RSA Europe 2011 to focus on APTs and share lessons learned from RSA’s data breach

Advanced persistent threats (APTs) are to be a pervasive theme at the RSA Conference Europe 2011 in London next month, coming just six months after the data breach at EMC's security division.

Advanced persistent threats (APTs) are to be a pervasive theme at the RSA Conference Europe 2011in London next month, coming just six months after the data breach at EMC's security division.

RSA's executive chairman Art Coviello and president Tom Heiser are to tackle APTs in the opening keynotes at the event, which will be held at the London Hilton Metropole on 11-13 October.

While Coviello will look at the pressure that the rapidly evolving threat landscape is putting on traditional security approaches and what businesses need to defend against this new breed of attacks, Heiser will discuss the lessons learned from RSA's APT attack.

Continuing the theme, Phillipe Courtot, chief executive of Qualys, is to dissect recent high-profile attacks as a way of finding effective countermeasures, Sean Doherty, chief technology officer at Symantec's enterprise security group, will look at building a strategy to counter today's IT attacks, and Stefano Grassi, vice-president safety and security at Poste Italiane, will examine the state of cybercrime in Europe.

Grassi, who is also chairman of the European Electronic Crime Task Force, is to cover the results of the organisation's latest European cybercrime survey and how the organisation supports best practices against cybercrime through its cross-sector alliances.

Focus on web security

Web security is to be another important theme at this year's RSA Conference, with keynotes by Adrienne Hall, general manager of Microsoft's Trustworthy Computing division, Ambika Gadre, senior director product management at Cisco, and Tim Berners-Lee, inventor of the World Wide Web, as well as two sessions by Ira Winkler, president of the Internet Advisors Group.

Gadre will look at the challenge facing most enterprises of securing mobile and cloud computing working environments, one of several sessions that will look at mobile security, which dominated the RSA Conference USA in February.

Hall is to provide a perspective on what businesses should consider when evaluating supplier capabilities in the cloud and explore some of the attributes that cloud providers must demonstrate to earn trust, which is the topic of a keynote presentation by Hugh Thompson, chief security strategist at People Security.

Thompson is to look at the fragility of the security industry because it has overlooked critical dependencies which sometimes fail, such as the reliability of the supply chain and digital web certificate authorities.

"Some of those assumptions have just been crushed in the past 12 months, and we need re-assess what to do to protect ourselves in the face of advance attackers who are willing to use a combination of social vulnerabilities and technical vulnerabilities to tailor attacks," he told Computer Weekly.

Organisations have to switch from a purely defensive mode to one of living in a state of active compromise in which we accept that suppliers, systems and people within the organisation have been compromised, he said.

Mobile security

In the closing keynote, Berners-Lee, who has campaigned for world authorities to step up their efforts to fight cybercrime, is to look back at how web technology has evolved, and how it may evolve in future, highlighting what he would like to see the security community provide to users of connected computer systems.

In addition to the keynotes, there will be 70 sessions across 11 different tracks, including speakers from Google, Nokia, Verizon and the Bank of New York, in which mobile security is to be a dominant topic.

"Although we have yet to see the amount of mobile malware the security industry has been predicting for the past two years, governance vulnerabilities are emerging, especially around management, e-discovery and privacy," said Thompson, who is also the chairman of the programme committee for the RSA conference.

"By volume, mobile security is probably the largest topic we have represented on the agenda, ranging from high-level talks to low-level talks," he said, including topics such as rolling out mobile security, managing devices, and the technical vulnerabilities in mobile devices.

New to RSA Conference Europe this year, the pre-conference day of 10 October will see the first Cloud Security Alliance (CSA) summit at the event and the first time the professional development track has been moved out of the main conference days.

"We thought it would be good to give everybody a taste of something personal at the conference, so now the professional development sessions do not clash with any other sessions," Linda Lynch, RSA Europe conference manager, told Computer Weekly.

The number of tracks at the event has also expanded this year to include one for governance, risk and compliance (GRC) and another for policy in government, she said.

See our full RSA Europe 2011 conference coverage. 

Read more on IT risk management