Websense Security Labs at Infosec2012
Last week, Websense® Security Labs™ team members attended the Infosec2012 conference at Earls Court in London. It was quite busy and exciting for us, as we assisted Sales Engineers and Sales teams to work with customers at the Websense booth. We also attended workshops and chapter meetings for (ISC)2 (International Information Systems Security Certification Consortium) and ISACA (Information Systems Audit and Control Association).
The Infosec conference presents high-level security information, such as security product demonstrations, rather than technical talks on topics like exploits and vulnerabilities. So we expected to hear presentations and general discussions about enterprise security and issues of concern to our customers.
Topics receiving the most attention at Infosec were: Mobile Security (MDM and BYOD), Big Data, APT (advanced persistent threat) and AET (advanced evasion technique), and SIEM (security information and event management).
Some vendors presented anti-DDOS (distributed denial of service) solutions, hardware destruction options, and network mapping tools.
Several booths were represented by universities and information security certification organizations like (ISC)2 and ISACA.
Mobile security is a hot topic at the moment. Most everyone in the private and public sectors is about to or has already implemented MDM (mobile device management) or other mobile security solutions. However, the main concern is not with the individual devices but with enterprise data protection. Companies are concerned about the BYOD (bring your own device) trend, so when employees access a company’s data with their own phones or tablets, the company can protect its sensitive data. It is important to remember that these mobile devices are also entertainment devices that employees may share with friends and family members. Some conference talks included discussions of data separation, so that when a device needs to be wiped, personal data is retained while company data is secured.
APT and AET were also popular topics at the conference. The IT professionals' primary concerns were related to the response from security vendors in the event of a data breach or a sensitive data/information leakage due to APTs and AETs. Companies are aware of the potential risks of these types of threats, but in many cases companies may not have a good idea of the details of an attack. Follow-up contact and in-depth analysis by security vendors is needed. Using a detailed analysis of an attack from a security vendor, a company can protect against future threats by taking a layered approach to secure its assets and vital information. As a result, companies will have more trust in security vendors.
Email messages are still a main entry point for APT attacks, especially those using social engineering tactics and phishing attacks that target specific companies.
Some APT attacks are done with well-known penetration testing tools. Deploying protection against those tools can prevent these types of attacks.
Conference attendees also expressed interest in what was defined as a “security intelligence network,” which would permit close cooperation among vendors to forecast, prevent, and track various types of attacks.
Most conference booths had sales engineers, sales people, and marketing personnel to generate leads. However, a few participants (like Websense) included their security lab professionals. Some talks presented at the booths included demonstrations of how URLs can be injected, deobfuscation of JavaScript, penetration testing, what’s behind credential-stealing trojans, and the analysis and display of parts of exploit kits.
Thanks to the Infosec2012 organizers for a great conference in a great place!
Websense Security Labs will continue its focus on security threat research and defense technology innovations.
The following researchers attended Infosec2012 and provided feedback for this blog: Amon Sanniez, Tamas Rudnai, Artem Gololobov, Gianluca Giuliani. Be sure to follow us at WebsenseSecurityLabs!
