« Falcon Shrugged: Debunking Myths of "PCI Shrugged" | Main | A Cloud Hangs Over the Expo »

RSA 2009: Monday 4/20 Notes

Greetings from unseasonably hot San Francisco! Monday was the last pre-RSA day, with 1-day workshops galore. Unfortunately, the press are barred from the workshops, so I attended minimetricon at Google. Talk about a good experience! Particular standouts were presentations from Jeremiah Grossman (real stats on web vulns and attacks) and a discussion of the Verizon Data Breach Incident Report with respect to PCI compliance. It turns out that about 19% of compliant companies get hacked, but in the end it looks like those companies are likely not compliant, either at the time of the attack, or in general. An interesting tidbit from Jeremiah was that XSS is quite prevalent and not frequently resolved, often because of a business need. I asked if the lack of resolution was due to laziness or a lack of viable alternatives and it turns out to be the latter (nice for a change). There simply aren't good alternatives for sites - particular Web 2.0 properties.

Back at RSA, I was able to check out the Innovation Sandbox. Overall, not sure how innovative stuff was (what do I know? AlertEnterprise won, and they do event log and security event management stuff for blended attacks). There were a couple interesting vendors: Yubico, makers of a USB auth token dealy that integrates with OpenID for strong auth on internet services; and BehavioSec, which was a typing behavior analysis program that ran real-time and would detect an intruder on the keyboard, blocking them, etc.

Beyond the Innovation Sandbox, I spent a bit touring the Expo, though didn't get nearly as far as I'd hope. I have scoped out some vendors for sit-down interviews later in the week, as well as have a bead on Bob Griffin at RSA to get the skinny on the new OASIS KMIP TC. I'll blog more about vendors as I interview them.

Post-Expo a bunch of us wandered over to Kate O'Briens for BaySec, which was a lot of fun, though I didn't socialize nearly enough. From BaySec we bounced to the Qualys reception, where I got to meet Anton's wonderful wife. The reception was a nice transition from the open-air pub of BaySec where it had to be in the 90s inside. Overall, it was a fun day, and it promises to be an even better week once the interviews start rolling - stay tuned! :)

TrackBack

TrackBack URL for this entry:
http://www.secureconsulting.net/MT/mt-tb.cgi/872

Post a comment

About

This page contains a single entry from the blog posted on April 21, 2009 5:39 AM.

The previous post in this blog was Falcon Shrugged: Debunking Myths of "PCI Shrugged".

The next post in this blog is A Cloud Hangs Over the Expo.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.