News from the conference

SSL innovations
Wayne Thayer, the General Manager of Security Products at GoDaddy and a member of the CA Security Council, compares and explains certificate transparency, certificate authority authorization and certificate pinning.

Moving to the SHA-2 hashing algorithm
Jay Schiavo, a member of the CA Security Council, discusses why web server administrators will have to make plans to move from SSL and code signing certificates signed with the SHA-1 hashing algorithm to those signed with SHA-2.

Building management security
Terry McCorkle, Product Manager, Vulnerability Management, Qualys, discusses flaws in building management security that most people are not aware of.

Top 4 security controls: Do your PCs make the grade?
Wolfgang Kandek, CTO at Qualys, talks about a new free service that help organizations implement the Top 4 Critical Security Controls to fend off attacks.

The role of identity in responding to the threat environment
Geoff Webb, Director of Solution Strategy at NetIQ, talks about the intricacies of securing such a complicated landscape and the key is understanding the role of identity.

Two-factor authentication with Duo Security
Zach Lanier, Senior Security Researcher at Duo Security, talks about two-factor authentication with Duo Security.

Protecting data against unwanted surveillance
Jason Sabin, VP of Research & Development at DigiCert, discusses how SSL is the most important defense against unwanted surveillance, but it must be properly implemented.

Mobile data leakage
Mike Raggo, Security Evangelist at MobileIron, discusses mobile data leakage, and provides tips on how to secure email, public and in-house apps, illustrates data exposure, and much more.

Is your browser a user agent, or a double agent?
Mike Shema, Director of Engineering at Qualys, discusses how privacy shouldn't be an afterthought in the browser.

How to protect against unauthorized spying
Wayne Thayer, the General Manager of Security Products at GoDaddy and a member of the CA Security Council, provides tips on you what you can do to protect yourself from spying.

Exploring identity relationship management
Mike Ellis, CEO of ForgeRock, talks about how today's solutions must link devices and new mobile and social apps to a single security platform that works all the time, everywhere.

Egnyte CSO details company security roadmap
Kris Lahiri, CSO at Egnyte, details the company’s plans to raise the global standard for secure file sharing in the enterprise.

Understanding the top 20 Critical Security Controls
Wolfgang Kandek, CTO at Qualys, talks about the 20 Critical Security Controls, which outline a practical approach to implementing security technologies by providing proven guidelines for protecting IT environments.

Next generation access management strategies
Eugene Shablygin, CEO and founder of WWPass Corporation, discusses the death of the password and talks about alternative access management strategies that offer greater security.

The security of embedded devices
Billy Rios, Director of Threat Intelligence at Qualys, talks about embedded devices from a security standpoint.

New approach to SQL injection detection
Dave Rosenberg, CTO at DB Networks, talks about a new approach to SQL injection detection and explains how they solve this problem in their products.

Video: RSA Conference 2014 showcase
Here's a closer look at the show that attracted 28.500 visitors this year.

Cyber crooks will go after medical records next
As security firms and law enforcement agencies continue to cooperate and successfully take down botnets, cyber crooks will be forced to look for new and more lucrative targets, and especially ones that are poorly secured.

Cisco offers $300k for IoT security solutions
Cisco has launched a new competition and is calling on "visionaries, innovators, and implementers" to propose practical solutions for issues affecting security of the Internet of Things.

RSA Conference attendees ambivalent about NSA tactics
Thycotic Software announced the results of a survey of 341 RSA Conference USA 2014 attendees, which found that fewer than half (48%) of pollees feel the NSA overstepped its boundaries in its surveillance of US citizens.

The future of access control according to HID
A new security environment in which users will have a seamless experience when using cloud-based applications and services, accessing data, and opening doors is emerging.

Webroot delivers APT protection for enterprises
Webroot releases two cloud-based security offerings designed to help enterprises address the explosive growth and increasing sophistication of online threats, particularly targeted attacks such as “spearphishing” and advanced persistent threats.

44% of companies don’t have a cloud app policy
Despite widespread adoption of cloud apps in the enterprise, most IT security professionals are either unaware of their company’s cloud app policy or don’t have one.

Email ecosystem discovery and cyberthreat prevention
Agari announced Agari PRO, built upon the company’s cloud-based SAAS data platform which helps companies detect, take action, and prevent the advanced email cyberthreats that are targeting end users today.

Free tool helps fend off most cyber attacks
Qualys announced that it has collaborated with the SANS Institute and the Council on CyberSecurity to release a new free tool to help organizations implement the Top 4 Critical Security Controls to fend off attacks.

97% of SaaS vendors use SAML-based single sign-on
By eliminating all passwords and instead using digital signatures for authentication and authorization of data access, SAML has become the Gold Standard for single sign-on into cloud applications.

Historic shift in IT use is changing society and culture
In his opening keynote, RSA's Art Coviello called for international government and industry cooperation on major issues including cyber war, surveillance, privacy and trust on the Internet.

Egnyte appoints new CSO, unveils security roadmap
Egnyte formally introduced Kris Lahiri as the company’s new Chief Security Officer and unveiled his FY14 security roadmap, which details the company’s plans to raise the global standard for secure file sharing in the enterprise.

Quickly identify and act on endpoint security issues
Promisec Integrity aims to delivers certainty that all tools and processes are operational, agents are up to date, and software is patched.

Risk Analytics as a Service by Brinqa
Brinqa is the first to offer an affordable Cloud-based risk analytics solution that includes complete automation and continual tracking and reporting of risk that can be used by non-Fortune 1000 companies.

New free online software security training courses
SAFECode has released new software security training courses: Product Penetration Testing, Cross Site Scripting (XSS), and Secure Java Programming.

Microsoft testing EMET's new protection mechanisms
Developers from the company's EMET engineering team are currently demonstrating both the old and this new version of the security software at the RSA Conference.

Nearly half of companies assume they have been compromised
A majority of organizations are operating under the assumption that their network has already been compromised, or will be, according to a survey by the SANS Institute.

McAfee expands Comprehensive Threat Protection
Since last year McAfee has enhanced the countermeasures available to customers and added new analytics, context and orchestration to fully integrate and automate the threat protection processes.

Consumers' bad data security habits should worry employers
Consumers are not securing the data on their personal laptops or desktops correctly, if at all, according to the results of a Harris Poll survey commissioned by WinMagic.

Android, iOS solution reveals data-leaking apps
viaProtect gathers mobile forensic, system, network, security and sensor data from devices, then utilizes statistical analysis and risk indicators to detect suspicious events or behavior.

Qualys introduces Continuous Monitoring cloud service
This new offering gives organizations the ability to proactively identify threats and unexpected changes in Internet-facing devices within their DMZ, cloud-based environments, and web applications before they are breached by attackers.

Enterprise-level UTM for home and small offices
WatchGuard Technologies announced the WatchGuard Firebox T10 Unified Threat Management (UTM) solution, a network security appliance that allows enterprises to extend powerful network security to small office home office environments.

Threat detection for remote users by OPSWAT
GEARS is a cloud-based network security management platform that offers advanced threat detection for remote users by identifying potential threats that the existing antivirus software might have missed.

OpenID Connect Standard launched
OpenID Connect is an efficient, straightforward way for applications to outsource the business of signing users in to specialist identity service operators, called Identity Providers

Identity relationship management market to exceed $50 billion by 2020
As the Internet of Things (IoT) grows, ForgeRock offers its open source Identity Relationship Management platform built on the telco grade scale and reliability of Sun technology.

Strong authentication for cloud apps from Duo Security
Duo Security is expanding their security platform to help customers protect access to their sensitive data residing in cloud-based applications, including Salesforce, Google Apps, Microsoft Office 365, and Box.

Qualys releases Web Application Firewall
Qualys announced the availability of its QualysGuard Web Application Firewall (WAF) service for web applications running in Amazon EC2 and on-premise.

Free cloud anti-spam email service for small businesses
Halon Security announced, a contract-free, pay-as-you-go cloud anti-spam email service for small businesses. requires no contract or up-front investment and is free for up to 10 users.

CSA ups the ante on virtual hackathon
The Cloud Security Alliance announced that it has upped the ante, as no one has yet been able to hack the Software Defined Perimeter (SDP) network since the contest began on Monday.

Tenable adds cloud management and multi-scanner support to Nessus
Departments, teams and remote locations will have, as part of their subscription, the ability to control internal and external scanners from a primary scanner. Nessus customers with Nessus Perimeter Service will be able to do so through the cloud.

Military-grade encryption tunnel scrambles voice, text and emails
GOTrust Technology announced that NIST has awarded the company FIPS 140-2 level 3 certification for their SDencrypter microSD working on Android and many other Operating Systems including Windows and Linux.

A new era of big data risk management
Agiliance announced RiskVision 7, which mines petabytes of operational and security risk data to manage near real time workflow, intelligence, and analytics driving business impact and performance.

DB Networks' virtual IDS stops advanced SQL injection attacks
The IDS-6300v is the industry’s first Core IDS as a virtual appliance that combines behavioral analysis and advanced continuous database monitoring that alerts of attacks and database network behavioral anomalies in real-time.

Free vulnerability management service for SMBs
Tripwire debuted Tripwire SecureScan, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks.

Identify and fix vulnerabilities in your SSL certificates
DigiCert Certificate Inspector is a tool designed to quickly find problems in certificate configuration and implementation, and provide real-time analysis of an organization’s entire certificate landscape, including SSL termination endpoints.

Target hack spurred US businesses to spend more on cyber security
The international research also found that 53% of US companies surveyed now regard the threat from cyber attacks as one of their top three business risks.

CryptoCube: Enterprise crypto and authentication in one rackmount
Futurex announced the release of CryptoCube, a purpose-built, all-in-one rackmount enclosure for the secure encryption, decryption, authentication, and validation of sensitive data.

Most security managers under pressure to deliver apps faster
90% of security professionals say that the on-demand nature of virtualization and the cloud has increased pressure on them to deliver applications and services faster.

Protecting APIs, mobile apps and cloud services
CA Technologies announced new and updated identity-based solutions to help secure the increasing number of cloud, web and mobile applications operating in today’s open enterprise. They also announced new mobility and API solutions

Financial institutions must look beyond their own defensive perimeters
Third-party networks extend the attack surface and introduce risks that often go overlooked

Next generation anti-DDoS appliances from Huawei
Huawei's AntiDDoS8000 Series can defend from several hundred Gigabits-per-second DDoS threats by employing features such as signature learning, behavior analysis, reputation mechanism and Big Data analytics.

Encryption management platform for protection in hybrid clouds
CloudLink provides the encryption foundation that protects mission-critical data across a broad range of use cases from a single integrated platform.

Network forensics platform for the 10 Gig world
nPulse Technologies launched its Cyclone Network Forensics Platform, which builds on full packet capture by adding line-rate extraction of crucial application layer security metadata and a flexible big data security analytics framework

What people think about passwords, email snooping and personal data
New research shows where Millennials and Gen-Xers stand in regards to passwords, online marketing practices, email snooping, and their personal data.

Fortinet upgrades and extends its Next-Generation Firewall
Fortinet announced an update to the company’s FortiOS network security operating system, along with new releases for integrated reporting, APT and strong authentication.

Qualys CEO to deliver keynote at RSA Conference 2014
This keynote will discuss how we can shift the dynamic and use the cloud to defend against security challenges.

Security vulnerabilities found in 80% of best-selling SOHO wireless routers
Routers are an ideal target for cyberattackers because they can be used to eavesdrop on traffic sent to and from nearby enterprise access points.

Password Manager Pro gets SAML 2.0 support
The move enables integration with federated identity management solutions for single sign-on.

Malicious mobile apps on Google Play up 400 percent
RiskIQ announced research findings on the presence of malicious apps contained in the Google Play store.

What to expect at RSA Conference 2014
Avivah Litan, vice president and distinguished analyst at Gartner, provided her thoughts on what to expect at this year’s event.

FBI Director James Comey to keynote RSA Conference 2014
Director of the FBI, James B. Comey will provide a keynote presentation on Wednesday, February 26.

Photo galleries