Monday, February 20, 2006

Final notes on RSA 2006 show

As I posted before, I just came back from RSA 2006 security conference in San Jose, CA. I read some fun feedback about the show from other security bloggers (and posted some of it already here and here), here is my longer entry on what I saw there.

As many other RSA observers agreed, under each tree you now see a NAC. Many folks who were anti-worm a year ago (Mirage, ForeScout, Nevis, etc) are now NAC solutions. 802.1X, agents, switch blocking, other things are all over the place. It seems that a NAC train is about to leave the station. Adjacent to NAC was supposedly emerging "LAN security" vendors, such as ConSentry. They all claim to be "NAC+" and additionally guard against internal threats and malware.

Application security, in all shapes and forms, is heating up quickly. Even Cisco showed some secure web gateway device; other vendors related to app security, database security (and information leak prevention) were well represented. Gartner preso directly spoke about needing to centralize application logs and events in 2006.

Network anomaly detection is, surprisingly, taking off, after decades (!) of unsuccessful research. ISS OEM of Arbor and other vendors' offerings attest to that. Also, I saw a number of secure messaging players; their space doesn't seem to be very hot, but, still, I would guess they were second only to NAC in numbers.

Dr Anton Chuvakin