I’m wrapping up my visit to the RSA USA 2015 Conference. The conference was as big as ever. There was a feeling of how to protect ourselves from breaches by being realistic: Realize that adversaries will somehow get into your system, so look for multi-layered approaches to protect yourself after a breach occurs and minimize the damage. But there was some hopefulness as well, since we are acknowledging the changes in the security landscape, and we’re adapting ourselves accordingly. So I hope we’re not fighting the last war, and we’re becoming forward-looking.
The theme for this year’s conference was “Change” and it seems apt. However, I do miss the clever themes of the past, such as the Rosetta Stone or "Alice and Bob."
There were so many things that it’s hard to summarize all of it in one blog post, but here are a few things that caught my eye: Many vendors were offering segmentation and zones of trust. Segments help prevent the bad guys from hopping from one system to another because their networks are isolated from each other. Vendors such as vArmour and VMware offered micro-segmentation to separate parts of IT infrastructure. Startups like Illumio offered a variant called nano-segmentation to offer separation down to the process level in workloads. We joked that eventually someone is going to offer femto-segmentation to separate each byte.
These concepts are not new. Networking vendors such as Cisco offers similar segmentation capabilities in ACI, and Juniper has micro-perimeterization (and micro-segmentation) in its AppSecure offering. Juniper has a history of providing these capabilities in its SRX products that date way back to its Altor offerings. On the traditional security device front, Juniper also recently introduced a new SRX 5800 firewall that offers up to a mind boggling 2 Tbps performance.
These are some tid-bits from RSA from my networking viewpoint, and I’m sure these items will be expanded upon at Interop in Las Vegas, Nevada starting on April 27th, 2015, and we’re looking forward to that.