Updates on RSA 2018, GDPR, and Cloud Security: Shieldcast

Testimonials

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged.

Updates on RSA 2018, GDPR, and Cloud Security: Shieldcast - Spring 2018

QASource | May 30, 2018

RSA Conference 2018 Highlights

We attended the RSA Conference 2018 to support our customers who were exhibiting in the security domain.

RSA 2018 was an inspiring opportunity to meet other security professionals and learn from each other. The conference was full of actionable intelligence on how to combat security breaches and avert costly information security scenarios, not to mention the information on thousands of tools, solutions, and technologies.

Key Takeaways

New attack techniques uncovered
- Repositories and cloud storage data leakage
- Hardware vulnerabilities like Meltdown and Spectre
- Cryptocoin mining
- Big data analytics, de-anonymization, and correlation
- Exploitability in ICS/SCADA
Upcoming innovative security products
- Gave an overview of what's coming next in security. For details refer to: https://www.rsaconference.com/library/blog/this-years-innovation-sandbox-theme-taking-humans-out-of-the-security-equation

GDPR

This is the biggest development in years for data privacy regulations. GDPR stands for General Data Protection Regulation, which is now applicable in regard to all EU citizens. Under this new set of regulations, all organizations must protect the personal data and privacy of EU citizens.

Data protected under GDPR

Person's name, address, heath-related data, biometric data, racial or ethnic data, data about any opinion, web data like IP address, etc.

Non-compliance would cost

Customer trust loss, compensation claims, and heavy penalties

What to verify in Cloud Security

Evaluation – Tools and Technologies

Tenable.io Vulnerability Management

Tenable.io Vulnerability Management is the solution for ensuring security of data on cloud. It is a widely used tool for cloud security assessment.

This tool works with Microsoft Azure, Salesforce, Rackspace, and AWS but does not support Google Cloud Platform.

Some of the crucial checks at application and cloud environment level.

Application
Rogue authentication, unauthorized user access
Unauthorized database access (sql injection)
HTTP header injection
Fake encryption check
Is device information available (like OS, etc)
Can device be used as a host for malicious activities
Rogue ftp/api access
phpmyadmin vulnerabilities
Rogue cookies use

Cloud
Compromised SSL security - self-signed/old certificates, weak ciphers
Secured data visibility in public network, anonymous ftp enabled, https not used, sql injection
How well the network is protected, wrt to routers, data-packets, encryption protocols
Are the various user rights properly working
Identify how well the virtual machines isolate your workload

For detailed information refer: https://www.tenable.com/products/tenable-io/vulnerability-management

Have Suggestions?

We would love to hear your feedback, questions, comments and suggestions. This will help us to make us better and more useful next time.
Share your thoughts and ideas at knowledgecenter@qasource.com

OVERVIEW

QA Services

OVERVIEW

Expertise

OVERVIEW

Industries

Testimonials

OVERVIEW

Knowledge Center

OVERVIEW

About Us