Contact Us Blog Register Login
PreEmptive -
  • Home
  • Products
    • Application Protection
      • Dotfuscator for .NET
        • Overview
        • Features
        • Compare Editions
        • Xamarin Protection
        • Videos & Resources
        • Pricing
        • Downloads
      • DashO for Android & Java
        • Overview
        • Features
        • Videos & Resources
        • Pricing
        • Downloads
      • JSDefender for JavaScript
        • Overview
        • Features
        • Online Demo
        • Pricing
        • Downloads
      • PreEmptive Protection for iOS
        • Overview
  • Support
    • Product Support
      • Dotfuscator for .NET
      • DashO for Android & Java
      • JSDefender for JavaScript
      • PreEmptive Protection for iOS
    • Resources
      • White Papers
      • Glossary
      • Videos
  • Solutions
    • App Protection Solutions
      • Mobile App Protection
      • Desktop & Server App Protection
      • General Data Protection Regulation (GDPR)
      • Security Development Lifecycle
      • Application Integrity Protection
      • Mobile RASP
      • PCI Mobile Payment Acceptance Security
  • Company
    • About
      • Why PreEmptive?
      • About Us
      • Careers
      • Blog
    • Contact
    • Legal

RSA 2020 San Francisco Recap

March 3, 2020 1639 Views Gabriel Torok


Evolving Hazards, Emerging Hope and the Expanding Human Element

The theme at the RSA conference this year is the “Human Element” — the critical role of individuals in the efficacy of organizational security measures. Along with sessions about the hazards of IT complexity and the hope of ethical AI, the expanding impact of COVID-19 concerns offered a real-world example of human elements at work, highlighting how IT staff can both help — and hamper — the effectiveness of infosec efforts.

Here’s a look back on some of my biggest takeaways from RSA 2020.

Curtailing Control Complexity

Recent survey data shows that over 40 percent of IT teams now suffer “cybersecurity fatigue”, with 96 percent citing complexity as the overriding factor. It makes sense; with so many vendors, environments and alerts to manage it’s easy for IT experts to find themselves falling behind.

In his RSA 2020 session, DevSecOps State of the Union, NCC research director Clint Gibler advocated a shift away from overly-complex scanning technologies such as static application security testing (SAST) and dynamic application security testing (DAST) in favor of simpler solutions that teams can easily run in-situ. "Instead of having a very complex investigation into your car about all the possible ways that things could go wrong,” he said, “just build nice, easy seatbelts and awesome airbags that make it so that, even if something goes wrong, you are mostly fine."

The takeaway for IT pros? Find a balance. While increasing solution and system complexity represents a growing hazard for infrastructure and application management, tossing densely-packed defensive technologies in favor of simple alternative isn’t the only answer. Although it’s critical to deploy more accessible evaluation processes that experts can apply on-demand, more in-depth assessments are also required to ensure apps aren’t being compromised during their initial runtime or reverse-engineered to provide hackers actionable data.

Here, intelligent tools and machine learning initiatives can help bridge the gap, letting IT pros focus on immediate concerns without being overwhelmed by ongoing system alerts.

Leveraging the AI Advantage

Speaking of machine learning, as expected, artificial intelligence (AI) also took center stage at RSA 2020. As noted by Information Age, a capture the flag competition that pitted 70 tech experts against AI algorithms returned a consistent result: Humans weren’t able to demolish AI defenses. The result wasn’t all bad — sponsor Unisys donated $10,000 to the Women in Cyber Security (WiCyS) group and the competition offered a key insight: In some cases, AI outperforms human insight.

For example, while staff may have trouble assessing the accuracy and reliability of social posts and videos that may have been “deep faked” to appear real or socially engineered to cause compromise, making the right call is no problem for advanced AI tools. The caveat? It’s essential to create ML and AI solutions that are themselves trustworthy and easy-to-use, or else potential problems simply shift location from outside the organization to inside IT perimeters. This ties into the “AI for Good” movement, which focuses on the help — and hope — offered by intelligent infosec efforts.

It’s also essential for enterprise to recognize the impact of human elements: While AI tools excel at detecting potential outliers and processing alerts at speed, trained IT staff still have the edge when it comes to developing new defensive strategies and ensuring other employees are equipped to handle potential process pandemics.

Highlighting the Human Element

The RSA tagline for 2020 was undeniably relevant, since insider risks remain the biggest threat to enterprise cybersecurity — but it took on an almost prescient posture as increasing fears of a COVID-19 outbreak negatively impacted RSA attendance. While the official tallies put the number of attendees at just 36,000 compared to last year’s 42,000, it only felt to me as though the show floor has slightly fewer attendees and certainly much more frequent use of hand sanitizer which seemed to be everywhere.

The growing fears around human-to-human transmission neatly mirror the issues faced by IT teams: Humans are often the weakest link in any IT security plan, not from malice, but from a lack of effective training and tools.

Consider recent warnings to U.S. citizens about the use of masks to prevent Coronavirus: The CDCnotes that healthy people wearing masks can actually increase their risk due to overconfidence in the defensive mechanism — as they regularly touch the mask to adjust it, they could unwittingly increase their chances of infection.

The same holds true for many tried-and-true “secdevops” techniques, such as SAST and DAST. While they provide a measure of protection against security vulnerability or application compromise, they’re not catch-all solutions.

To address the “human element”, I believe that a layer defense approach is better than any individual approach. And, that means also hardening/shielding apps that run in untrusted environments and contain intellectual property, access gated value or touch sensitive data. For example, PreEmptive’s offerings: JSDefender (JavaScript app protection and obfuscation), Dotfuscator (.NET app protection and obfuscation) and DashO (Java & Android app protection and obfuscation), all work behind-the-scenes to harden, shield and obfuscate application code, prevent reverse engineering and protect critical data.

Combined with reduced IT complexity and improved AI solutions, RSA 2020 highlights emerging potential to hack the human element and deliver improved defenses on-demand.


Start a Free Trial

Tweet
Share

Categories

  • Dotfuscator

  • Dotfuscator CE

  • DashO

  • JSDefender

  • Press Releases

  • Mobile Protection

  • Risk Management

  • Support Corner

Latest Blog Posts

Protecting Java applications that use Jackson for JSON



JSON is a standard format for sharing objects and data within an application. When working in Java, there is no built-in support for JSON processing. There are, however, several widely-used libraries and options to choose from. In this article, we will focus on Jackson, which is one of the most popular.

Read more

Protecting C# applications that use AutoMapper



AutoMapper is an object-to-object mapping system used by many of our customers. It aims to simplify and organize code responsible for sharing instance values from an object of one type to an object of a different type.

Read more

Inventa, Wireless Technology Company, Protects their Android Application with DashO



Inventa, a Wireless Technology Company, Protects their Android Application with DashO

The Beginnings of Inventa

Having worked in the wireless mobile technology domain in the US, Anand Virani, became intrigued by the growing tech and wireless trends and wanted to explore the field more for himself. He noticed a boom in the Internet of Things (IoT) and that smartphones were becoming more central to how people interacted with each other at home, in the office, and in public places. What if there was a way phones could connect with each other without the need for Internet or cloud access? Smartphones were the future and Virani was determined to make a profitable business model based on this new trend.

Read more

Surgical Theater Protects their Medical Applications with Dotfuscator



Surgical Theater Protects their Medical Applications with Dotfuscator

How It All Started

How is flying a fighter plane similar to performing neurosurgery? They have more in common than you’d think. In 2005, Monty Avisar and Alon Geri, two Israeli fighter pilots were assigned to work with Lockheed Martin to build a $50 million F-16 Flight Simulator program for the Israeli Air Force to improve hand-eye coordination skills for their pilots during combat. Avisar took on the role of project manager and Geri served as senior engineer; the project was a success.

Four years later in 2009, the two finished their military service in Israel and moved to Cleveland, Ohio. Their experience working in virtual reality applications inspired them to wonder where this technology could also be applied. With several connections to surgeons, the two came to understand the ins and outs of operation procedures; in a similar way, surgeons were also working on a battlefield. What if surgeons could also train like fighter pilots and preview their surgical procedure, much like a fighter pilot could pre-fly their mission? The surgeons could pre-plan the operation from every angle and every approach to increase their situational awareness. And a year later, Surgical Theater was born.

Read more

Integrating DashO into a Maven Build



Maven is perhaps the most widely-used project management tool for Java. Based on the Project Object Model (POM), it is used not only for compilation of source code, but also dependency management, documentation, running tests, packaging, deployment, and more. We are frequently asked if we have a Maven plugin for running DashO. Though we do not offer a specific Maven plugin, adding DashO to your Maven-based project is surprisingly easy by leveraging Ant.

Read more

preemptive logo

767 Beta Dr. Suite A
Mayfield Village, OH 44143

Tel: +1 440.443.7200

solutions@preemptive.com

Latest Blog Posts

Protecting Java applications that use Jackson for JSON

December 30, 2020
Read more

Protecting C# applications that use AutoMapper

November 18, 2020
Read more

Inventa, Wireless Technology Company, Protects their Android Application with DashO

November 10, 2020
Read more

Surgical Theater Protects their Medical Applications with Dotfuscator

October 30, 2020
Read more

GlobalMed Finds Success by Switching to JSDefender

October 21, 2020
Read more

Twitter

@baldbeardbuild @GirlsWhoCode @baldbeardbuild thanks so much for inspiring us to be BUILDERS in our own community!… https://t.co/U6AyqPDhsa Jan 14 • reply • retweet • favorite

Copyright © 2020 PreEmptive

  • Home
  • Contact Support
  • Blog
  • Contact
Scroll to Top

PreEmptive uses cookies to improve the functionality of our website. By using this site, you agree to the use of cookies.