Every RSA show is different. Every year there is a buzz. It takes two or three days of walking the show floor, hearing vendor pitches (you have to stop and talk to people manning the booths to pick up their vibes, don’t just wander the floor), and hob nobbing with Wall Street analysts to identify that buzz.
The organizers at RSA picked Data Leak Prevention, which may have been the hot thing last year, as this year’s theme. You can see why: DLP encompasses all of Information Security. And, indeed, every vendor of authentication, encryption, and content filtering had DLP offerings.
I was very surprised to discover that this year’s buzz was around Security Information Management. Many vendors had new offerings and there were a bunch of new vendors present as well. I will be investigating just why management is becoming so hot and blogging about it when I figure it out. But in the meantime here are some vendors that caught my eye with the most exciting new products this year.
Athena Security . I met them off-campus. They did not even have a booth. But their product rocks. It is a security mapping tool that can be used to assess overall network threat exposure. It grabs configurations from security devices and figures out just what resources are exposed to network entry points. The best thing about their product is that it compares your current network architecture to various best practices (NIST and the like) and gives you a score. It then allows you to model proposed changes (moving a server, adding a rule) and see how it impacts your score. AthenaVerify is a great tool to help the enterprise evolve to a more secure posture.
Reflex Security . The explosion of virtualization in the data center is leading to a lot of questions about how to assess and protect a network whose configuration is dynamic. So-called utility computing creates some complicated challenges for those trying to create and deploy policies. I have to admit that I have been struggling with understanding just what the issue was. Hezi Moran at Reflex Security took time to show me just how complicated a dynamic network can be and almost has me convinced that specialized tools will be needed to secure the virtual data center. Of the six or so vendors jumping into virtualization I think Reflex has a head start.
BlueLane. Speaking of virtualization BlueLane did itself a disservice early on by using the virtualization terminology to describe how they intercept network based threats. That is behind them now that they can articulate a data center protection message. I was extremely impressed that their solution which blocks attacks based on knowledge of vulnerabilities, not on exploits, has led to some recent tests with 100% effective ratings with zero false positives. With results like those I think it would be imperative for anyone evaluating IPS to add BlueLane to their short list.
Speaking of gateway security I was elated to see iPolicy represented at RSA this year. I have always been a huge fan of iPolicy’s product philosophy of single pass inspection to create a true Unified Threat Management solution. And speaking of UTM there was a new one at the show this year: Cymtec . Also worth noting is the success that Astaro is experiencing. Their push into the US market is paying off.
And finally, Stiennon’s Best of Show-RSA 2008 is awarded to AlgoSec for their Firewall Analyzer. This is the product I wish I had had when I was at PricewaterhouseCoopers doing internal security audits. Firewall Analyzer grabs a configuration file from your firewall (Cisco, Juniper or Check Point) and immediately identifies redundant rules, conflicting rules, canceling rules, and even unused rules. I am a sucker for tools and this is the best tool I saw at the show. The only draw back is the limited set of vendors they work with. I await the day when the product can work with Fortinet gear. AlgoSec’s Firewall Analyzer is a must have for anyone who manages a rule set of 100 or more.
Anyone see any other products at the show this year that I should know about? Email me at stiennon @ gmail or leave a comment.
About Stiennon
Richard Stiennon is a security industry analyst. He is currently consulting, speaking and writing on all manner of security topics for IT-Harvest, the IT research firm he founded to cover the security space. He was most recently chief marketing officer for Fortinet. He has served stints at PricewaterhouseCoopers, Gartner, and Webroot Software.
|
|
Best *at* RSA?
Not sure how Bluelane can be one of the best at RSA when they didn't have a boot to *show* anything at RSA.
Did you meet with them off site?
Speaking of virtualization
Speaking of virtualization BlueLane did itself a disservice early on by using the virtualization terminology to describe how they intercept network based threats. That is behind Chat them now that they can articulate a data center protection message.
The big buzz
You mentioned that at RSA 2008, the big buzz was about Security Information Management and that you would be investigating why its so hot. I would check out DigitalStakeout (www.digitalstakeout.com)to have a better understanding and to see some of the interesting ideas they are launching.
And finally, Stiennon’s
And finally, Stiennon’s Best of Show-RSA 2008 is awarded to AlgoSec for their Firewall Analyzer. This is the product I wish I had had when I was at PricewaterhouseCoopers Sohbet doing internal security audits. Firewall Analyzer grabs a configuration file from your firewall (Cisco, Juniper or Check Point) and immediately identifies redundant rules, conflicting rules, canceling rules, and even unused rules. I am a sucker for tools and this is the best tool I saw at the show. The only draw back is the limited set of vendors they work with.