Report from RSA 2012: Mobility, Big Data, and Chinese Handbag Extortion
It’s the time of year for some of the tech industry’s biggest conferences—South by Southwest Interactive, Mobile World Congress, Launch, to name a few—but one notable expo didn’t stir up as much of a tweet storm as the others. That probably means it’s more important, in the grand scheme of things.
The RSA Conference in San Francisco, one of the world’s biggest cyber-security conferences, wrapped up at the beginning of this month. To hear what was new this year, I spoke with attendee Peter George, the CEO of Fidelis Security Systems, by phone. Fidelis, based in Waltham, MA, makes software to protect organizations against data breaches and help businesses catch bad guys within their networks.
Last year, George says, a security exec from the oil and gas industry relayed something to the effect of, “Half of us lie awake at night, and half don’t get it” when it comes to cyber threats. Now, George says, “everyone gets it. People recognize that the enemy is probably in your network. There is no perimeter anymore.” (You can read more from George in his blog post today.)
George says he heard a stat that more than 100 nations are currently involved in cyber espionage against the U.S., “trying to compromise our classified network.” That includes some 200,000 Chinese citizens “trying to hack into our networks,” he says (more on this below).
The key tech sectors being talked about at RSA were mobility (including how to secure data and networks when everyone’s bringing their own devices to work); cloud computing (a more mature sector but still evolving as big companies move their data and software online); and big data as a path to better analytics for security (the “biggest new buzz,” says George). On that last point, George says, “To deal with security issues, we need lots of different kinds of threat intelligence so you can make sense of things.”
One form of “threat intelligence” is the four or five specialists Fidelis has placed around the world to monitor cyber threats to customers in real-time, every 15 minutes. George describes them as “nocturnal animals with ponytails and sandals, off the grid.” Their goals—and George couldn’t say much more than this—include “writing [software] policies, pushing that to all our customers,” and “keeping the bad guys alive in your network and watching them so you can catch them.”
While it’s a very noisy time in security—lots of companies are cashing in on elevated threat levels—one anecdote gave me a clearer picture of what’s going on. George says his firm got a call from a handbag company saying they’d been hacked; knockoff purses with identical designs were coming to market before they’d been released by the company. The perpetrators were traced to a plant in China that was allegedly stealing the company’s design documents. After repeated inquiries, the perps said they would stop if the company would buy them a 2011 Cadillac Escalade. “Which they didn’t, of course,” George says. “They installed our technology.” (Presumably that solved the problem, at least for now.)
“It’s hard to prosecute, but it’s traceable,” he says.