The 2018 RSA Conference has the theme of "Now Matters (now very important)". But is it really important? See who said it...

At the RSA conference held last month, there was a potential discussion topic that IT network security personnel could gain the upper hand in confrontation with hackers.

The concept of the defender's importance is perfectly represented by the conference theme "Now Matters". The basic premise is that starting now can improve the situation. From now on, adopting the correct method to invest in the right technology will make the future of network security better.

In the context of seemingly endless data breaches, fragile cloud storage services, and frequent breaches of privacy, one speaker after another tried to convince listeners that things really didn't look so bad.

RSA President Rohit Ghai said in the opening keynote of the conference:

“Let's talk about how the security community is getting stronger and how to go faster. Of course, the headlines don’t write this. You won’t see the “New York Times” article describing how risk-based multi-factor authentication works. Blocked national state hackers from accessing critical databases."

Gay said that the essence of the IT industry is this way, and the most important victory has never appeared on the front page. Gay’s keynote speeches centered around the “first-line hopes” and pointed out the positive work that IT staff can do for their own corporate security.

Our efforts for "one-line hope" will not appear on the headlines. In fact, we are headline in preventing bad things.

The keynote address of Tom Corn, VMware’s senior vice president and general manager of security products, is similar. He believes that defenders should have "home advantage" in the face of attackers. His point is: No one can understand the home network as much as the company itself, and this should be the time and place of the defender.

The basic meaning expressed by Nadav Zafrir, the former commander of Israel's 8200 force (Central Intelligence Collection Force, equivalent to the United States’ NSA), is that the defenders should have an advantage.

We know where the battlefield is. The battle must start on our network, and we should know our network better than our opponents.

Zafrirr also reminded participants that the role of the Internet and technology is not security, but connectivity and improving human life.

Is it really important now?

Although some RSA conference discussions and speakers express optimism, pessimists still exist. Adi Shamir, "S" among the three proponents of the RSA encryption algorithm (the other two were Ron Rivest and Leonard Adleman) ), was asked in the cryptographer panel keynote: "What do you think is the "first-line hope" of cybersecurity now?"

He replied: “The silver lining of cyber security in my eyes is that our work safety is guaranteed.”

IDC analysts also expressed some concern about the current state of the cyber security industry at the company's annual RSA conference breakfast. Robert Westervelt, head of research at the IDC Security Products Group, said that people are wandering around at the RSA conference hall because they are confused by the propaganda from different vendors.

Westerforte believes that vendors' marketing will not basically describe the products they actually provide, but also do not know what their technology can do for customers. Westerfoort’s view on cybersecurity marketing is fully presented by browser isolation technology vendor Authentic8. Their booths did not promote their own products, but it was like selling the Indian goddess oil, which is known to contain all kinds of diseases, under the "false security" label.

It is important now

"Good things do not go out bad things pass a thousand miles" is not false, over-propaganda "bad things" will indeed blur the public's attention, and even allow industry experts to correctly understand the marketing information of network security vendors.

Regardless of these issues, there is no fatalism in cybersecurity results. Although hackers will continue to look for the goal of opening up the portal, companies can also take various measures to limit the risks.

Corporate companies do not have to position themselves as "fixed targets." Take action now, start thinking about best practices, understand risks, and implement risk control! The measures taken by the company's companies are really important and related to the future security situation.