What can you learn from traffic analysis of RSA 2022 security conference?

Published on February 13, 2023

Possibly one of the older and largest security events is RSA event which happens on annual basis in USA. Large gathering of security professionals, general IT professionals, law enforcement and media personnel attend the event. The security monitoring infra was set up by Cisco and RSA for the 2022 year event. They had analysed the traffic and released report. The link is available in the article reference.

Some of the common findings which is called out the report include:

路 Username and password transmitted in plaintext
路 Clear text communication of VoIP communication, camera feeds
路 SNMP communication between the clients and the server using older and legacy protocols
路 Cryptomining and pornographic requests where observed
路 Download of information from the Internet continue to carry malicious files particularly in ZIP, EXE, DLL & PDF extensions

Positives observed include:

路 Password complexity analysis which was performed on clear text passwords, indicated complex passwords being at use
路 Bulk of the network communication over the Internet have been using SSL meaning secure transport deployed
路 Bulk of the traffic going towards corporates have following IPSEC based VPN ensuring the traffic is encrypted

While companies have improved on security still lot has to be done.Also for us to ponder - RSA event is attended by companies which is invested heavily in security and is wanting to improve further, so you would not expect basic issues to show up. Alas, delivering end to end services is hard and one has to be consistent in achieving that state. The observations in the report can be handled proactively by following:

路 Hardening and standardise configuration of systems
路 Network Traffic analysis at regular intervals atleast (better could be all around the year)
路 Solid and continuous assessment of applications deployed
路 Strengthen IT security practices ( follow what we preach and still do even better)
路 Lastly read the Cisco RSA report 2023 whenever it comes up to identify newer issues

As we head out to RSA 2023, Do you think if any of the findings in the report, applied to your organisation systems and services?

Reference:
https://www.cisco.com/c/dam/en/us/products/collateral/security/rsac-soc-findings-report.pdf
#RSA 2023 #Traffic Analysis #Security