Monday, July 30, 2012

Security Conference in Honolulu, July 26,2012

Thursday, July 26, 2012
Waikiki Beach Marriott Resort &  Spa                                                                                                                       
2552 Kalakaua Avenue, Oahu                                                                                                                      
Honolulu, Hawaii 96815 USA

Security of every kind of device from hand-held to Cloud was discussed at this one day conference in Honolulu hosted by Data Connectors. There were 8, approximately one-hour sessions from 8:15 to 16:15.
Here is a A-Z list of companies that participated and or talked about their products:
• ANUE Systems
• Aruba
• Beyond Security
• Bit 9
• Core Security- Thinking ahead
• Cyber-Ark -Security that empowers people
• Damballa –
• Fortinet
• Hawaiian Telecom
• Infoblox
• ISD Security
• LanDesk
• Paloalto Networks-The network security company
• Radware
• Refrentia
• Sophos- Simply Secure
• Secure Technology Hawaii
• Trend Micro
• Varonis-All about the Data
• WatchGuard
I managed to speak to couple of the vendors to get into the mood of security and it was interesting.
The talks were interesting too.  As always some were good and some were mediocre.
WatchGuard presented ' Virtualization -Securing the Future ', the ins and outs of virtualization and how to secure virtualized environments. Virtualization is very attractive but presents its own set of challenges when it comes to security. Their XTM cornerstone, the Application Proxy probes the packet and checks the IP Header and the Protocol (TCP/UDP) and on finding a match digs in deeper the contents and works at the Application Layer. They claim that this is the key that other technologies miss. They seem to have Systems Manager Interface; a web interface and of course a command line interface to administer their product.
Aruba Networks presented ' Enabling secure BYOD over any network '. You heard it right, it was not BYOB! This was about onboarding and management of users of mobile devices in the context of an enterprise. This makes it possible to tell your employee, 'Bring your own device', we are not scared. Their product is better than existing products that target a single device. Their slogan is any device, any network, and any endpoint using their Aruba ClearPass.
Paloalto made presentation ' Breaking the Lifecycle of the Modern Threat ' on the threat landscape- what to expect and how to get yourself protected.

Bit9 (2002 company) spoke on ' Protection against Spear Phishing and the Modern Threats '. They listed out all the notable 2011 security breaches from Honda to ADP which included a bunch of high profile organizations like NASDAQ, Sony, Google, Citigroup etc. Threat comes in many shapes and forms. Hidden executables; Vulnerabilities; and portable storage devices. The human elements creating threats vary from mere criminal enterprises to Nation-states. Just imagine the kind of resources they can muster! I saw this graph in the presentation which was interesting- the peak in advanced threat appears to occur from about lunch time to evening six in Beijing!  Social engineering has brought in anti-social (anti-internet!) elements and social networking is another vector in this criminal operations. Solution is to use trusted software, detect the threat with real time sensor and stop the threat by controlling the application, follow it up measuring and monitoring risk and compliance with deep analytics.  Bit9 Global software Registry provides security to all the different items: Domain controllers, web Servers, Application Servers, Virtual Servers and a whole lot of others.

Fortinet and Hawaii Telecom made a joint presentation ' Delivering World-class UTM Solutions across Hawaiian Telecom '. Keep it simple was one of the items discussed. Increasing complexity of security solutions was 40% of the top challenges faced by the respondents who dealt with security. Fortinet seems to be in a good position with 18% of Market share in 2011 Q3. They are at the top-right of the Gartner's magic quadrant for Unified Threat Management.  Their slide on how their solution compares with traditional solutions which are cumbersome and costly was interesting. The core of it is the FortiOS, a security hardened OS that powers all FortiGate multi-threat security systems. The companies and organizations taking up Fortinet filled up the whole page of a slide. I especially liked the presentation by their Hawaiian presenter. It was a neat presentation.

ISD Security/SOPHOS: ‘ The security threat landscape, What's at risk and how to get the best protection ' was presented by Sophos evangelist, Arnie Almeida. It was interesting to hear that Social engineering, is a primary method of attack. I quote, ' Cyber criminals know what motivates people  (money, sex, gossip, etc.) and exploit these themes to infect computers and steal information '. I wonder why Arnie left out vanity and Narcissism!! The consequence of data loss is enormous. I was also under the impression that Windows was the most targeted OS but the Android leads the pack of threatened! Another interesting piece of info I learnt that 15% of all iPhone owners use very easy passwords like '0000' and '1234'. Sophos suggestion:  Use the following methods to secure, 'Encryption', 'encryption' and 'encryption'. Use encryption from desktop to the cloud including the USB Drives, CD/DVDs. Sophos is also a leader and figures in the Magic quadrant for end point protection. Their clientele list occupies a whole slide and its borders. Look for SophosLabs on the internet.

LanDesk software presented 'Managing the top 3 security challenges in a distributed environment'. The focus was on desktops on remote offices, these being more vulnerable than those in HQ. Virus attacks and installation of unauthorized software, downloads, etc. are more difficult to secure.

I did not see Symantec, McAfee and others.

No comments: Protection Status