As much of the security industry recovers from RSA Conference 2009 in San Francisco it is time to attempt to condense a five day conference to few hundred words. There were 360 vendors on the exhibition floor and many more who sent executives to participate in the conference sessions or traverse the party circuit that occurred each night. I interviewed over ten percent of them in one-on-one briefings and video sessions.
The buzz at the conference was the pleasant surprise that the world had not come to an end. I have yet to see any official numbers from the conference organizers. While they may be down one vendor I interviewed thought the quality of attendee was up. He explained that possibly those organizations that allowed their staff to attend had real immediate needs for security solutions. The show floor was crowded every time I attempted to navigate it. You got a real feel for attendance in-between sessions when the hallways would be packed with people laptop to laptop. It appears that IT spending on security is healthy.
So what was the hot technology? For me it was “the old is new”; in particular the hugely diverse category of Identity and Access Management was everywhere. Web defenses were hot. Radware introduced an inline web application feature in their DefensePro products that I am tempted to call Web Application IPS (WAIPS?) but they call APSolute Immunity. NEC introduced a Web Application Firewall of their own design.
The following companies were the most exciting of RSA 2009 and earn Stiennon’s Best of Show award.
The Xceedium GateKeeper is an appliance for managing privileged users. As I point out in my insider threat tutorial administrators, DBA’s and even applications are often granted carte blanche access with little or no accountability. Tackling this problem is one of the best ways to tighten up security. As a proponent of simple security I rank Xceedium as must-have technology.
Yubico is taking a crack at bringing strong authentication to the masses. It is extremely simple. A small USB key is used to type long unique passwords in to any login screen. An open source development community provides the back end needed by an application to accept Yubikey passwords.
I told the founder and CEO of Syphan Technologies to surprise me during his video session. He did. Pravin Mirchandani has identified a need for large service providers to offer more security and filtering on their own premises. He is taking a high end multi-gig platform to market.
From their web site:
With zero latency, total packet inspection it is purpose designed to operate in the high-speed, IP-based customer services environment including protection for HTTP transactions, VoIP communications, multi-media streaming and IPTV applications.
With64 nano seconds latency I can forgive the hyperbole.
Palo Alto Networks has been messaging around application-aware firewalls, so much so that I missed what they are really doing. When I had Nir Zuk in front of a camera I finally discovered that his newest firewall is indeed what IDC calls a “complete content inspection firewall”. So, while I agree that identifying and controlling the use of applications on a network is required, the real value is in filtering malware, attacks, and misuse out of network sessions in real time. Palo Alto Networks joins the very short list of gateway security providers that can really look at content: iPolicy, Fortinet, and now PAN.
CoreTrace. The Wheel Group band is back together. Dan Teal has figured out application white listing and Tony Jennings has stepped off the race circuit to re-join him as CEO.
Triumfant has developed a technique for mapping “normal state” for an enterprise’s computers and then alerting and remediating when malware makes changes to that state. They give a great demo. I predict they will not remain a stand-alone company for long.
RSA Conference 2009 lived up to its reputation as the must-attend event of the year. Most of us are too exhausted to contemplate next year just yet but it will be in our plans.
-----
Don't forget to follow my updates from the cyber front as I post from Tallinn, Estonia.