Security, et al

Randy's Blog on Infosec and Other Stuff Follow @randyfsmith

Cool Stuff at RSA

Thu, 13 Mar 2014 12:36:15 GMT

I found some pretty cool stuff at RSA. Some new technologies that I’ve never thought of before and others that are just as fun as they are valuable.

More Fun with Hard Drive Destruction

Fun and an effective solution to a vexing problem – old hard drives full of sensitive information. Garner Products’ booth showed off some epically cool machines to take care of that problem.

Using a magnet rivalling those in MRIs, the HD-3WXL, can degauss one hard drive every 10 seconds. But even cooler is the PD-5 which physically breaks drives in half.

You have to watch this video– http://www.garner-products.com/PD-5.htm. How fun is that? Plus the drive can still be disassembled and recycled as opposed to shredders which create a toxic waste disposal problem.

You Can’t Trace My Packets

My Neat-O-Meter redlined at Dispersive Technologies’ booth when I grasped what they do, which is a new way to securely send information over the Internet. Quantum Encryption you ask? Ha! That is so passé. The VSV products use a “spread spectrum” approach to breaking data up and sending it over many, unpredictable paths over the Internet as a way to defeat man-in-the-middle attacks. Any given observation point only sees a fraction of the data being transmitted. There’s not many entities that could even begin to try to observe every path (see my Elephants and Irony at RSA post). With VSV products both endpoints securely negotiate and dynamically adjust their use of multiple “deflectors” on the Internet to scramble their data and send different bits of it along completely different paths. Sounds slow? Rob Smith (no relation to yours truly) explained that the endpoints automatically and dynamically stop using deflectors on slow paths and sometimes produce greater throughput than traditional shortest path network.

No More Excuses for Security Unawareness

Finally, we all know that at the end of the day, with every security technology deployed, your weakest link remains the human element. And we all tend to pay lip service to the need for security awareness training. But what do we do about beyond putting up some posters and having new hires sign some documents when they first come in? And how many managers will approve and pay for in-person training sessions which users quickly forget about? How do you increase security awareness and sustain it over the long haul? That’s what I liked about what I saw at Visible Statement’s booth. Their software integrates with your endpoint with just the right amount of animated security awareness training and supports many different languages.

email this • digg • reddit • dzone
comments (0) • references (0)

Elephants and Irony at #RSAC

Mon, 03 Mar 2014 14:43:14 GMT

I was amazed when I saw the Beijing Zhongguancun Overseas Science Park (Elephant #1) in the North expo hall.

Some folks come out and say it and some use euphemisms but when people talk about APT actors, that boogeyman is commonly regarded as China. At least until Snowden, which brings us to NSA's large booth in the South expo Hall - Elephant #2.

Back to Elephant #1 for a second. "Who knew there were security software companies in China?" - was my question. But attendees are asking "Who would install a highly trusted piece of security software written in China?". Ironic. Being an honest IT security firm in China can't be fun. One gentlemen we breakfasted with confirmed it's an uphill battle.

If that's ironic, then a German colleague's comment is irony2. "Who really wants to buy IT security software from a US vendor after all the Snowden revelations?" Wow, Chinese and American security companies in the same boat? I begin to see the logic behind Germany sponsoring a large pavilion in the north hall spotlighting their country's security firms.

The irony continues when you think about the Chinese-made chips and US-written software running on security appliances on display.

I wonder where all of this will lead or if it will eventually blow over.

email this • digg • reddit • dzone
comments (0) • references (0)

previous | next