London is host to two security conferences this week and the past “annus horribilis” has given them plenty to analyse, says Eric Doyle
Tomorrow sees the start of the Infosecurity Europe 2011 at Earl’s Court, probably the largest gathering of security professionals in Europe.
This is the 16th year of the expo but across London, in Clerkenwell, a smaller competitor is running its inaugural sessions. Security B-Sides is what it says it is. It runs “be-side” other security conferences and aims to record a flip-side view of the security scene.
Beside Ourselves With Anticipation
Security B-Sides is a franchise concept, a conference that has a ready-made format that can be taken up by anyone who has the resources to find a venues and attract speakers and an audience. While Infosec is expecting 12.500 delegates over three days, the one-day B-Sides has aimed at around 200 and was sold out in January.
Infosec has keynote speakers from industry names like Symantec, Kaspersky, Websense and BT. B-Sides does not rely on industry names but tries to attract people with ideas, deeper insights and a more down to earth view of the security threats and preventative or remedial processes.
White hatters, black hatters, grey hatters and, possibly, a few mad hatters will be allowed to present their views semi-formally. There is also an “unconference” thread where anyone can take charge of a room to deliver an ad hoc presentation or hold an impromptu “birds of a feather” meeting of like-minded delegates to hammer out industry issues.
When the alternative conference concept was born in the US two years ago, it was a response to the anodyne keynotes that usually litter the expos over there. It was probably the likes of Microsoft that started the turn from keynotes that addressed issues into a one hour product push.
Although this has infected some UK conferences recently, Infosec still has a reputation for scoping the entire industry and largely avoiding product puffs so it will be interesting to see how B-Sides compares and adds a new perspective on security conferencing.
Record Breaking Year
It is quite likely that Infosec will break its previous attendance records this year, following 12 months of intense hacker activity. Stuxnet and other powerful Trojans, WikiLeaks scandals and its accompanying Anonymous denial of service attacks, multiple data theft exploits, plus increased drive-by activity has focused corporate and government minds.
I doubt if there has ever been a time in IT’s history when security has been more to the fore in the technical agenda. As one door is bolted, it seems another is jemmied open. The days of the moated castle are over with the introduction of cloud technologies and mobile devices.
Attacks are becoming so focused on individual companies or members of staff within those organisations that even security companies like RSA, HBGary Federal and Comodo were all embarrassed recently in individual exploits. Even the European Union’s Carbon Exchanges were closed for weeks by cyber-attacks worth millions of Euros.
These attacks are difficult to protect against and can only be diagnosed by keeping logs of network activity to look for unusual activity. The old days of large-scale attempts to hit as many targets as possible have proved harder to perpetrate because detection of this genre of attack has improved.
Plenty Of Scope
Hot topics at this years’ conferences will be SQL injection exploits, phishing, mobile device app dangers, DDoS protection, advanced persistent threat attacks – the range of topics topping the bill is different from previous conferences but legion in its variety.
It all promises for a very interesting and educational time whether in the vast halls of Earls Court or the more modest rooms in Clerkenwell.