It has been a rather long time since something was posted here. There is actually a good reason: I was off travelling all over the place and had little time to sit down and write my thoughts.
First stop, RSA Security 2003 in San Francisco.
The RSA Security show has always been run by RSA Security Inc. a company with a rather varied pedigree which includes people like Ron Rivest, technology like SecurID and used to hold the now-expired patent on the RSA algorithm.
What did I bring back from the conference? Well, as goodies go the illuminated pen from BlueFire was pretty (they do a host-based IDS for iPAQs). As technical stuff goes it was rather sad. What was sad? Well, let a photo of myself at the conference set the tone.
Having seen the picture you might be inclined to think that this is going to be yet another bashing session but the simple truth is that marketing had taken over big time. There were enough identically different SSL accelerators that had it not been for the bezel you could have swapped them around overnight and nobody would have noticed.
There was something worthwhile: a naval Enigma at the booth of the bright people of Cryptography Research complete of rotors and in perfect working order and its US counterpart (an M209) not to mention a particularly polite lady at the NSA booth who was in fact the curator of their historical museum with yet another Enigma.
From a technology point of view by far the best demo must be the one on the HP booth on wireless hacking. You might think that RSA Security 2003 would not have open WLANs, well, think again. Michael Gough had a converted chips tin connected to his iPaq and was happily walking around scanning the show floor. Of course, it is nothing new, but it was definitely quite a sight with his presentation filling up the corridors around the HP booth.
So what was the overall climate? There is definitely interest in security, the conference alone pulled over eleven thousand people but frankly nobody really wants to buy much. It seems to be all very much "in house" at the moment and people wanting to be clear as to what the market offers. Where is the world moving to? The biggest announcement was certainly the Symantec-PWC tie-up to provide a complete MSS, if I was Counterpane I'd be rather worried myself. They hope to attract customers by showing them their "manual", i.e. a procedures guide for absolutely everything ranging from anti-virus to incident response. Is it any good? I don't know as I was not allowed to read it but it is clear that outsourcing is still seen as "the way to go", even more so than previously perhaps.
Posted by arrigo at May 7, 2003 01:32 PM