With new malware, phishing scams, and other hack attacks emerging all the time, this week’s RSA Conference will focus on new technologies — cloud-enabled and otherwise — for protecting Web sites, PCs, Macs, and mobile devices from harm.
As an initial taste of what’s in store, today’s pre-show activities in San Francisco include a morning-long session by the Cloud Security Alliance (CSA), followed by a five-hour Innovation Sandbox.
With more and more workers bringing in laptops, Macs, smartphones and tablets from home, BYOD (bring your own device) issues promise to be a unifying theme.
“Some corporate security security [people are] still trying to hold back the tide of BYOD but most have accepted that it’s inevitable and they will just have to put in frameworks to control [it],” noted Andrew Hay, an analyst at 451 Research, during an RSA conference call before the show.
‘The BYOD dam will break, no question’
“Resist how you may. The BYOD dam will break, no question. So how [do] you secure [employees’ devices] effectively [but] less intrusively?”
At the Innovation Sandbox today, for example, MokaFive will introduce a BYOD solution aimed at turning the corporate Microsoft Windows environment into a “securely managed app” for use on an Apple Mac, PC or mobile device.
Also at the show, IronKey will launch a new downloadable “virtualized workspace” which integrates network security and data loss prevention services for use with cloud as well as intranet and Citrix applications.
Other product introductions — and a lot of conference fare — will be oriented specifically to security on smartphones and tablets.
Mobile authentication, too
“Mobility was by far the number one topic submitted for sessions. So mobile security issues and sessions are sprinkled through the agenda and across the tracks,” according to 451’s Hay.
Some companies will talk up new technologies for mobile authentication. Yubico, for instance, will introduce a new mobile authentication offering enabled for NFC. TextPower will show an SMS-based authentication method.
Web site protection will also get a lot of attention. According to new survey results from Commtouch and StopBadware to be discussed at the show, 36 percent of Webmasters aren’t even sure how their Web sites have been used after an attack. However, 25 percent said that their Web sites have been used been to host or distribute malware, and 16 percent mentioned redirection of traffic to another site. Smaller numbers pinpointed misuse of their sites as spam pages or phishing pages.
“Phishing e-mails are becoming more ‘boring’ and therefore [more] plausible these days. [It’s] harder to differentiate phishing [e-mail] from regular [e-mail],” observed Pete Lindstrom, an analyst at Spire Security, also during the RSA’s pre-show conference call.
Security takes more steps into the clouds
Meanwhile, security vendors will continue to move more solutions for Web site protection into the clouds. For example, Prolexic will introduced PLXconnect, a new direct connection through a private cloud to Prolexic-operated “data scrubbing” centers, for use in dealing with DDOS (distributed denial of service) attacks against Web sites.
Digital Defense, Inc. will roll out Frontline Solutions Platform (FSP) Release 5.0, an updated edition of its cloud-based security risk analysis offering.
The new release will include a new dashboard with “Cloud Community Remediation Program Scoring,” a system that will use “workplace gaming principles” to “incent engagement” and increase security awareness among IT staff at businesses.