Today I sat thru multiple interesting sessions, and one really bad one. Okay, that’s wasn’t fair, it wasn’t bad, it was just badly presented and managed. And one of the sessions I sat in was boring, until the Q&A period, at which point a full press attack occurred. I then spent the afternoon walking the show floor and talking to interesting sercurity vendors. So let’s talk about the breakout sessions first.
1) Managing supply chain security as presented by the CSO of Huawei US was a very dry, but informative presentation of how they manage the full supply chain from a security perspective. What were the processes they were implementing in order to improve security from their suppliers, and how were they responding to security audits, etc. from their customers. Overall the session was informative, but not very exciting – Unilt the Q&A. At this point two different people questioned the speaker on the Chinese government’s policy related to geographic and localization security concerns. Net-net was a position of state security over corporate security. While I think this is an important discussion that needs to be had in a public forum, the CSO of Huawei US could only respond by pointing to a comment of the CSO of Huaewei global (based in China). This confortational discussion by the questioner could not be resolved in this dicussion, and I felt the speaker did a good job of keeping his cool.
2) Insurance and assurance, as it related to security was the second session I sat in. The presentation was led by a professor and an industriy person. This did a good job of describing how the insurance industry, corporations, and government need to work together to address this. I was a bit dismayed by the obvious political bent to the one industry speaker, but felt the content was very helpful.
3) The final presentation was with a speaker from HP – discussing their POC efforts in helping a hunt team to address cyber vunerabilites in HP. At first I was very excited for this talk. The charts looked great, and the visualization aspect for advance threat analysis was promsing. However, the speaker began with a disclamier that the 18 Billion records (roughly 1 week of data) that the did against their production environment, was replaced for this talk with synthetic data. At this point 10% of the room left. Next his dry talking to the chart caused another 10-20% of the people to leave before he got to the questions slide. He did a wrap up that implied he was not going to questions. A mad exodus occurred before he finally got the room under control and indicated he would open the floor for questions. with less than 10% of the room left, we finally got to metrics on how the data was captured and processed. While much of this was a commercial for an HP product, we learned that they forked the data in production and were able to start doing detailed threat analysis withing hours of data capture. Changing from weeks to hours would have a very positive impact on reducting the problems of cyber attacks.
The afternoon I spent talking with the IBM, HP, Microsoft, Infineon, Intel, Akami, Fireeye, and RSA booths. I was particularly amazed by the way FireEye processes information. By decompiling unknown executables and basically dynamically testing them in VM’s they are able to identify malicious code in an environment. Really cool.