Skip to main content
banner image
venafi logo

Overheard at RSA Conference 2020 [Encryption Digest 32]

Overheard at RSA Conference 2020 [Encryption Digest 32]

overheard at RSA 2020
February 28, 2020 | Scott Carter

Since only 42,000 of us were able to attend the world’s largest security show, I thought it would be good to share some of the buzz from the event with those who couldn’t attend. This year’s focus at the RSA Conference was on the human element. And as one security writer noted, “We spend so much time talking about automation in security (and other areas of IT) that it’s easy to forget about the critical role humans play in security, whether it’s their own or the security of their organization’s networks and data.” 

I would add that as machines continue to outpace humans in corporate environments, it’s also critical that we don’t neglect protecting the machine element. And in a world where the network perimeter has largely evaporated, we need to prioritize managing the identities of the machines that we are connecting to or communicating with. Along those lines, here are some interesting tidbits that my colleagues and I overheard on the RSA show floor. 


Threat Talk

“The bad guys aren’t hacking in, they are logging in.”

“Twitter is one big repository for samples of malware.”

“Attackers avoid sandboxes by waiting and automating their activity.”

“We need quantum-resistant algorithms as soon as possible” (Steve Grobman, McAfee CTO)

“The internet is turning in on itself with botnets. The Mirai botnet owners knew that many tech providers were embedding passwords in firmware and that allowed them to take over those machines”

“Monokle Android surveillance tools used a shared SSL certificate and infrastructure—all samples (and additional applications) were signed by the same certificate.”

“Attackers are using recycled loader malware to swap the decryption routine with their own command and control server, which allows them to send encrypted software for the loader to decrypt and run.”

“All sessions I attended at RSAC talking about malware and APTs stressed the fact that threat actors are stealing code signing certificates to evade defense controls.”


Humans vs. Machines

“The attack surface is expanding, with more smart devices connecting to the internet with no authentication and encryption.”

“The IAM problem is exactly the same with humans and machines. We have had 20 years to work on getting IAM for humans right. We can’t take that long to get it right for machines. We need to be proactive.”

“What’s scary is the lack of controls around machine identities in critical infrastructure of all types but especially healthcare.”

“So many of the new machines on networks are ‘smart’ machines or they rely on AI. We don’t have any safeguards to protect ourselves red if attackers pollute the input data.”

“Smart devises are not very smart in terms of security—they are not designed with security at the forefront.”

"Cyber-threats are evolving faster than systems defenses. Bad configuration and asset management leaves devices vulnerable and exposed." 

The growth in #machines on enterprise networks, the speed of their creation, and varied types of machines are creating expanding attack surface. Cybercriminals target machine identities as they are poorly protected. @dynamicCISO @Venafi @AIRWorldwide

— rneelmani (@rneelmani) February 25, 2020


Encryption News

“Modern encryption is stronger than ever, using battle-tested algorithms that are resistant to eavesdropping. But enterprise security managers fear they have lost the ability to detect network intrusions and malicious traffic.” ExtraHop

“The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.” ThreatPost

“From an operational standpoint, the use of multiple cloud key management services translates to decentralized key management, which is a definite no-no when it comes to security best practices.” Thales

“As the use of encryption becomes the industry standard, companies of all sizes need a solution that will let them understand what’s in the encrypted traffic entering their network, so they can block attempts by cybercriminals to mask their intentions.” Cygilant

Cybersec should not instigate fear but protect hope - and security should not be seen as a cost but an investment. The digital transformation will bring fantastic opportunities to our societies - but we need to include security, privacy and integrity to enable trust. #RSAC2020

— Troels Oerting (@TroelsOerting) February 25, 2020


More from RSA Conference 2020

Stay informed with next week’s blogs as we release exclusive Venafi survey results from RSA Conference 2020 and reveal new finds on the state of the cyber security landscape and machine identity management. 

Related Posts


Like this blog? We think you will love this.
Featured Blog

Microsoft Backs Off Internet Office Macro Ban [Update]

Microsoft disabled macro years ago by default

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Scott Carter
Scott Carter

Scott is Senior Manager for Content Marketing at Venafi. With over 20 years in cybersecurity marketing, his expertise leads him to help large organizations understand the risk to machine identities and why they should protect them

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more