The RSA 2020 conference ended just as the COVID 19 pandemic began. Indeed, people at the event were concerned that they were going to be taking virus home with them. Luckily, with a few exceptions, the thousands of people who attended remained safe. A major life disruption ensued, however, for me and many others. For this reason, I am only now just completing the write-ups of various interviews I had at the show. Here is the final news roundup from RSA 2020:
Tessian: Researching Issues and Opportunities for Women in Cybersecurity
Tessian, the UK-based email security provider, published an in-depth report on the issues confronting women working in the cybersecurity field, along with potential opportunities for this under-served group. The report, based on a survey of hundreds of women in the field, found a gender bias, with 66% of those surveyed saying bias was an issue. The study also found that a gender-balanced workforce would encourage more women to participate in cybersecurity. Currently, only about one in four cybersecurity employees are women. Female cybersecurity professionals surveyed said that creativity and collaboration were among the top skills needed to thrive in the industry, along with technical skills and analytical thinking abilities.
LogMeIn: Simplifying identity management for small-to-midsized businesses
LogMeIn, which acquired LastPass in 2015, is now offering LastPass for Business. Intended mainly for small-to-midsized businesses (SMBs), LastPass for Business provides a way for smaller organizations to manage access and identity. These firms generally lack a dedicated identity management person and may have trouble supporting a Single Sign On (SSO) solution. LastPass for Business enables SMBs to unify access and authentication using SAML, OAuth and MFA.
BugCrowd: Becoming the “match.com for hackers”
With the notion that connecting white hat hackers with projects is a bit like romance, BugCrowd has rolled out a feature that makes the site into what CEO Casey Ellis calls “Match.com for hackers.” The matching is based on past project success and profile attributes like preferred programming languages. The match can be done in public or private. The service also announced new reporting capabilities at RSA.
Circadence: Automating the cyber range
Circadence makes “cyber ranges,” which are advanced simulations of cyber defense situations. The company and its key people come out of the military, which has long had “gunnery ranges” that facilitated the training of soldiers and pilots in the use of combat weapons. Cyberspace presents comparable training challenges, with practitioners needing to learn how to defend digital assets from attackers in realistic scenarios. The difficulty with cyber ranges, however, has been the time-consuming, manual set up process for different training requirements. Circadence has automated much of the range setup, operation and reporting processes to speed up cyber defense training.
Bastille: Securing 5G
Bastille provides a software-defined radio solution that listens for radio signals and detects the presence of unwanted or threatening activity. The company is finding traction in many areas, including the emerging need to secure 5G environments, where thousands or even millions of radio emitting devices can be interacting at the same time. Bastille is able to parse obscure protocols and determine the source and MAC addresses of suspicious hardware. With attackers hiding in unexpected places, like data center air conditioning controllers, Bastille offers a strong countermeasure for threats affecting network ingress and egress points.
BitDefender: Adapting to anti-virus for the needs of SMBs
BitDefender is adapting its anti-virus software to the distinctive needs of SMBs. Smaller businesses are not usually set up to execute the full range of endpoint protection practices. With new BitDefender offerings, a single-person security operation can now implement an anti-virus solution that includes threat detection, email security, cloud security and patch management. The company’s focus is on ease of use and efficiency for security teams with limited resources.
NCSA: Bridging the cybersecurity gap between government and the private sector
The National Cyber Security Alliance (NCSA) aims to build strong public-private partnerships for the purpose of producing broad-reaching education and awareness efforts regarding cybersecurity and privacy. They sponsor Data Privacy Day (January 28) and various other programs and events. One new initiative is the “Keep My Business Secure” project, which is primarily meant for SMBs. With the goal of helping SMBs do better with cybersecurity, NSCA publishes resources for threat detection practices, incident response and recovery and more.
Unisys: Speeding up isolation and remediation
Unisys released version 5.0 of its Stealth® Software at RSA. The new edition extends protection to container and Kubernetes environments while also supporting cloud workloads. Most importantly, though, version 5.0 speeds up Stealth’s ability to detect and respond to attacks. With Stealth, a SecOps team can stop a malware attack in less than a minute—without anyone having to do very much. Similarly, Stealth can detect and isolate data exfiltration attempts by malicious actors in seconds.
OPAQ: Building the Secure Access Service Edge (SASE) to keep remote workers safe
OPAQ, a Fortinet company, is offering a cloud secure access service edge (SASE) that helps companies keep remote workers secure. This is of particular importance during the pandemic, when so many people are working outside of the corporate network. Remote work exposes numerous gaps in security, as employees connect to networks and digital resources over public networks—often on personal devices. OPAQ SASE creates a single, secure “hop” between a remote worker and the corporate network. It solves the problem of relying too much on costly and inefficient VPNs for this process. The technology also provides a centralized monitoring, reporting and policy enforcement interface to track security for remote employees.
That’s the final report on RSA 2020. Now, it’s on to Black Hat.