Open Source Report From RSA 2011

Open source is alive and well in the security industry

Just back from the RSA Conference 2011 in San Francisco. RSA is the worlds biggest security conference. This years show may have been the biggest one yet.  The Moscone Center and surrounding areas were a buzz with announcements and deals being done.  A great line up of keynote speakers included former President Bill Clinton. There were satellite conferences like the Cloud Security Alliance, Americas Growth Capital Conference and Security B-sides going on as well.  But make no mistake about it, the theme for this years RSA was the cloud. It seemed wherever you looked Cloud and Cloud security was being discussed. Going hand in hand with that was open source.  I am happy to report that open source is alive and well in security and security in the cloud in particular.

I will be doing some further in depth reports, but wanted to mention a few stories that broke at the conference:

1. Open source WAF (web application firewall) - Ever since the PCI council made using a web application firewall or secure coding a requirement, the WAF market has been screaming for an open source alternative.  Now not only do we have one, we have two!. Qualys a leader in the vulnerability management space has teamed with Akamai to give us IronBee. I am currently scheduling a podcast with Ivan Rustic the lead developer on IronBee to discuss it further. But the inital buzz (no pun intended) at the show was that it was good.  Another company, art of defence, also announced an open source WAF as well. The art of defence WAF seems better suited for the cloud with distributed architecture and cluster aware.  At this point though, we have not seen the source code and most people I spoke to were not sold yet.  

In any event, having open source WAFs in place will be a great help in security the ever growing number of web applications out there (or is it up there?)

2. Suricata and IPS - Napatech and nPulse announced and then demonstrated a new commercial implementation of the open source Suricata based IPS. I believe this is the first commercial implementation of Suricata which is sponsored by the OSIF and DHS.  Of course Snort, the venerable open source IDS/IPS is the market leader here. But it is good to see more choice coming to the market courtesy of open source.

3. Cloud.com - I had a chance to sit down with Cloud.com CEO Sheng Liang and we had a great conversation on the state of cloud, cloud security and open source.  Look for a full report on this next week.

Of course no report on RSA would be complete without a word on parties. This year was no exception. It was a rockin' good time. My own Security Bloggers Meet up and Awards was a great success! Also Barracuda Networks which is a big proponent of open source software hosted quite the extravaganza as well.  Sorry but you won't get details on that one from me ;-}  

Look for more in depth converage on these stories next week. For now I have to catch up on my rest! Good weekend!

• Data Center
• E-commerce
• General discussions
• Google
• Microsoft
• Security
• Software
• Security
• Alan Shimel
• open source
• qualys
• RSA
• RSA conference
• Sourcefire
• suricata