Websense Security Labs at Infosec2012

Last week, Websense® Security Labs™ squad members attended the Infosec2012 conference at Earls Courtroom in London. Information technology was quite decorated and exciting for the states, as we assisted Sales Engineers and Sales teams to work with customers at the Websense booth. We also attended workshops and chapter meetings for (ISC)two (International Information Systems Security Certification Consortium) and ISACA (Information Systems Inspect and Command Clan).

The Infosec conference presents high-level security information, such as security product demonstrations, rather than technical talks on topics similar exploits and vulnerabilities. So nosotros expected to hear presentations and general discussions about enterprise security and issues of business organisation to our customers.

Topics receiving the virtually attending at Infosec were: Mobile Security (MDM and BYOD), Big Data, APT (advanced persistent threat) and AET (advanced evasion technique), and SIEM (security information and outcome management).

Some vendors presented anti-DDOS (distributed denial of service) solutions, hardware destruction options, and network mapping tools.

Several booths were represented by universities and data security certification organizations like (ISC)2 and ISACA.

Mobile security is a hot topic at the moment. Near everyone in the private and public sectors is nigh to or has already implemented MDM (mobile device direction) or other mobile security solutions. Withal, the main concern is non with the individual devices but with enterprise data protection. Companies are concerned about the BYOD (bring your own device) tendency, and so when employees access a visitor’s information with their own phones or tablets, the visitor can protect its sensitive information. It is important to remember that these mobile devices are also entertainment devices that employees may share with friends and family members. Some briefing talks included discussions of data separation, so that when a device needs to be wiped, personal data is retained while visitor data is secured.

APT and AET were too popular topics at the conference. The IT professionals’ primary concerns were related to the response from security vendors in the event of a data breach or a sensitive data/information leakage due to APTs and AETs. Companies are aware of the potential risks of these types of threats, but in many cases companies may non have a adept idea of the details of an set on. Follow-up contact and in-depth analysis by security vendors is needed. Using a detailed assay of an attack from a security vendor, a company can protect against futurity threats by taking a layered approach to secure its assets and vital information. Equally a consequence, companies will take more than trust in security vendors.

E-mail messages are still a main entry point for APT attacks, especially those using social engineering tactics and phishing attacks that target specific companies.

Some APT attacks are done with well-known penetration testing tools. Deploying protection against those tools can prevent these types of attacks.

Conference attendees likewise expressed interest in what was defined as a “security intelligence network,” which would permit close cooperation among vendors to forecast, prevent, and track various types of attacks.

Virtually briefing booths had sales engineers, sales people, and marketing personnel to generate leads. However, a few participants (like Websense) included their security lab professionals. Some talks presented at the booths included demonstrations of how URLs can be injected, deobfuscation of JavaScript, penetration testing, what’s behind credential-stealing trojans, and the analysis and display of parts of exploit kits.

Thank you to the Infosec2012 organizers for a great briefing in a cracking identify!

Websense Security Labs will continue its focus on security threat research and defence force applied science innovations.

The following researchers attended Infosec2012 and provided feedback for this blog: Amon Sanniez, Tamas Rudnai, Artem Gololobov, Gianluca Giuliani. Exist certain to follow us at WebsenseSecurityLabs!