Thursday, April 10, 2008 7:41 PM/EST
Cisco, Microsoft and the Trusted Computing Group for the third year in a row sat down and alternately hugged, kissed and politely swatted at each other. This is the second year I've attended the RSA session on the future of NAC -- which is intentionally not spelled out because the acronym means different things to Cisco and the rest of the world. The bottom line is that NAC (network access control or Network Admission Control) is a noticeable but still relatively undersized part of the security market, despite years of media and marketing attention. According to Lawrence Orans, an analyst at the Gartner Group who has spent the last five years tracking NAC, the market in 2007 was estimated at about $250 million compared with about $3 billion spent on firewalls and about $750 million spent on IDS (intrusion detection systems). The theme set forward by Orans was "overcoming obstacles...
Tuesday, April 08, 2008 7:54 PM/EST
San Francisco (4/8/2008)--The "Mitigating Virtual Machine Security Vulnerabilities" panel with newcomer Fortisphere, old-timer Configuresoft and nonprofit security adviser the Center for Internet Security was so popular that RSA officials had to turn away hundreds of attendees. I'll summarize the most important things that system and network managers should consider when securing virtual machines, but first let me say that Fortisphere is one of the most interesting companies at RSA. I had a chance to sit down with Fortisphere's Chris Farrow yesterday in a private briefing. In a nutshell, Fortisphere tags VMware virtual machines with a kernel-level driver so that the machine and any children that are cloned or snapshotted from the VM can be tracked as it moves around the virtual environment. OK, so here's what came up at the panel. Watch guest-to-guest communication. Can your IDS or firewall products secure against guest communication on the same host? Most likely...
Tuesday, April 08, 2008 1:28 PM/EST
Moderator: Burt Kaliski, Scientist, RSA Laboratories and Director, EMC Innovation Network 10:25 RSA Conference, San Francisco, CA 4/8/2008 Panelists: Whitfield Diffie, Vice President and Fellow Chief Security Officer, Sun Microsystems Martin Hellman, Professor Emeritus of Electrical Engineering, Stanford University Ronald Rivest, Viterbi Professor of Electrical Engineering and Computer Science, MIT Adi Shamir, Professor, Computer Science Department, Weizmann Institute of Science WD: [We're seeing a] call to action where there should be a call to question. Instead of a call based on a Cold War approach. The essential problems of building secure crypto systems seem for all practical purposes to be solved. We've worked on it for 80 years. We have a pure barrier objective that stands. On the other hand, Internet security is a mess. Gossler at Sandia Nat'l labs says the adversary sits on the other side and picks at your infrastructure. In information assurance, the development cycles in...
Tuesday, February 06, 2007 4:40 PM/EST
Regulatory compliance completely dominates the tradeshow floor at the RSA Conference 2007. In the recent past compliance products and services were talked about but not implemented. 2007 is clearly the year compliance comes into its own. Unified Threat Management, access control, application security and all manner of authentication products are still going strong too, which explains why there are over 330 vendors at the show. The place is packed with people peddling security. My take on compliance tools, whether these products are reporting on network usage, end user anti-spam compliance or data extrusion is that they must also help improve IT productivity while aiding in securing valuable resources. If a product can't help streamline IT it isn't really helping to solve a security problem. See what this means for all the forensic tools when I file my report on 2/7....
