Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Guest Blog // Selected Security Content Provided By Sophos
What's This?
3/1/2013
03:33 PM
David Schwartzberg
David Schwartzberg
Security Insights
50%
50%

Cool Tech's First Showing At RSA Conference 2013

Meet five unsung heroes that showcased their new solutions at the RSA Conference. You may find something you didn't know you needed

Meeting with as many exhibitors as the RSA Conference in San Francisco provides is a daunting task. Invariably, a startup company with a compelling solution is easily overlooked.

RSA Conference 2013
Click here for more articles.

At this year's Conference, the top questions asked were much like last year's. Many people came to the Sophos booth asking about mobile security solutions for smartphones and tablets in respect to bring-your-own-device (BYOD) initiatives. I found that to be very interesting since this year the RSA Conference added a new track called the "human element."

When thinking about BYOD solutions, the primary challenge most organizations have is around protecting data and stopping threats without reliance on the human element. In many BYOD situations, that is not the case -- the human element is in play and unavoidable.

For the benefit of Dark Reading readers who were unable to attend the conference, I decided to find five companies that had their booths in the periphery of the Exhibitor Hall. I selected random companies from each side of the hall that were newcomers or coming back from hiatus.

The concept is simple: to ind out what new solution each was showcasing, what problem(s) the offering solves, what makes its product unique, and how it coincides with this year's topic -- the human element.

I was able to speak with:

iDriveSync
iDriveSync was represented by Shane Bingham, Business Development Associate, who stated that this was its first year in the Exhibitor Hall. The private key encryption for iDriveSync enables users to select a private key that is known only to them; even iDriveSync employees won't have access to the key was what they were showcasing.

This solves the problem of security where accounts with only usernames and passwords are at risk to the employees of the solution provider storing the data. Shane Bingham stated, "Private key encryption prevents anyone from doing that but you." According to Shane, iDriveSync is the only cloud provider that offers the use of private key encryption that makes it unique.

iDriveSync coincides with the topic of the human element in two ways: 1) It takes out the human element of the unwanted humans from accessing your data, and 2) it makes it easier to give you the control that you have access to your data. You won't have to worry about someone else out there digging through your digital data.

For more information, go to the iDriveSync website or Facebook.

ManageEngine
Mason Hering, a Marketing Manager from ManageEngine, shared that this is the company's first year back after three years off, but was an exhibitor at RSA Conference a total of four times. It was showcasing a Password Manager Pro enhancement that offers password management for mobile devices.

The problem solved is when an admin is at a server in a data center. Rather than writing a password on a piece of paper or your hand, you can put the password securely in your smart device. Simply, ease of use and convenience when it comes to saving and retrieving stored passwords. As Mason Hering put it, "[Being] able to delegate access to certain individuals, [Password Manager Pro] can go out and put a password into the system for them and record the session." Those features are what differentiate Password Manager Pro from its competition.

Password Manager Pro coincides with the RSA topic by taking the human element out of the equation and the risk associated with allowing users to handle unprotected passwords.

For more information, go to the ManageEngine website, Facebook, or Twitter.

Pindrop Security
I spoke with Matt Anthony, Vice President of Marketing from Pindrop Security. He mentioned it is a first-time exhibitor this year on the trade show floor; last year it was in the innovation sandbox. During the conference, SC Magazine named Pindrop Security the "Best Rookie Security Company" for 2013.

The company was showcasing a set of solutions to help fight phone fraud: Fraud Detection System and Phone Reputation Service. For example, social engineering attacks on the contact centers in the large enterprises to do fraud. Matt Anthony stated, "When considering the large financial institutions, about 1 in 3,000 calls is a fraud call. It may not sound like a lot but amounts to about $4 billion in losses a year. Contact centers spend about $20 billion to authenticate people as they call into the call center." Pindrop security provides a solution that detects fraud and matches whitelists and blacklists while doing authentication to catch the bad guys.

The solution is unique because "...there hasn't been a solution in the phone channel that addresses the phone piece. The first solution to use multiple detection techniques to identify known attackers and anomaly detection to determine where the call is coming from and the type of device the caller is using," according to Anthony. From that information they can determine if the criminals are spoofing.

The human element topic is addressed because there are always people on the other end of the line. The good guys are battling toe-to-toe (or ear-to-ear) with the bad guys all day long.

For more information, go to the Pindrop Security website, Facebook, or Twitter.

Pwn Pad
The Pwn Pad is an Android-based tablet from Pwnie Express.
Pwnie Express
Anthony Hughes, Director of Government Sales and Marketing from Pwnie Express, said that this was its second year in the Exhibitor Hall. It was showcasing the Pwn Pad, which is an Android-based tablet, similar to the Pwn Phone. The Pwn Pad works on wired and wireless environments. It's able to inject packets, strip WEP, and act as an "evil" access point.

Pwn Pad solves the problem of the human element of social engineering, insider threats, and security awareness. It has a stealthy form factor, and wireless capabilities accessing covert channels for exfiltration. According to Anthony Hughes, "[The Pwn Pad] squarely addresses the human element issues on an Android tablet, which has never been done before."

Pwn Pad is unique because of the form factor and the suite of features offered.

For more information, go to the Pwnie Express website, Facebook. or Twitter.

Skyhigh Networks
I was fortunate to speak directly with the CEO of Skyhigh Networks, Rajiv Gupta. He said that this is the company's first time in the RSA Exhibitor Hall. It was showcasing the company and its new product, which both launched on Monday when the RSA Conference began.

Skyhigh's product solves the problem of exposure and risk with cloud-based providers so that they can benefit from cloud services. Skyhigh is the only company that helps with the discovery and risk assessment of more than 2,000 cloud services in order to control access to cloud services offered as a cloud service.

The human element is addressed because employees are looking to be productive without intent to create risk. Since many IT organizations do not have the visibility or ability to control cloud services, a cloud exposure comes to fruition. The cloud exposure risk forces decision makers to become production inhibitors. Discovering and controlling the cloud exposure helps eliminate risk so that employees can leverage advanced cloud technologies to be more productive.

Skyhigh received recognition this week as one of the top 10 "Most Innovative" companies while at the RSA Conference in San Francisco.

For more information, go to the Skyhigh Networks website, Facebook, or Twitter.

No security, no privacy. Know security, know privacy.

David Schwartzberg is a Senior Security Engineer at Sophos, where he specializes in latest trends in malware, web threats, endpoint and data protection, mobile security, cloud and network security. He is a regular speaker at security conferences and serves as a guest blogger for the award winning Naked Security blog. David talks regularly with technology executives and professionals to help protect their organizations against the latest security threats. Follow him on Twitter @DSchwartzberg

David Schwartzberg is a Senior Security Engineer at Sophos, where he specializes in latest trends in malware, web threats, endpoint and data protection, mobile security, cloud and network security. He is a regular speaker at security conferences and serves as a guest blogger ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18888
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. T...
CVE-2019-18889
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.