Privilege Was Everywhere at the RSA Conference

We’re back from a whirlwind week at the RSA Conference – and what a week it was! This year broke attendance records as security pros from around the globe traveled to San Francisco to listen to more than 700 speakers in more than 400 sessions on a wide range of topics from today’s dramatic infosec talent shortage to the critical need to keep our kids safer online to our own popular session on “Privileged Account Exploits – the Point of No Return.” Now that we’re back – and in between catching up on email (and sleep!) – we reflect on some of this year’s highlights:

Numerous sessions, panels and one-on-one conversations throughout the conference underscored the hard, cold truth that attackers will find a way to get inside your organization, no matter how you try to stop them. As the focus has shifted to the battle within the network, many security researchers, practitioners and vendors alike have observed a common attack link: privileged account exploits. So while you don’t know who and you don’t know when, you do know what motivated attackers are after. This year, we saw a surge of attendees seeking innovative ways to break the attack chain by defending what really matters. And from the moment the show floor opened to the second it closed, the CyberArk booth was jam-packed with people participating in interactive demonstrations of our Privileged Account Security Solution to learn how to better protect against, detect and respond to attacks, before they strike vital systems and jeopardize business.

Privileged accounts grant extensive control over sensitive data and IT systems. They’re pervasive in every organization, they’re often over-looked and they can be powerful weapons in the wrong hands. Recent, highly publicized pass-the-hash attacks targeting privileged accounts from Anunak/Carbanak to Sands show how these exploits have grown increasingly sophisticated. So it’s no wonder our RSA session, “Privileged Account Exploits – the Point of No Return,” delivered by Adam Bosnian and Yair Sade was so crowded – we couldn’t even get into the room to take a picture! In addition to exploring a series of real-world attack scenarios and pinpointing the common attack denominator, attendees walked away with actionable steps for stopping advanced threats by blocking the privileged account pathway.

Privileged account credential security – or lack thereof – was a highly prevalent discussion driver throughout the week. In fact, CSO’s Steve Ragan pointed to insecure credentials as one of the top three themes for the whole show. He cites an RSA talk that revealed millions of point-of-sale (POS) systems used around the world are vulnerable today because they are protected by the same default password that hasn’t been changed for 20 years. Making matters worse, many of these vendor’s customers have never changed this password on their PoS systems once they have shipped. This revelation is just one example of how off-the-shelf software has exacerbated the already complex privileged account challenge for organizations. Edward Snowden may have said it best when he remarked to HBO’s John Oliver earlier this month in an interview from Russia, “Bad passwords are one of the easiest ways to compromise a system. For someone who has a very common, eight-character password, it can literally take less than a second for a computer to go through the possibilities and pull that password out.”

PrivilegePinAnd last but not least, the accessory du jour at this year’s RSA Conference was the blue CyberArk “Privilege Is Everywhere” pin, which helped illustrate the pervasiveness of privileged accounts throughout the enterprise – from a network’s infrastructure to applications and into the cloud – and reflect a top-of-mind challenge for many RSA attendees this year.

Thanks to our customers, colleagues and peers for another fantastic RSA show. See you next year!