Take Aways from the Data Connectors Tech-Security Conference

Last week, I attended a free one-day conference hosted by Data Connectors.  Sometimes free conferences aren't worth the time it takes to get there, but I was really happy with this one.  While all the presentations were vendor sponsored, the majority were product neutral and really shared some decent content.  In addition to the vendor presentations, there was a decent sized expo area with other security vendors to peruse.

Here are some of the stats and tidbits I left with. As some of the themes overlapped throughout the presentations, so I'm not going to attribute each bullet point to a specific presenter.  However the presentations were sponsored by the following companies: WatchGuard, Axway, Sourcefire, Top Layer Security, JCS & Associates, Kaspersky Lab, Cyber-Ark, FaceTime and Arora / McAfee.  You can learn more about the presentations specifics and download some of the slide decks here on the event agenda page.

End Users

• End users in the workplace expect to have access to the web and popular web applications, however 25% of companies need to update their policies related to web use. Instead of addressing the policy issues, companies simply block access to web applications entirely.
• End users need more education about threats like email scams, pop-ups offering anti-virus solutions, links sent via social media sites, tiny URLs, etc. End users are your biggest threat - often due to error or accidents.
• The average employee spends 3 hours a day doing non-work items on their computer.

General Company Security and Policies

• Consider reviewing and improving on your file transfer management practices. How do people share data within your organization and externally? Is it secure and managed?
• Most companies feel secure, but aren't really. Check out http://www.idtheftcenter.org/ for a list of companies that have experienced data breaches. Many companies simply rely on their vendors to declare that they are secure and protected.
• Consider using different vendors to protect your data at different levels. Different vendors use different mechanisms to detect and deter threats.
• As an administrator, you have to review logs on computers, firewalls, servers, etc. This way you are familiar with what is "normal" and can easily recognize potential breaches.
• Consider data encryption as means to enable your company to meet regulation compliance. Encryption technology has evolved and it doesn't have to be as painful as it has been in the past.
• You should patch all your computer regularly - don't forget that your printers, routers and switchers are computers too.

Browsers and the Internet

• The top Internet search terms that are likely to lead you to site with malware on it are "screensavers" (51.9% chance of an exploit), "lyrics" (26.3%) and "free" (21.3%).
• In 2009, the Firefox browser had the greatest number of patches and overall, vulnerabilities in applications exceeded operating system vulnerabilities.
• The web browser is the #1 used application, but the patch cycle for browser add-ins is slower than for other applications and operating systems.
• Drive-by downloads are still the #1 way to exploit computers.

Sometimes I leave conferences scared by the massive list of items that I feel I need to address, however, I left this conference with not only some tasks in mind, but some great leads on how to go about completing those projects.  Check out the Data Connectors events list to see if there is a similar conference coming up in your area in 2011.  They have well over two dozen other planned dates across the US, including Los Angeles in January and San Jose in February.