Notes from the 22nd Annual FIRST Conference

Written by Chris Richardson Friday, 02 July 2010 18:24

Attention: open in a new window.

The 22nd Annual 2010 FIRST conference in Miami welcomed 470 attendees from 48 countries, and was by all accounts a success. The subject matter was as hot as the weather on South Beach and the hotel provided excellent accommodations and connectivity.

The evening events were superb, with plenty of chances to see all that Miami had to offer. While the agenda was jam packed with sessions of rich content, there was still plenty of time afforded attendees to commiserate, compare notes, and share best practices over the din of the Vuvuzela horns playing on TVs in the hotel bar. It's great to see CERTs participating in policy discussions because these are often the operational cyber-arms and frontline responders for governments.

The conference theme was "the faded perimeter," which is an excellent description of the security challenges IT staffs face as we enter the age of the cloud. For all the promises of efficiency in outsourcing, security professionals and incident responders are faced with a new challenge in cloud computing, which has all the usual vulnerabilities with far less visibility and control. Some key questions that came up again and again:

Where is corporate data and why isn’t it classified?

Who "owns the stack" when infrastructure, platforms, and software applications are outsourced to a partner?

Threat models continue to change, and some great presentations were given on "advanced persistent" threats using a variety of tactics within the same attack. Such attacks certainly are “persistent,” using a combination of social engineering third parties (such as friends of employees), spear-phishing, exploits on the local client, and even live chat from a compromised "trusted account" with the specific intent to gain super-user access privileges. These were all elements of well known attacks on some major corporations earlier this year. For incident response teams around the world, considering the various ramifications of attacks like this was very valuable.

The FIRST conference was truly well done. We are glad to be a participant and look forward to next year's conference in Vienna, Austria.

Set as favorite

Bookmark

Email This

Comments (0) Add Comment

Write comment

Cyber Thieves Steal Nearly $1,000,000 from University of Virginia College

Posted 09/02/10 - Krebs on Security

U.S. Businesses Could Lose Up To $1 Billion In Online Banking Fraud This Year

Posted 09/01/10 - DarkReading

Researchers Cripple Pushdo Botnet

Posted 08/30/10 - Threatpost

More News

IID ActiveInterest Blog

Phishing Trends Report for Q2 released

Internet Identity released its Phishing Trends Report for Second Quarter 2010.
Continue reading

Posted 08/19/10 - Heidi Harris

ISC announces a new way of delivering domain reputation data

Internet Systems Consortium (ISC) has announced that it would get involved in the growing market for DNS reputation data by creating standard mechanisms for reputation providers to send data to...
Continue reading

Posted 08/12/10 - Rod Rasmussen

Call 888.239.6932