BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Editor's note: This story has been updated. See more information below.
The largest annual gathering of IT security professionals is just weeks away, and while the year's trendiest topic will likely be security for the Internet of Things (IoT), experts say there are better topics for enterprise to follow.
On the agenda for RSA Conference (RSAC) 2015, taking place Apr. 20-24 at Moscone Center in San Francisco, there are nearly a dozen sessions that will involve the IoT, and an RSAC spokesperson said that speaking submissions related to IoT increased 450% compared to 2014. Encompassing a broad swath of devices that haven't traditionally been given Internet connectivity, many believe securing the IoT will be an increasingly pressing problem for enterprises.
However, Wendy Nather, security research director for New York-based 451 Research LLC, said that for now IoT will likely be nothing more than a curiosity for any infosec pro not involved in the actual making of an IoT device, and noted that threat intelligence will likely be a much more important topic.
"RSAC saw a lot of submissions on the subject of threat intelligence," said Nather, "so we expect to see that highlighted both in the sessions and on the expo floor, particularly since almost every vendor claims to have some now."
RSAC confirmed this, telling SearchSecurity that submissions referencing threat intelligence rose 300% over 2014. Experts have found that quality threat intelligence can improve event detection, alert triage and threat tracking in enterprise SIEMs. At RSAC 2015, there will be sessions covering the value of sharing threat intelligence (TI), using off-the-shelf tools to improve TI, and how to more quickly mature (or "potty train") your threat intel capabilities.
Bruce Schneier, author and chief technology officer for Cambridge, Mass.-based Resilient Systems Inc., believes that a topic that connects to threat intelligence and could be one to watch is incident response, which has been found to be a common failing. Many experts believe that enterprise security paradigms must shift away from prevention and -- accepting that breaches are inevitable -- toward rapid threat detection and response capabilities.
Schneier also suggested that high-profile stories like the Sony Pictures Entertainment hack would put a spotlight on topics like nation-state attacks and attack attribution at this year's RSAC, while Nather suggested that enterprises would do well to focus on detecting insider threats.
"User monitoring and insider fraud detection will probably be top of mind as well," Nather said, "as the complement to all the attempts at detecting breaches on the outside."
RSA Conference 2015 may be hard-pressed to top last year's all-time high for attendees. RSAC 2014 featured more than 28,500 attendees, 410 sessions and a total of 604 speakers. RSAC 2015 is expected to be even larger, according to a conference spokesperson, with more than 490 sessions scheduled and more than 680 total speakers slated to appear at the event.
Kicking off the conference for the first time will be Amit Yoran, who took over as president of RSA, the security division of EMC Corp., in October 2014. Yoran's keynote will mark a major changing of the guard for RSA, as it will be the first time in a decade that Art Coviello hasn't kicked off the event.
The former executive chairman of RSA and executive vice president of EMC, Coviello unexpectedly retired in February due to health reasons. Coviello joined RSA in 1995 and held the title of CEO prior to its acquisition by EMC Corporation in 2006. Coviello's first RSA Conference keynote was in 2004 and he had been associated with the event as far back as 1996.
One of the most well-known and respected executives in the industry, Coviello almost single-handedly reversed the tide of public ill will toward RSA in his 2014 RSA Conference keynote, debunking allegations that his firm inappropriately worked with the National Security Agency to weaken RSA's cryptography products.
Other corporate executives making keynote speeches include Scott Charney, corporate vice president of trustworthy computing at Microsoft; Christopher Young, senior vice president and general manager of Intel Corp.'s Security Group; Art Gilliland, senior vice president and general manager of enterprise security products for Hewlett-Packard Co.; Amit Mital, executive vice president of emerging endpoints and CTO for Symantec Corp.; and Martin Roesch, vice president and chief architect for Cisco Systems Inc.'s Security Business Group.
In addition to the security professionals, there will be keynotes from Secretary Jeh Johnson of the Department of Homeland Security, legendary swimmer Diana Nyad, author Zak Ebrahim and Pulitzer Prize winning author Doris Kearns Goodwin, and an interview with actor Alec Baldwin, conducted by RSAC program committee chairman and Blue Coat Systems Inc. CTO Hugh Thompson.
Beyond the keynotes, sessions and tutorials, RSAC 2015 will feature opportunities for attendees to earn continuing legal education or continuing professional education credits by attending track sessions and keynotes, and also features a number of special events, beginning with the Innovation Sandbox Contest.
The RSAC Sandbox is a space that will feature exhibits aimed at promoting "dynamic learning and networking opportunities." The space will feature a CSI digital crime lab, a live industrial control systems demo and SANS NetWars, designed to test the skills of security professionals.
This year marks the 10th anniversary of the Innovation Sandbox Contest, which is said to be aimed at exploring "new technologies that have the potential to transform the information security industry." The 10 finalists will demonstrate their technologies throughout the day, with a winner crowned at 5:15 p.m. on Monday the 20th, as well as a new award for "crowd favorite."
RSAC 2015 will also feature four Learning Labs, which will target security professionals with more than 10 years of experience for in-depth simulations and role plays. There will be a live cyber exercise simulating a nation state-sponsored attack, a corporate breach role play, a cyber-response wargame, and a hands-on to learn rechniques for implementing cloud computing and DevOps for improving security.
This story was edited to include updated data from RSA Conference on sessions, registration and speaker counts provided.
Executive Editor Eric Parizo contributed to this article.