RSAC

Sec Johnson did talk about improving ability to share info to enhance cybersecurity while protecting privacy..not sure I buy this

.In security, there are no silver bullets; that, we all know. But it can help.

@in_focusmktg Jeff what do you see out there at the event? Is there urgency? what are some solutions enterprises are moving too now

more and more orgs want to engage in active response - active response is beyond just block and tackle - it is focused to reduce time and improve confidence

.I'm not seeing any more urgency than usual, but there's definitely a great deal of interest in dramatically increasing visibility throughout the network, and significantly decreasing response times. Those are the two main pain points I keep hearing.

What are companies doing with data? This is a hot topic?

if by "share" you mean "send us all your IOCs" then yea, the government is doing a *great* job sharing.

This is a touchy subject for our customers. Want to share, but can't share PII. What information is useful w/out revealing customer data?

use cases and solutions or examples - high level is good; don't have to share customer data

. @splunk the buzz in hallways (virtual too) was how to gather threat information to be ready was a big concern

. @splunk A majority gather 'threat intelligence' from the #security community at large. It's a combination of things; vendor product, public and #opensource feeds.

another issue is employee mistakes whch enable external attacks

.That's a great point. A lot of people make the mistake of seeing Enterprises as different from consumers ... but remember, Enterprises comprise consumers! Enterprises likely have more robust security controls, but the individuals still need to be educated

. @splunk Post Snowden era is about systems that have UX and #bigdata capabilities to move fast on any front - security problem is omni-directional

@Splunk My top security concerns continue to be the fact that we still lack visibility. How can we defend while blind? How can we fight what we can't see?

.Well said @dimitrimckay. If you don't know what you don't know, you can't do your job - the point is moot. But if you can see the issues, you at least have a fighting chance.

security is definitely a board roam issue. but its not enough to punt to the board. it is the responsibility of the practitioners to escalate requirements in an outcome focused fashion.

and on the other side, it's the responsibility of the boardroom to drive security from the top with headcount and budget.

@dimitrimckay Who does the #CISO report too? thoughts from #splunk gurus?

The board. Otherwise there's a potential for bias.

There’s an old adage that goes something like, “If you build a better mousetrap the world will beat a path to your door”; flipside to this, esp in the world of cyberdefense, viruses, malware, & worms is that somewhere out there building better mousetrap

.The demo focused on a new release of the App for Enterprise Security, version 3.3. It includes user activity monitoring and support for STIX/TAXII and OpenIOC.

. @furrier Our shirts tend to be a big hit. Our newest one "I see what you did there" is a nod to the new features in our Splunk App for Enterprise Security.

What is the beer of choice for #splunksecurity staff? had to ask

.I can't speak for the others, but my personal favorite is Fat Tire! Best at the source in CO, but I'll take it in a bottle here in CA any time!

I just interviewed Stone Brewery yesterday and they have a "sick" tech IT team

Craft beer is my fav.. ok back to RSA

I prefer my own beer... But I enjoyed a Pliny last night watching the #sfgiants

@ESBAle nice win last night for @sfgiants

I was at the game last night. Drank tecate and bud light

How many Facebook accounts are compromised every day?

.@furrier lack focus on the part of the organizational leadership, technologies that don't work together, lack of transparency about attacks

. @monzymerza lack of focus in terms of mindshare or awareness to tooling for predicting or handling incidents and breaches?

What percentage of emails sent over the Internet are spam? #splunksecurity

lack of focus on the attacker persona and the use cases. many of the less mature orgs are trying to protect everything from everyone- hence protecting nothing

And there's still the expectation out there that defense is a technology problem. Organizations continue to lack on the side of people and process. There's no easy button!

People have always been, and likely always will be, at the heart of any solution. The best technology isn't standalone - it *enables* the people!

.@furrier We could answer that question but it would be a little too self-serving ;)

I'll rephrase "what is the buzz at RSA on data analytics"?

.Pulling in as much *raw* data as possible improves visibility and increases the speed of searches.

time is the most important resource we have. Reducing time to identification, mitigation and remediation is the top priority. Wasting time searching silo after silo for the same data is a waste of that resource.

My company, @GuardAnalytics, uses data to determine the behavior profile of account holders. Fraudsters try, but usually do something odd

. @TriciaRansom that sounds like a great solution. share a video or link for more info - thx

Detect Unauthorized Webmail Access using Behavioral Analytics: https://youtu.be/5zB... @GuardAnalytics

Here is ERIC LABADIE, VP Global Sales and Channels for @GuardAnalytics showing an overview of how Behavior Analytics work: https://youtu.be/E9u...

none.

there is a diversity of maturity across all verticals. the mature organizations view security as a continuous improvement process

What do customers do? What has #splunksecurity learned working with customers? Lots of unstructured data

In 2013 Kaspersky Labs detected almost 3 billion malware attacks with over 1.8 million malicious programs detected in these attacks.

computer viruses and worms are seeing a trend towards surprising technical complexity that he believes will eventually culminate in self-automating viruses that no longer have a human intelligence driving their proliferation, action, and activation

When the machines attack via Skynet, it will be an autonomous virus that starts the process. Death to humanity. #terminator :)

> This is a must watch video. Especially the last few sentences, very very powerful.