RSA Conference: Q&A With Security Expert Marco Nucera

In the first week of March, over 50,000 security and IT professionals gathered in San Francisco for the RSA Conference, a chance to share current security news and products and interact with industry leaders. IT Convergence’s own security analyst Marco Nucera attended the conference, and we caught up with him to get his thoughts on the experience.

1. Hi, Marco. You attended the RSA Conference in San Francisco during the first week of March this year. Can you tell us a little about the conference: what it’s all about, who attends, and what sorts of events happen there?

RSA Conference (RSAC) is one of the most important information security events of the year. There are many of these out there, but RSAC is known for its focus on the latest technologies, techniques, and security trends in the market. You get to listen to current “InfoSec celebrities” on assorted topics from best practices to different points of views and schools of thought for security practitioners. Of course, this wouldn’t be a conference if it didn’t have an overwhelming Expo section, where the top brands expose their products in a most-over-the-top manner with mind-boggling presentations. Overall, RSAC 2019 was fantastic and tons of good information was readily available for all attendees.

2. What were your own reasons for attending the conference? Could you give us an overview of your background in security, and what you do today at IT Convergence?

As one of IT Convergence’s security analysts, it is imperative to be “in the know” on the latest trends and technologies to make sure IT Convergence stays in the forefront of the battle of defending against cybercrime. We wouldn’t be able to provide a state-of-the-art defense to our hosted environments if we weren’t aligned with the latest best practices, as well as maintaining a high level of awareness of the current techniques malicious actors are implementing – both targeted and via broad-reaching automated software.

I joined IT Convergence’s Security Operations team almost three years ago, and since then we have strived to overcome the very same challenge all other companies are going through: keeping everyone’s minds focused on security and infrastructure best practices.

3. In your mind, what were the most important takeaway(s) from RSAC, something everyone in IT Security should know about?

As often happens on these occasions, the simplest and most obvious concepts are the ones that stick the most. One of the presentations I attended was given by the folks over at Palo Alto Networks and was entitled “99 Security Products and Still Got Breached?” The point is, it doesn’t matter how much money you throw at your infrastructure to protect it, it is very important to make sure the tools at your disposal are implemented properly to maximize their efficiency and protection. This is definitely one of those “Quality vs Quantity” type of scenarios. You want quality any day of the week, and it is important to develop the security practices and technologies at hand instead of just layering on more and more products.

4. What was your favorite keynote from the conference/which presentation left the biggest impression on you?

I particularly enjoyed a panel of SANS Institute security professionals discussing the latest attack techniques and defense mechanisms against them. The Five Most Dangerous New Attack Techniques and How to Counter Them.

5. Can you tell us what the biggest security concerns are for the upcoming year? New threats? Managing more complex security solutions?

Oddly enough, one of the biggest concerns in the security community seems to still be a well-known one: Human Factor. Regardless of the number of technologies and security you implement in your infrastructure, your weakest link will always be the humans that work with it on a daily basis. Workforce education as well as constant training and testing is the only solution.

No firewall, intrusion prevention system, next-gen DLP or antivirus will prevent an employee from falling for a phishing scam or a fraudulent impersonation email and compromising their corporate credentials. The critical importance of patching seems to be a novelty in a lot of IT and DevOps communities, and changing these ideas requires a lot of time and energy in education to get everybody to pull in the same direction.

6. Based on your experience at RSAC, what are your main recommendations for enterprise security leaders to focus on right now?

It is said that “Preparation is half the battle” and nothing represents preparation better than patching. Applications, firmware, controllers, and drivers are constantly being upgraded by teams of engineers for a reason… these upgrades and patches must be kept up-to-date in order to reduce the attack surface of an exposed infrastructure and to minimize the number of available exploits that a malicious actor has at their disposal to compromise a system, its data, and its availability.

Patching should not be an afterthought nor be only a reactive measure.  Proactive patching can prevent a difficult situation from even existing in the first place. It is known that patching can generate downtime in the availability of production environments, but the benefits heavily outweigh the downsides.  It was apparent from attending RSA, that not having a dedicated security team (regardless of its size) is no longer an option. All companies, without exception, should have some form of segregation of duties to avoid conflict of interest when it comes to the eternal battle between Security vs. Availability.

7. How do you think Managed Security Services can help companies stay on top of security solutions as they become more complex?

The main advantage of using Managed Security Services is that it allows you to forget about the pains of staying up to date with the latest trends in cybersecurity and allowing somebody else, most likely with vastly more experience in the field, to take ownership of your security – or at the very least, complement your in-house InfoSec workforce. Not every company has the size or the resource to house its own dedicated security operations team, and using MSPs is a great alternative that can help you ensure the security of your infrastructure and your data.

8. How is IT Convergence’s security team positioned to address the new concerns you talked about from RSAC?

Since its creation, the Security Operations team at IT Convergence has been growing both in size as well as infrastructure. We have deployed state-of-the-art security tools in all layers of our information technology infrastructure that allows us to enhance our visibility, ability to catch indicators of compromise and appropriate incident response. The way we are accomplishing this is via reinforcement of our patching practices, strong vulnerability assessments and extensive log management and event intelligence analysis.