Wednesday, April 30, 2008
Thursday, April 24, 2008
Wednesday, April 23, 2008
Friday, April 18, 2008
Thursday, April 17, 2008
Tuesday, April 15, 2008
Writing this while waiting to board my return flight to Sao Paulo. Itâ€™s good to write after a few hours far from the conference, as it gives me a better view of what really impressed me most. I agree with other bloggers that mentioned the lack of innovation this year. However, it was expected.
I think I can mention some highlights. Black Ops, Sins of Our Fathers, Avoiding the â€œSecurity groundhog dayâ€, the DLP Panel, Ajax Security were very good in terms of presentation and discussion, but honestly, nothing new from them.
The best sessions for me were Bruce Schneierâ€™s and Malcolm Gladwellâ€™s. Both talked about human perception and the way that we think. Schneier has already published some things about it, especially about the way thaty we perceive Risk. Gladwell presentation was very interesting even if it wasnâ€™t related to security at all. He talked about decision making, but not common decisions, but those made unconsciously. I think there are lots of situations in security that can benefit from his theories. The way that we assemble and conduct security monitoring centers, for instance, can be radically changed. By reading his book (â€œBlink: The Power of Thinking Without Thinking
The exposition was kind of sad. Tons of â€œappliancesâ€ providing solutions to problems defined by the vendors themselves. Lots of vendors talking about how their products provide very nice reports, but what about detection, prevention? Can all the problems in security be solved by a nice report with some pie charts?
The networking aspect, by the other side, was terrific. I met lots of people who write very good blogs, people that I found that are reading mine. I hope to be able to attend to the conference the next years to maintain all those contacts. Thumbs up for Martin McKeay, Jennifer Leggio and Alan Shimmel for organizing the bloggers meetup. It was very good and an extraordinary opportunity to chat with people that I respect a lot. Thanks!
Thursday, April 10, 2008
Wednesday, April 9, 2008
Thursday, April 3, 2008
- Data leakage/loss protection (DLP)
- Identity and access management (IAM)
- Network Admission/Access Control (NAC)
- Digital rights/Enterprise rights management (DRM/ERM)
- Seamless encryption based upon "communities of interest"
- Information classification and profiling
- Deep Packet Inspection (DPI)
- Vulnerability Management
- Configuration Management
- Database Activity Monitoring (DAM)
- Application and Database Monitoring and Protection (ADMP)