RSA, once an EMC subsidiary and now a Dell Technologies subsidiary, hosts one of the largest security conferences every year in San Fransisco at the Moscone Center. This year in 2019, the conference brought in over 42,500 people to watch 31 keynotes, 621 sessions, and interact with more than 700 vendors inside the expo.
While visiting the Dell Technologies booth we picked up a pair of these bad babies:
The top 10 finalists get a three minute spotlight on the center stage of the innovation sandbox stage. One of the best presentations and Finalists Kevin Gosschalk from Arkose Labs gave an impressive delivery in presenting the Arkose Labs new product.
Sun Tzu Once said: Convince your enemy that he will gain very little from attacking you. This will diminish his enthusiasm.
How the captcha attacks work:
Common captcha tests utilize unsupervised ML with a large data set of user input to determine the most “popular” response that ultimately determines the correct response. This leaves room for large scale bot attacks to input false data thus giving the most popular response to the wrong captcha selections…
Ever wonder why sometimes the captcha you entered was incorrect? Or, maybe they are just outdated safety measures and difficult for use humans to decipher when the corner of a stop sign fills 5 pixels of one captcha square.. <face palm>
This is a common error in the AI unsupervised learning models. The model is as only good as the data it receives, and on the contrary can even start to ‘outsmart’ humans with technicalities.
What Arkose Labs is offering:
Their platform aims to mitigate account take overs from bot manipulated captcha’s attacks with a new design much more sophisticated to outsmart the bots and give power back to the humans.
It offers protection from multiple vectors including but not limited to fake account creation, spam, brute forcing, fake reviews, website scraping, and account takeover attacks.
At the time of RSAC 2019 had already eradicated over 100 million dollars in fraud. And provides a 100% SLA guarantee… Impressive.
Other Finalists and Presenters:
There were many other finalists and presenters that had impressive products and presentations and we will give a quick shout out to:
Disrupt Ops – AWS IAM access automation. IAM management is a hassle, trust me.
Capsule8 – Intrusion prevention and anti-virus, made by blackhats to fight blackhats.
Axonius – “The Toyota Camry of Security” and definitely on the path for acquisition, if they haven’t been acquired by now.
Duality – homomorphic encryption that allows encrypted information processing and transmission for end to end data protection.
Highlights from RSAC:
The Wireless Village – If you are looking to learn, this is the place. I was able to get my hands dirty with the smartest techies in the room and bathe in the RF waves.
NIST post quantum cryptography session – was the meeting with the ever rare security unicorns, cryptographers, discussing how to best prepare our networks and algorithms for the quantum leap.
Bugcrowd Afterparties – Bugcrowd knows how to throw down. They hosted a packed party: Mayhem at the Mint, inside an vintage gold minting facility in the heart of San Fransisco. We were able to catch up with some great friends and make some new ones, thx @Grifter801.
In short, it’s a great conference and look forward to the next. It’s a great place to network and attend some great tracks to get immersed into the many different fields of study that security has to offer. Though their are some other more hands on events, this is still a recommended conference for any security professional.