Earlier this month in San Francisco was the annual RSA Conference, drawing together 45,000 of our fellow colleagues to discuss, strategize, and implement solutions to make our (cyber)world more secure. Given Viakoo’s focus and innovation in IoT vulnerability remediation and cyber hygiene it was a great conference for us, and I wanted to share (in no particular order) some of my observations across the 4 day event:
- RSAC remains an IT Security conference at heart, even though cyber threats are not strictly IT anymore. IoT/OT security was acknowledged but not a focus for both the education sessions and exhibits. A keynote panel on emerging threats was enlightening because it highlighted all the new ways threat actors are getting at us; but like many such discussions mainly focused on new methods of delivering older exploits to accomplish mainly traditional goals (identity theft, business email compromise, data exfiltration, etc). Hoping in the future RSAC will go deeper on the new forms of IoT/OT attacks, and solutions to remediate them.
- Convergence between physical and cybersecurity: having come from a large physical security conference in March (ISC West) with well-attended sessions on firmware updating/patching for vulnerability remediation and certificate management for extending zero trust to IoT devices, I had an eye out to see if there was reciprocal interest at RSAC. There was definitely awareness and knowledge in discussions with attendees on how intertwined physical and cyber security have become, but less activity in the exhibits; just like how cyber vendors were not very visible at ISC West, you had to hunt to find physical security oriented companies in the RSAC exhibit halls.
- The “IoT Sandbox” just didn’t deliver on the gravity of the situation: kudos to RSA for having one of the innovation Sandbox areas dedicated to IoT Security, but a big miss in terms of the content shown there. While it is cute to see a hacked toilet (see pic below), it also reinforces the perception that IoT devices are not serious threats when they are increasingly becoming life safety threats because of their cyber exposure. Maybe next year rename it the “Internet of Deadly Things” Sandbox?
- Streamline and Simplify: Security teams continue to be under-resourced and overloaded, and need solutions that automate and reduce the complexity of performing vulnerability remediation. This validates Viakoo’s approach of partnering closely with existing solutions (especially agentless asset discovery and threat assessment solutions) so that those systems become more useful and central in quickly remediating vulnerabilities. Whether you call it a cybersecurity mesh architecture, a composable security environment, or hyperautomation (all terms I came across at RSAC), making solutions easier to integrate without much effort by the end user is the direction needed to make organizations more cyber secure.
- Bookstore gets a tip-of-the-hat: If you’re at RSAC next year, take a few minutes and check out the onsite bookstore. Most significant was the large selection of IoT security books on display; I came away with a couple of great additions to my knowledgebase and bookshelf. Not to mention a list of authors to now follow in the IoT security space – hopefully will see them presenting at RSAC in the future and not just in the bookstore!