rising Boats:  As in rising tides lift all boats.  This is an attempt to act gracious at the gobs of cash made off selling appliances companies do not need.

Intelligence: A green checkmark icon on a dashboard full of eyecandy.

Hunt: To go looking for attackers and then ignore it because your boss is too busy buying another appliance to help you hunt for more data to ignore.

Privacy: Something we willing give to Google, Apple, Microsoft, and Facebook but not those nasty people at the FBI.

SIEM:  Nerve gas has higher opinion ratings than this technology.

Big Data: Never heard of it.

Deception: A new way to track attackers using well-known vulnerabilities that are easy to exploit, more commonly referred to as the Java Runtime Environment.

BreachOnce more unto the breach, dear friends, once more; Or close the wall up with our English dead. In peace there’s nothing so becomes a man as modest stillness and humility: But when the blast of war blows in our ears, then imitate the action of the tiger; Stiffen the sinews, summon up the blood, disguise fair nature with hard-favour’d rage; then lend the eye a terrible aspect.  (Shakespeare, Henry V)

Norse: An exciting new cybersecurity company that specializes in branding lanyards.

Dark web: The place where hackers hunt for rising boats.

Apple: A giant, glossy white building, filled with trim, attractive people who smile, nod, and refuse to open the back door to let the government in.

Operationalize:  A process where SIEM alerts are turned into work for the desktop support team.

Exfiltrate: Gimmedat!

Automation: Making our networks, systems, and applications automatically react to threats with coordinated, targeted, and specific blame.

Complexity: Something that keeps us sacks of meat busy until we die.

Context: The process of organizing alerts into categories like “ignore” “avoid” and “submit resume to Cylance”

IoT:  The Internet of Things, collection of small, Internet enabled devices which will someday link together and rise up to eradicate life on earth.

Dell: The first rule of RSA, is you do not talk about Dell.  The second rule of RSA is you do not talk about Dell…unless you’re Amit Yoran.

Identity-Based Security: A new technology that monitors your on-line actions closely to see if you suddenly become somebody else.

Predictive Security Analytics: A powerful new technology that can see the future; knock out Biff Tannen.

Machine Learning: Allowing machines to tell us how stupid we are.

Behavioral Analytics: A sophisticated and emerging domain of security that leverages the power of big data, machine-learning, and threat intelligence to document an employee’s detailed tastes in furry pornography.

I think the mention of furry pornography may well be the lowest intellectual point in the history of the Anitian blog.  Let’s move along then, shall we?

On the Expo Floor

The RSA Expo floor was massive, noisy, and crowded as usual.  There are so many new companies its impossible to keep track of all of them.  What was most disturbing was how similar many of them sounded. Let’s wander around and take a look.

  • The cool color for this year is green. Blue and orange are out, unless you are OpenDNS. Also, purple is for RSA materials only.
  • Logrhythm has taken the eyecandy to 11. I like their SIEM product, but the eyecandy is a turn off.
  • Tenable had a very fun 80’s video game theme. Tenable’s vulnerability management platform is a cool (now).
  • Everybody, and I mean every single company on the floor has a dashboard with a circle graph. Whoever is in the circle-graphing business, is making fat stacks of benjies.Circle Graph
  • Synercom had a man cave booth that was capturing a lot of attention. I have no idea what they do, but I like the man cave.
  • Speaking of crowds, it was mayhem at the Cylance I am really happy to see Cylance taking off.  I remember when they were just a website with green letters.
  • Is there significance to the fact that FBI was right next to Cylance? The faces in the FBI booth were very sour. Last year everybody sneered at Huawei, this year its the FBI. The message here is: think global, sneer local.
  • When Websense renamed to ForcePoint, I thought the name sounded painful. However, their booth was awesome. They took the green motif all the way.
  • Okta and their awesome identity management solution was in a tiny booth in the badlands of Moscone last year. This year they had a booth the size of Connecticut.  They must be doing well (or have an “in” with the booth people at RSA.)  Eh, it was a cool booth that looked like the interior of the Enterprise, NCC 1701, no bloody A, B, C, or D.
  • ThreatStream, one of the many threat intelligence companies, has rebranded to Anomali, because when I think of threat intelligence, I think of…actually, no I don’t think of the word Anomali. It sounds like a drug you take to make something stop growing. Anomali will stop unwanted growth in areas you don’t like it.  Anomali is not for pregnant women or women who like the idea of being pregnant.
  • Blue Vector has cyberguns. Maybe they can shoot the VMware images? Could not gleen a product or purpose in the time I spent starting at their booth.
  • ZeroFox had a guy in a fox suit….see, furries. They’re everywhere.  They are as bad as bronies…okay, nothing is as bad as bronies.
  • Threat Track went all in on the Game of Thrones motif. Do you really want your technology associated with people who specialize in rape and murder? Love to kill people with an axe? We have a threat intelligence product for you! 
  • Trend Micro is cool again. Oh wait, they bought Tipping Point from HP, forget it.  Seriously, the airplane themed booth was quite creative.
  • Speaking of HP, they rebranded. What exactly do they do now? I mean besides generate bad press?
  • Symantec was sure looking confident. That giant spinning video wall was mesmerizing. I think they are hypnotizing people … have I told you how much I love Symantec Endpoint Protection.  It’s the best endpoint product ever made in the entire history of the entire universe. Buy more Symantec.  Obey.
  • I could not walk past the Intel Security booth fast enough. No, no, no – don’t touch me.  I don’t want those McAfee cooties on me.
  • Splunk had two booths? You’re just showing off now.
  • I wandered around the Dell Security booth for a bit. I noticed one of the guys in the booth was filling out a job application.  I think that speaks for itself.  No snarky commentary necessary.
  • The Fortinet FortiTruck was FortiFantastic as FortiAlways. Poor Fortinet never gets any respect.
  • The IBM booth was creepy with those green bubble things. It looked like snot.
  • Webroot is still in business? I think their entire office was in their giant green booth.
  • Tripwire’s booth was busy. All this scrawled cartoonish graphics.  Did not work for me. They seem to be making another run with their SIEM product.
  • Titus people were all wearing these goofy pants. It was strangely effective.
  • WatchGuard had a pleasant, if lightly attended booth. I think its time to stop making fun of them.
  • On the other hand, would somebody please buy Juniper so we can stop watching them flop around like a dying fish on a slick boat deck.
  • FireEye and Mandiant were very subdued this year. Probably for the best.
  • The samurai costumes at WebRay were awesome. They were right next to Titus, with the goofy pants.  It made for lots of visual excitement.
  • Damballa which makes a awesome malware detection tool has a new logo, and it looks like the old AT&T logo. Your malware, delivered.
  • Ugh, Rapid7 guy is coming over to talk to me. Deep breath, be nice, don’t let on that we didn’t renew our licenses.

Keynotes

The keynotes this afternoon were good.  The privacy panel, moderated by Art Coviello was surprisingly lively considering all the people on the panel agreed with each other.  The star of the panel was Mike McConnell, the former Director of the NSA during the Clinton administration.  For an aging spy, this guy was a hoot.  He cracked jokes about Nixon and Kissinger.  He livened up the whole discussion.

VMware managed to flip all the conventional wisdom of RSA keynotes on their head.  First, they a hacking demo, which is a huge no-no. But it worked, quite well. It also showed off a new aspect of their product.  Then he moved on to a blatant sales pitch, which is also a massive no-no. But it too worked.  Lastly, they got extremely technical, which is also not something RSA keynotes are supposed to do. But, again, it worked.  I actually felt smarter at the end of the keynote.

VMware is one of those non-security vendors who is so fundamental in the industry, they can kind of do whatever they want.  Microsoft is kind of the same way.  They can side step the conventional wisdom at will.

The last keynote was a discussion on the CSI: Cyber TV show. It was stupid. I left.

Conclusion

Last night, I wrote that we needed to get mad as hell and refuse to accept it any longer. Today, I see that we not only need to get mad, we need to stay true to our values.  The panel on encryption and privacy clarified that point.  We cannot give in to fear. That is easy.  As security professionals, we need to stand by what we believe.  However, I am not sure bursting into the board room and yelling at the board they must atone is great advice.

Go forth unto the breach, cry havoc, and let slip the dogs of war (another Shakespeare mashup.)

Share This