QSC 2013: The Future is Continuous Security

It was a great time all around at the 2013 Qualys Security Conference. There were plenty of bright, energetic security professionals who are deeply engaged in their work to best protect their organizations against advanced threats. The opportunity to take part in so many quality conversations with such security professionals is something that just isn’t possible at the mega cons.

At the show, attendees enjoyed a preview of features that are upcoming in the QualysGuard Cloud Platform, as well as insight on QualysGuard’s continuous monitoring capabilities.

As Elinor Mills covered in her post, Qualys CEO Courtot in QSC Keynote Says Security Should Be Felt, But Not Seen, details on product enhancements were covered, including the increased focus on web application security and expanding the notion of continuous monitoring of the network perimeter.

The challenges associated with continuous monitoring – vetting systems for weaknesses and policy posture at enough of a periodicity required to mitigate attack risk – was a significant focus of the conference. One of the highlights included Director, Federal Network Resilience (FNR), U.S. Department of Homeland Security John Streufert keynote, in which he comprehensively detailed DHS’s efforts to boost the security, resilience, and reliability of the nation’s IT and communications infrastructure. That included the continuous monitoring as a service contracts the FNR has put into place for Federal, state, and local governments.

Their continuous monitoring efforts also include security dashboards designed to inform and prioritize cyber risk assessments across the government.

Mills provided a great overview of Streufert’s talk in her post, DHS Director Streufert: Continuous Monitoring Stops Attacks, Saves Money.

Of course, one doesn’t need to be the size of DHS to benefit from the implementation of continuous monitoring. Securosis analyst and president Mike Rothman helped put continuous monitoring in perspective for the rest of organizations, both large and small. In his keynote, he served attendees pragmatic advice on how they can incorporate continuous monitoring by informing attendees what continuous monitoring entails, and strategies detailing how to put continuous monitoring in practice.

I provided more details on Rothman’s talk in my post: Focus Continuous Monitoring Efforts Where Breach Will Cause “Blood to Flow in the Streets,” Analyst Says.

Securosis also just published their paper on continuous monitoring.

In the final keynote of the show, journalist and author Steven Levy reminded everyone what it is we truly owe to hacker culture. In short: just about everything we do today digitally. His talk hailed back to the hacking culture of MIT in the late 50s and and early 60s and up through modern times, including the Internet, and how hacking culture remains a crucial part of the fabric as such companies as Google and Facebook. You can find coverage on his keynote, in the post Author Steven Levy: What We Owe to the Hackers.

For security professionals based in Europe, be sure attend Qualys Security Conference 2013 in Paris (14 November), Munich (19 November) and London (22 November).