RSA Conference 2016 Recap

MobileIron is reporting live at this year’s RSA Conference in Moscone Center, San Francisco from the Exhibitor area, Booth #3120. Rethink: Security will be providing summary daily coverage of some RSA Conference 2016 sessions you may have missed. Session presentations are available on the RSA Conference website at the end of each day.

Day 3 - Thursday

Continuing on my trek to find Information Security experts and thought leaders brought me to Aaron Lint and Dave Lewis. There were a lot of very interesting sounding talks at RSA Conference - I wish I had more time to sit through them all. That being said, I selected one of the early morning sessions to pick up some tips on Android malware analysis. Post malware analysis, my morning was all about cyberbattling and testing my cybersecurity metal in SANS NetWars. Thursday was epic!

Mobile Perspective Podcast

Walking around the Exhibitor floor I found Aaron Lint, the Chief Scientist at Arxan. Arxan is a security research and software manufacturing company based in Bethesda, Maryland. Lint detailed how mobile affects Arxan, the threats they see, security impact on smartdevices, and his comments regarding the AppConfig Community being a good start to creating a consistent way of configuring and securing mobile apps, but additional layers of protection will be required. Take a listen.

Dave Lewis is a Global Security Advocate at Akamai and spends his spare time writing for CSO Online and Liquid Matrix. Lewis talks about how some companies in their mobile journey rush to deploy apps and content, then later address security further down the road rather than sooner. Take a listen.

Mobile Malware Research

Having done a little bit of mobile malware research myself, I’m always looking for some new tips, tricks and traps to improve my game. When I saw a session titled "How to Analyze an Android Bot," giddy childlike excitement came over me. Kevin McNamee, Director from Nokia Threat Intelligence Lab, delivered the presentation in the Moscone West building.

McNamee’s presentation covered an intro to malware analysis, the tools used, the lab configuration for Android malware research, and screenshots of a demo to wrap things up. I appreciated how he began with the reasons to analyze malware and build a library of detection tools. I would have liked to have seen some examples of their labs’ detection rules or at a minimum a redacted example. This type of information could be very helpful to anyone comparing notes or who have never seen detection rules in detail before.

The remainder of the presentation covered using tools such as Android Studio for ADB and AVD, APKtool for expanding and rebuilding APKs, dex2jar to convert the Dalvik byte code to Java, and JD-GUI to explore the Java source code. And of course who can forget to launch WireShark for network traffic analysis in an isolated network. A collection of these tools can really slow down analysis, but McNamee explained how they automated everything, which really saves copious amounts of time.

The screenshot demo was a bit lackluster. Sorry, but a video of a custom script which runs through all of the tools with output along the way for the sake of visual aids would have made a stronger impact. Nonetheless, the final overview and walkthrough of the NotCompatible malware which uses the victim's phone as an anonymous browsing service was very thorough. The biggest eye-popping data was that of an unsuspecting Finnish person who was roaming in the United States who within less than two hours of airtime, had used over 165MB of web proxying. Imagine calling your carrier to try and talk your way out of that bill.

Cyber War Training Simulations

In 2013, I wrote an article covering the importance of participating in security war games as a complimentary method of traditional education. If you truly want to protect your network, your data, your everything from attackers, it’s important to learn how to think, act, and penetrate like a cybercriminal.

SANS provides the traditional classroom and lab training most, if not all, technical professionals have experienced at some point in their career. Being a progressive and cutting-edge learning institute, SANS also has NetWars. As stated on their, “SANS NetWars is a suite of hands-on, interactive learning scenarios that enable information security professionals to develop and master the real-world, in-depth skills they need to excel in their field.”

Even with advanced registration, I was very lucky to find a seat during the RSA Conference at the NetWars competitions held during the morning on Wednesday and Thursday. The arena was packed with IT and Information Security warriors who were clamoring to jump into battle. Invariably, every CTF (Capture The Flag) competition I have participated in results in some form of technical growth. They are worth the time and preparation.

What I appreciated the most about NetWars was the five level game progression from a local user on Xubuntu 14.04, to rooting the virtual box, to attacking a gateway box, to pivoting from that gateway box, to a PvP (player-vs-player) attack and defend style. At each level was a series of challenges that became increasingly difficult worth a balanced point value.

My only complaint about NetWars at RSA Conference was the three hour tournament time limit. I wanted more! I was just getting settled into hacking at hashes and some light weight steganography when time ran out. The challenge I present to you, is finding a local or online CTF where you can sharpen your skillz. Alternatively, you can sign up for NetWars Continuous Play where you can compete with the best, after you learn from the best.

Hope you enjoyed our Thursday recap of RSA Conference 2016. There is one more to come and remember to keep checking the RSA Conference web site for the slide decks to the presentations mentioned here, as well as many others.

No security, no privacy. Know security, know privacy.

Day 2 - Wednesday

While there are so many sessions and hands-on labs to attend at RSA Conference, I like to spend some time in the Exhibitor hall to learn about new tech from other like-minded individuals at other companies. I have also been seeking out Information Security experts and thought leaders to interview for mini-podcasts which run for about 5- 9 minutes.

Mobile Perspective Podcast

I was fortunate enough to catch up with Wolfgang Goerlich, Director of Security Strategy and security blogger from CBI. CBI is a security consulting company based in Ferndale, Michigan. Goerlich provided some great insights into how mobile affects CBI, the threats, the impact of productivity when security is introduced to smartdevices, and his opinion on AppConfig. Take a listen.


This year at the RSA Conference there were a few hundred exhibitors spanning across two buildings of the Moscone Center. The Exhibitor Hall is overwhelming with products, pitches, prizes and demos. Out of all the conversations I had that day, there were three companies that I decided to feature in this recap: Arxan, Recorded Future, and ServiceNow.

I had the extreme pleasure of chatting with Aaron Lint, Arxan's Chief Scientist, about their offering. At their booth, Lint provided an initial high level overview, “We help build trust inside of software by empowering them to defend themselves.” Their solution includes protection of desktop and server applications, as well as mobile apps. Generally speaking, the Arxan tech provides another layer of protection on binary executables without the additional overhead hit of decision processing commonly found with similar solutions. Arxan software can be found on over 500 million devices-- inside apps from banks, health care, digital media, and more. It prevents binary tampering, code extraction, and cryptographic key theft.

You can compare Arxan's tech to the Tootsie pop analogy; the app is the soft middle and Arxan is the hard shell. Aaron also agreed to be interviewed for our Mobile Perspective podcasts, so stay tuned!

ServiceNow is a leader in the service management business. While at the RSA Conference, they showcased a new app to help with mobile incident response. If you are a current Enterprise Mobility Management user, now you can have security incidents automatically or manually created within their new ServiceNow Security Operations. An exciting feature of Security Operations called Security Incident Response Application identifies when critical incidents occur and dynamically initiates workflow. An example of how it operates is, if a mobile device falls out of compliance, the ServiceNow Event Management Application will automatically create a security incident. Manual security incidents can also be created by an enterprises helpdesk team investigating an issue. Examples of security incidents that can be manually created are as follows.

Manually create security incidents from:

  • Incidents
  • Security Incident form
  • Self-Service Security Incident Catalog

Manually convert any of the following into security incidents:

  • Security request
  • Existing alert
  • Vulnerability record

Additional details regarding Security Operations can be found on the ServiceNow website.

The seven year old company based in Boston, MA. known as Recorded Future solves an interesting problem for people seeking out threat intelligence. They have agents using natural language algorithms to seek out plain text blog articles, social media feeds, etc. about security topics, threat actors and information you need to keep your network secure. While at their booth, I spoke with Matt Kodama, Vice President of Products. Matt described what Recorded Future is doing as, “building a massive machine to bring all of that data to you in two ways.” One way is collecting external data about tactics, techniques, and procedures regarding what is at risk and how to react sooner. Second, Recorded Future also provides business intelligence for security executives by helping source information they need in a report format before they make investments in their infrastructure. As Matt put it, “We are wicked good at turning text back into information."

Hope you enjoyed our Wednesday recap of RSA Conference 2016. There will be more to come and remember to keep checking the RSA Conference web site for the slide decks to the presentations mentioned here, as well as others.

No security, no privacy. Know security, know privacy.

Day 1 - Tuesday

The theme for this year’s RSA Conference is “Connect to Protect.” In Day 1, it was evident how the theme was heavily correlated with the various sessions that were offered. The verbatim description of the theme is available on the RSA Conference Themes webpage. In short, my interpretation of the theme is that humanity has been connecting with each other in many forms over many years. The Internet has become the central nervous system for modern communications. RSA Conferences stands behind how people and businesses can securely connect with people to share ideas and collaboration.

My RSA Conference experiences for Tuesday have been very interesting on a few fronts. With the recent events in San Bernardino, it is no surprise that several of the keynotes either directly stated the tragedy or made references to personal privacy, encryption and government control over technology. MobileIron’s official response regarding privacy and the Trust Gap between employees and employers was featured previously on the Smart@Work blog. On Tuesday, I attended talks in the General Interest, Human Element, and Expo Briefing tracks. Sessions presented by Stephen Balkam, Jason Street, Samantha Davison, and Jon Porter brought “Connect to Protect” to life, highlighting the following areas: protection for children connecting online, social engineering, gamification to engage end-users with security awareness programs, and mobile challenges.

Our Connected Lives

Balkam’s talk titled Risks, Harms and Rewards of Our and Our Kids’ Online Lives provided a brief history of how we evolved in about 20 years from being concerned about our kids finding adult content and predators online to cyberbullying, inability to disconnect, and disclosure of personally identifiable information. This concern extends beyond children and addresses the growing concern of millennials becoming so connected with smartphones that they are missing opportunities to connect with their children if they were to have their own. Along the same topic of child online safety, I spent some time at the CyberSafety Village speaking with (ISC)2 Safe and Secure Online, Hacker Highschool, CyberSecurity Alliance and Stop. Think. Connect. These are all outstanding resources for anyone interested in what can be done to protect our future cybercitizens.

Human Element

Jason Street from Pwnie Express never fails to entertain while educating on security awareness and best practices. As he points out with his opening slide using kittens, he’s one of the good guys, but he gets his message across by being professionally nefarious. Street's session titled Breaking In Is Easy – Breaking Bad Habits is HARD! recounts his adventures as a social engineer where he was able to break into a bank in the Middle East masked as the bank’s “tech guy,” a government facility, and a French hotel by only speaking the word “Bonjour!” His end message was this: Security professionals can use all the tools they want, but if an attacker is determined enough to get in, they will. Educate all of your employees to comply with security policies no matter what. And when it comes to physical access, don’t let human nature be the vulnerability; they will get in.

Samantha Davison is an uber Security Awareness and Education Program Manager at Uber. Within 2.5 months, she helped turn the “sad panda” security awareness program at Uber into the “happy but tired panda,” as Davison described it by utilizing gamification in their program. Davison went medieval on Uber employees by bringing in the successful book and series “Game of Thrones” themed based security awareness program. Without going into too much detail, the idea was to reward employees who practiced good security practices and got engaged with the program, employing leveling and rewards systems to invoke competition. The summary end results was that the program had 70% engagement, and a 54% increase in security reporting over the last 4 months. Mother of dragons!


Jon Porter from NowSecure, formerly viaForensics, presented in the Expo Briefing Center on Five mobile security challenges facing the enterprise. The list of challenges included in order are:

  • Visibility
  • App Security
  • OS Vulnerabilities
  • Intelligence
  • Mobile Incident Response 

These all highly resonate with Rethink: Security readers. Porter also communicated approaches to these specific challenges and metrics, similar to much of the information provided in MobileIron's latest Q4 Mobile Security and Risk Review. The expection to these was Mobile Incident Response, which Porter explained is mainly taking proactive steps about your mobile environment using MDM. I agreed with his biggest recommendation: to take historical data comparing what's known vs. new will help enterprises streamline analysis and future prevention of any security incidents.

Hope you enjoyed our recap of RSA Conference 2016. There will be more to come and remember to keep checking the RSA Conference website for the slide decks to the presentations mentioned here as well as other sessions offered at the show. 

No security, no privacy. Know security, know privacy.

David Schwartzberg

Sr. Manager, Security & Privacy for MobileIron

About the author

David Schwartzberg, CISSP, GMOB, is Sr. Manager, Security & Privacy for MobileIron. He has 23 years of information security and information technology experience. Specializing in mobile device management and security, David works closely with technology executives and security professionals to help them protect corporate secrets and remain compliant. In his spare time, he co-founded Hak4Kidz,, and has blogged for Dark Reading, Naked Security and Baracuda Labs. David has spoken at conferences including: RSA, ISC(2) Congress, Black Hat Arsenal, BSides, Converge, DerbyCON, GrrCON, OWASP AppSec, THOTCON and Wall of Sheep Village, among others. You can learn more about David from his Linkedin profile and follow David on Twitter @Dschwartzberg to see what he has to say on the industry and conferences.