The following summaries highlight a few of the key topics at this year’s RSA Conference 2012 security event, which took place in San Francisco last week. Full articles and coverage is available at SearchSecurity.com, another member of the TechTarget group.
Security for Mobile Applications Starts at Home, Says Expert
Mobile applications developers should take more care in designing in safeguards that protect back-end systems and eliminate unnecessary permissions create security weaknesses.
Many mobile applications include ‘shoddy coding practices’ and unnecessary permissions that present opportunities for hackers looking to channel attacks through mobile devices and into back-end support systems, noted Jacob West, director of software security research for the Enterprise Security Products division at Hewlett-Packard. West was speaking last week at the RSA Conference 2012 security gathering held in San Francisco.
Secure mobile applications development is becoming more critical as applications are designed to interact more persistently with remote systems and resources, he said. This presents an increased risk for such threats as SQL injections if preventive measures are not built into mobile apps from the very beginning.
More on mobile applications development risks at SearchSecurity.com
Hacking Offense May Be the Best Defense to Minimize Threats
The best defense against hacking and cyber-attacks may be a strong offense, said security experts speaking last week at the RSA security conference in San Francisco. There are technical solutions that can be used to thwart illegal access and penetration attempts, or at least make it tougher for hackers to crack into corporate IT networks. These solutions can also be used to gather information about the attacks, and softly hack back.
“Hacking back is bad, but we want to flip hacking back on its head,” said Paul Asadoorian, product evangelist with Tenable Network Systems.
More on hack back solutions at SearchSecurity.com
Current Security Procedures Hampered by Chasing ‘Meaningless’ Events
Corporate security teams spend too much time sifting through data related to unauthorized IT system entries , and as a result they may be at risk for more hack attacks and security breaches.
What is needed are mechanisms to quickly sift and sort through events and possible hacker incidents to help predict the next attack, said Arthur Coviello ,executive vice president of RSA, the security division of EMC, during his keynote address last week at RSA Conference 2012 held in San Francisco. A better approach is an infrastructure that analyzes security data and is enhanced by information sharing and cooperation within the security industry, he noted.
Coviello recommends that security teams adopt a big data model, including data sets from external sources and “stop wasting time tracking meaningless events.”
More on new approaches to hack prevention at SearchSecurity.com