John Pescatore

I went to my first RSA conference in 1995, back when it was still just a few conference rooms at the Sofitel in Redwood Shores, so this year is my 15th. I think I’ve also been to 12 of Gartner’s Information Security summits (10 as an employee, 1 as a competitor and 1 as a security vendor), so I’ve spent an inordinate amount of my adult life at large security conferences.

Ever since Security Dynamics bought RSA years ago, the RSA conference always starts with a morning of sponsor vendor CEO speeches that are pretty much like podcasts of their magazine ads – really just reviews of their marketing strategies for the coming year. They tend to alternate between “Security is an enabler to business” and “The sky is falling, the sky is falling, buy more security stuff!!” This year the attacks on Google definitely caused everyone to get the Chicken Little props back out.

A common theme that popped up was the many of the vendors once again trying to hype up mobile malware – it was like 2002 all over again. At RSA in 2003 I did a presentation why smartphone malware wouldn’t be an issue until several factors came together, which John Girard and I predicted would be around 2008 – and we were too early. It is now unlikely that mobile malware will be a major issue for at least another 5 years, and client side software on smart phones will never be the answer – even though the industry is salivating at the thought of selling to billions of new platforms.

The highlight of the first day (actually of the entire conference) is always the cryptographers panel. This year was even better than usual, as everyone large stayed away from politics and policy and largely focused on crypto.  Very cool to hear how much progress was made in the past year attacking cryptographic algorithms and implementations. It really drives home that IT systems are still sitting on a very unstable, non-engineered base  - software.

I spent the rest of the day making the rounds of the vendor exhibits, always an impressive sight. This year there didn’t seem to be any overflow sites but still it is basically the physical instantiation of every security vendor’s LinkedIn contact list.

The common themes across vendor boothage are:

• Malware!!! – We can do something now, even though last year we let most of that bad stuff through.
• Cloud!!! – We are in the cloud! We secure the cloud! We’ve looked at clouds from both sides now!
• Speed!!! – a lot of vendors of high speed processing platforms to help security vendors run at multi gigabit rates. This is a good thing  - as we’ve already seen, just throwing multiple cores of general purpose processors at the problem only goes so far.
• How do you pronounce that?? A lot of smaller companies from outside the US have names that only very experienced CNN anchors can pronounce correctly.

1 Comment »

Category: Uncategorized     Tags:

Share