Well it was that time of year again, except it wasn’t, as Infosec moved from its traditional home at Earls Court to Olympia at the start of June instead of April. The exhibition floor itself had a different feel about it too with that big glass ceiling pouring in natural light. It was definitely worth a trip up the stairs to the new exhibitor zone on the balcony or out to the US, Israeli or French pavilions (where Wallix exhibited), to get yourself ahead of the curve and see what some of us smaller, dare I say, cooler vendors were up to.
IT security trends: Infosec 2015 Summary
It’s impossible to take in everything at an expo like Infosec, but here’s just a quick summary of some of the issues and technologies that were definitely trending during the three days of the show.
1. Demos of how to hack Internet of Things devices are cool
The demos and presentations are always one of my favourite things about the show floor at Infosec. This year the bar was raised from demonstrating malicious code or explaining social engineering, all thanks to the wonder of the “Internet of Things”. Every kind of connected device from kettles to cameras and TVs had their vulnerabilities laid bare as the risks of connecting unsecured devices to networks was highlighted. The best of these demos was of course, Cayla, the doll who can be very easily hacked to get a bit sweary around your kids. Hours of endless fun.
2. Vulnerabilities are scary(ish)
It seems like every vulnerability these days has its own PR agent, marketing campaign, logo and twitter account! This fresh interest in the potential damage that could be done by a software hole being exploited to break a network or steal data drove a lot of talk at Infosec. Vulnerability management and assessment vendors will feel they raised their profile at the exhibition. I’m bound to say that many of these many vulnerabilities could be addressed with good housekeeping, a point I made when the “VENOM” (there’s that branding) vulnerability was uncovered a couple of months ago, “The biggest concern here is not that some technology has a vulnerability, we know that's a fact of life. But that this is another situation where exploits, hackers, insiders or targeted malware all need administrative or root privileges to do damage or gain access to more data.” You can read all my comments on CBR Online.
3. People aren't sure about real time security analytics
Turns out that now everyone has SIEM there’s loads of data floating around and developing a system that might be able to understand that data to predict bad things happening or identify what bad thing has happened might be useful to people, but no one seemed quite sure how useful yet.
4. A lot of us talked about the insider threat
I had a great time talking to a fantastic crowd about the potential for an insider to do damage to your business. And I wasn’t the only one. It’s clear that the insider threat is becoming an increasing concern to a much greater audience. There was also a consensus from almost every one I spoke to about the important part that privileged accounts play in any kind of threat, all summed up by one very wise and experienced CISO, “Every malicious outsider is on a mission to become a privileged insider.”
5. One vendor was giving away lightsabers!
They did made you sit through a product demo to get one … totally worth it.
I'm sure I missed some amazing things that went on at the show that other readers would be interested in so please do share them in the comments below. See you all at Olympia next year!