It's now February although you'd never know it from the balmy winter here in Boston. Aside from Valentine's Day, February is significant because it is when security geeks from around the world get together in San Francisco for the RSA Conference.
The show doesn't start until 2/27 but you can feel the anticipation in the air across the whole security community. That's a good thing since 2011 was an especially difficult year - some have even labeled it "the year of the breach." Hmm, what happens if 2012 is even worse - which is not unlikely?
In any case, RSA is always chock-a-block with a number of common themes. Here's what I am anticipating, as well as my editorial comment on each.
- Threat/malware management. This is a very important topic as Advanced Persistent Threats (APTs) and other types of sophisticated malware demonstrate that our existing security defenses are inadequate. I'm hoping to hear some good intelligence about cyber adversaries, and discuss best practice modifications around security processes and defense-in-depth controls to address these increasingly dangerous threats. Interesting vendors in this space include Countertack, Damballa, and FireEye, as well as old guard companies like Sourcefire and Trend Micro but I'm interested in hearing from others as well.
- Security intelligence. Security situational awareness is marginal at best at many enterprises. Why? Lots of firms don't have the right skills or tools in place while others need visibility to more host systems, applications, and network behavior. As I've said many times, this makes security a big data problem (I'm on a panel focused on this topic) and I'm interested in learning how the industry plans to address this. I'll seek out HP, IBM, LogRhythm, McAfee, and RSA on this topic.
- Security services. With security skills in short supply, the security service providers must be seeing lots of activity. Good discussion for Symantec, Unisys, and Verizon.
- Mobile security. Yeah, I know about the malware and poorly written applications and I do see a lot of interest in this space. That said, ESG has yet to see a lot of demand for mobile security technologies. I expect a lot of buzz over mobile security, even if no one is making any money.
- Cloud security. A complex topic but all I anticipate seeing at RSA is simple and tactical solutions (unless I get an architectural overview from Amazon, Google, or Rackspace).
- Data center network security. We've had firewalls, IDS/IPS, and gateway devices forever but network security is still a major area of investment for enterprises. Data center network security is particularly challenging these days as large organizations deal with massive data center scale, web-based applications, and server virtualization/cloud. Does anyone offer a highly-scalable physical/virtual data center network security architecture? Good question to bring up when I talk to Cisco, Check Point, and Juniper.
- Enterprise security software architecture. In the client/server days, departmental applications were subsumed into enterprise ERP systems. This same type of integration/centralization has to happen with security technologies. Which vendors understand this and know how to build scalable software security architecture a la Oracle and SAP? My goal is to find out.
Like all other similar events, RSA has its share of cocktail parties, tradeshow gimmicks, and give-aways. Entertainment is certainly a big part of the event, but RSA is really about cybersecurity - a very serious topic. Before imbibing their fourth Mai Tai at a Hawaiian-themed party at the W Hotel, I hope that RSA participants think about recent security breaches at New York State Electric & Gas (800k customer records exposed), Zappos.com (24 million customer records exposed), and our security colleagues at Stratfor ,and then consider the real objective of this event.
You can read Jon's other blog entries at Insecure About Security.