Some quick RSA thoughts before I jump into the next jam-packed day of sessions:
- Changing world of ransomware. Just when you thought that ransomware was only a problem for your PC, now we've got mobile ransomware. And the mobile versions are perfectly content with “only” locking you out of your device, according to John Miller of iSIGHT Partners. Ransomware for mobile seems to prevalent on Android today, but there are trick used to even get at iPhone users.
- Many security systems are not turned on. This was something I learned that at a Gigamon-sponsored panel discussion. Afterward, I got curious and exchanged notes with Ken Guzik, a noted UX expert (he designed VMware’s vCenter UI). We agreed that many of the tools shown on the show floor can use a lot of design help, and they don’t help you with workflow — in other words, they don’t tell you what you’re supposed to do to get your task done. They just sit there and show a nice dashboard, like in a NOC (network operations center).
We both thought Juniper did a good job with their UI, and had a clean look on the iPad, but some other unnamed vendors had a long way to go. My takeaway — if threats aren’t dealt with because the UI is hard to use, it’s a shame. The core function of packet and network flow inspection may be done well, but if people can’t discover how to use it, and enable it, then it’s wasted. To be fair, we couldn’t evaluate all the apps shown at the expo, but we saw a pattern in which usability was not a top priority for many firms.
- The art of hacking humans. Zee Abdenlnabi (In-Vehicle Security Engineer) had a lot to share about hacking people. Learning about a person, getting some empathy and buying the right donuts goes a long way toward establishing rapport. It can be used in a positive way (building teamwork), but it can also be used for evil as well. Humans run on a set of rules — much like an operating system — and knowing how one operates gives people great insight into what they're going to do next.