Friday, February 09, 2007

Oh, RSA 2007

So, I spent a day at RSA 2007 on Wednesday, from about 9AM to 11PM ... Oh, was it fun!! Here are some highly informal impressions.

First, what's are the Security Buzzwords of the Year

  • Identity - yes, I dare say that the word "identity" blessed the maximum number of vendor booths, even more than ...
  • ... yes, more than NAC - and thus I continue to insist that knacking noise :-) will be waning this year. Hopefully - at least the NAC vendors should hope - not the deployments though ... And don't forget to NAP.
  • Data security together with leak "prevention"; a formidable presence indeed, given a large number of vendors that "do it" or, more accurately, "claim to do it"
  • I guess I should mention endpoint security, but to me it sounds a bit like RSA 2006 ...

Another thing that amazed me was a huge (!) number of new security companies. I have noticed dozens of new vendors, some doing interesting and some boring and old stuff. Initially, when I started my "vendor walk" and passed thru a couple of aisles, I started developing a mild case of "marcusranum-itis" i.e. "same old stuff around", but later I did see a few fun and innovative companies. Also, I met a couple of folks who pitched their new company ideas to me; that was deeply cool as well. So, I hereby proclaim that security innovation marches on, despite some dumb claims to the contrary.

Again (as I commented here), I've seen a few "walking dead" companies present. For some of them, it seems like they truly blew the last 20 grand on the show, hoping - in vain - that somebody [dumb] would buy them. I am talking about those whose quarterly revenue dropped into 6 digits after being in business for a few years. You know who they (you? :-)) are!

What made my RSA day is of course a Security Bloggers Meet-up (that everybody blogged about already - here, here,  and yes, even here somewhere); it was a very fun event indeed. For those who are into that sort of thing, a few of the security "celebrities" such as Bruce Schneier and  Stephen Toulouse blessed the event with their presence. I am so looking forward to it in 2008!

Finally, somebody mentioned to me that they also had the presentations - you  know, people speaking and stuff - at RSA. I was like "Wow, seriously!" :-)  And I thought that RSA is mostly known for its parties ...

Technorati tags: , ,


Anonymous said...

Nice summary. Yes, there were *way* too many wannabee companies in the space this year, with glitzy gimmicks and expensive swag and lovely ladies to lure you into their booth where, after you asked the first question, they suddenly give way to some suit.

Somehow I doubt that the ones pitching "Web and database security" are going to last very long. And how many application gateway vendors do we really need to compete with F5 and Juniper?

The sad part for me, as an old school hacker, was not seeing any people from the underground. I wore my CCC T-shirt and walked the length of the floor and not a single person knew what it was (sigh)

-- Greg

Anton Chuvakin said...

"Somehow I doubt that the ones pitching "Web and database security" are going to last very long. And how many application gateway vendors do we really need to compete with F5 and Juniper?"

Not so fast .... what's wrong with app and db security? Now, the guys you mention truly do a good job of it, then maybe. But I somehow doubt it ....

Anonymous said...

Anton, thanks for the link. I had a wonderful time there and really enjoyed the open-ness of everyone. I went to the event knowing just a few people and came out knowing so many great people.

What I would really like to see is a post/list of all the bloggers with: photo of them and link to their blog. I met so many people and many didn't have a card much less a way of remembering who they were.

(Why did so few bloggers have cards??)

Dr Anton Chuvakin