Sunday, March 6, 2016

Debrief: RSA Security Conference 2016

RSA South Expo from Above
No matter what field of technology you’re in, it is likely you’ve heard the three letters ‘R’, ‘S’, and ‘A’ come up at some point in your career. And if you haven’t, just wait for it. I know when I first started as a wee infosec intern some 3 and a half years ago, the fabled RSA Security Conference was something of myth and legend in where vendors brought out the grandest of grand displays and where booth babes ran rampant trying to entice the standard IT Joe to buy their product.
Expo Pass, Acquired
Having finally been able to visit the Expo for a day, I can now say that description wasn’t far off.

Okay, so booth babes weren’t running ‘rampant’ by the time I got there (I could only visit on Thursday), and there weren’t really ‘booth babes’ to begin with. They just really, really, really wanted to scan your badge if you got within a few feet of their location. Which is whatever, that’s their job, you can’t blame them. But I had hoped people would be more eager to discuss their product first. In fact, when I challenge anyone who asked to tell me first what they were selling which caught most everyone off guard, much to my own surprise.

But let’s talk about the booths themselves.

Great booth set up
complete with speaker area
This was my first big gig, wow-the-crowd, security vendor expo but the extravagance of some of the booths were pretty impressive. Many of them had their own speakers to talk about the next threats or the upcoming tech. One even had Rami Malek from Mr. Robot show up for an interview (which I missed, much to my dismay), but I think my favorite was the AlienVault booth with a prop cow suspended above their display. I was a little disappointed at the swag, however, which seemed to either be out by the time I made it there or just lacking in general.


The AlienVault
Expo Booth
Something I noticed was that this was a conference very much on the ‘blue team’, defend the network at all costs side of security which wasn’t exactly aligned with my ‘red team’ interests but it was a good way to get an idea of what I might encounter in the field. Technologies being propositioned were for the valiant defenders of internal networks that ranges from bleeding-edge IDS/IPS systems to solutions that ‘secure the cloud’ (whatever that means). I noticed a distinct repetition of what we’ll call ‘behavior analysis’ technologies that you could slap on existing products like Snort or Splunk in order to try to detect malicious activity through heuristics. And of course, let’s not forget the word ‘Cyber’ because it was plastered everywhere (now drink).


MalwareBytes'
booth hero
As I wandered the seemingly endless aisles of the Expo, I was able to strike up a conversation with a few people who wanted to talk to me about their product. Much of this seemed rehearsed (I’m sure it had been burned into their brain by the day I arrived) but I managed to get a few to just talk in real terms about their tech once they realized I, in fact, could understand what they were trying to do with their product. Another thing about the products was that, as far as I observed, most were meant to be installed as another layer of defense on an existing network. Which is great and necessary but seemed limiting with nothing really ‘standing out’. Though, if the guys at Peach Fuzzer are being real, I look forward to checking out the consultant version of their product.


Red Team walkthrough
All-in-all, I’d go back to the RSA Security Conference but I’d do it differently. First all, I’d lose the collared shirt and slacks (which made me feel like I was viewed as just another sales lady) in favor for something a little more lax, like my DEFCON t-shirt and/or jeans. Additionally, I’d try to pick up a badge to access the entire conference not just the Expo. It’s expensive, sure, but it certainly seemed like there’s some valuable knowledge to be shared. If vendors could get their engineers and techs out in front of people (I realize that could be scary), that’d be neat too. I promise, some of us like to hear about the product versus all those buzzwords. And I’d like to see more ‘Red Team’ out there but I get it, that’s not the target audience. 

Have a different experience at RSA? Work a booth or speak? I’d like to hear about it!

No comments:

Post a Comment