Schneier on Security: Tagged security conferences

Entries Tagged "security conferences"

Page 4 of 11

Attack Mitigation

At the RSA Conference this year, I noticed a trend of companies that have products and services designed to help victims recover from attacks. Kelly Jackson Higgins noticed the same thing: “Damage Mitigation as the New Defense.”

That new reality, which has been building for several years starting in the military sector, has shifted the focus from trying to stop attackers at the door to instead trying to lessen the impact of an inevitable hack. The aim is to try to detect an attack as early in its life cycle as possible and to quickly put a stop to any damage, such as extricating the attacker from your data server—or merely stopping him from exfiltrating sensitive information.
It’s more about containment now, security experts say. Relying solely on perimeter defenses is now passe—and naively dangerous. “Organizations that are only now coming to the realization that their network perimeters have been compromised are late to the game. Malware ceased being obvious and destructive years ago,” says Dave Piscitello, senior security technologist for ICANN. “The criminal application of collected/exfiltrated data is now such an enormous problem that it’s impossible to avoid.”

Attacks have become more sophisticated, and social engineering is a powerful, nearly sure-thing tool for attackers to schmooze their way into even the most security-conscious companies. “Security traditionally has been a preventative game, trying to prevent things from happening. What’s been going on is people realizing you cannot do 100 percent prevention anymore,” says Chenxi Wang, vice president and principal analyst for security and risk at Forrester Research. “So we figured out what we’re going to do is limit the damage when prevention fails.”

Posted on April 27, 2012 at 6:53 AM • View Comments

SHARCS Conference

Last weekend was the 2012 SHARCS (Special-Purpose Hardware for Attacking Cryptographic Systems) conference. The presentations are online.

Posted on March 28, 2012 at 6:05 AM • View Comments

Assorted Schneier News Stories

I have several stories in the news (and one podcast), mostly surrounding the talks I gave at the RSA Conference last month.

Posted on March 15, 2012 at 2:35 PM • View Comments

Themes from the RSA Conference

Last week was the big RSA Conference in San Francisco: something like 20,000 people. From what I saw, these were the major themes on the show floor:

Companies that deal with “Advanced Persistent Threat.”
Companies that help you recover after you’ve been hacked.
Companies that deal with “Bring Your Own Device” at work, also known as consumerization.

Who else went to RSA? What did you notice?

Posted on March 5, 2012 at 1:30 PM • View Comments

Press Mentions

One article on me, and a podcast about my RSA talk next week.

Posted on February 24, 2012 at 2:56 PM • View Comments

Liars and Outliers Update

According to my publisher, the book was printed last week and the warehouse is shipping orders to booksellers today. Amazon is likely to start shipping books on Thursday. (Yes, Amazon’s webpage claims that the book will be published on February 21, 2012, but they’ll ship copies as soon as they get them—this ain’t Harry Potter.) The Kindle edition is already shipping.

Those of you who ordered signed copies from me are likely going to have to wait a couple more weeks. My copies will arrive from the publisher eventually; then I will sign them and ship them on to you.

Reviews are starting to come out. I expect more in the coming month.

At the end of February, I’ll be at the RSA Conference in San Francisco. In addition to my other speaking events, Davi Ottenheimer will interview me about the book at something called The Author’s Studio. I’ll be doing two one-hour book signings at the conference bookstore. And, and this is the best news of all, HP has bought 1,000 copies of the book and will be giving them away at their booth. I’ll be doing a couple of signings there as well.

Posted on January 30, 2012 at 1:59 PM • View Comments

Me Speaking on Cryptography in 1997

In 1997, I spoke at the Beyond HOPE Conference in New York. (HOPE stood for “Hackers On Planet Earth.”) A video of that talk is available online.

Posted on December 16, 2011 at 2:52 PM • View Comments

DARPA Cyber Colloquium

I note that the three “industry leaders” speaking at the DARPA Cyber Colloquium next week have about 75 years of government experience between them.

Posted on November 1, 2011 at 1:41 PM • View Comments

Fourth SHB Workshop

I’m at SHB 2011, the fourth Interdisciplinary Workshop on Security and Human Behavior, at Carnegie Mellon University. This is a two-day invitational gathering of computer security researchers, psychologists, behavioral economists, sociologists, political scientists, anthropologists, philosophers, and others—all of whom are studying the human side of security—organized by Alessandro Acquisti, Ross Anderson, and me. It’s not just an interdisciplinary conference; most of the people here are individually interdisciplinary. For the past four years, this has been the most intellectually stimulating conference I have attended.

Here is the program. The list of attendees contains links to readings from each of them—definitely a good place to browse for more information on this topic.

Ross Anderson is liveblogging this event. Matt Blaze is taping the sessions; I’ll link to them if he puts them up on the Internet.

Here are links to my posts on the first, second, and third SHB workshops. Follow those links to find summaries, papers, and audio recordings of the workshops.

Posted on June 18, 2011 at 1:06 PM • View Comments

WEIS 2011

I’m at the Tenth Workshop on Economics of Information Security (WEIS 2011) , at George Mason University. Most of the papers are online, and Ross Anderson is liveblogging the talks.

Posted on June 15, 2011 at 1:19 PM • View Comments

←Previous 1 2 3 4 5 6 … 11 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.