Image by Howard Solomon
Image by Howard Solomon

SAN FRANCISCO – Driving into this city from the airport, attendees to the annual RSA Conference may see a billboard from a security vendor which asks two questions very much on their minds:

“Will they get in?” it asks of attackers. “Can they be stopped?”
Interestingly, the vendor doesn’t answer the questions.

But that, of course, is the reason why infosec pros from around the world are converging here – to see if they can find out if intruders can be stopped. The conference opens today, with keynotes on Tuesday.

Wise pros know, of course, the answer to the questions in 2016 are yes, if determined they will get in, and, by extension, no they can’t be stopped.

But detecting them with the right product might be easier with the latest generation of hardware, software, firewall, IPS, IDS, behavior analytics, encryption and so on to be announced by RSA and hundreds of vendors, so CISOs pray.

So the conference has two groups of attendees: Hopeful vendors looking to sell solutions, and hopeful infosec pros looking for a product/products that will make their lives easier.

Many will go home disappointed.

This morning NSS Labs released a report comparing 13 next-generation firewalls. None of them blocked all attacks, although NGFW’s have come a long way. “I was hopeful,” one would, admitted Mike Spanbauer, the lab’s vice president of research, said in an interview.

In fact only seven NGFWs were recommended.

In other words, there – still — is no silver bullet. The full report can be purchased from NSS Labs.

Lurking in the background of this year’s conference is the fight between Apple and the FBI over its attempt to get a court order compelling the iPhone maker to build a special version of iOS to help it break the password protection on a terrorist’s device, and the whole debate over whether creating backdoors imperils privacy or is a necessary evil.

Keynote speakers include FBI boss U.S. attorney general Loretta Lynn and Admiral Michael Rogers, director of the National Security Agency.

There will be a wave of product announcements – see below for some of today’s  — as well as surveys and reports this week that will show – again – what an uphill climb CISOs face.

For example this morning Akamai released its Q4 State of the Internet Security report showing a 148 per cent increase in distributed denial of service (DDoS) attacks against customers on its content delivery network in the last three months of 2015 compared to the same period a year ago – and up almost 40 per cent from the third quarter.

Infrastructure layer (layers 3 and 4) attacks were up 168 per cent in Q4 of last year compared to the same period in 2014.

Stuart Scholly, SVP and GM of Akamai’s security business unit, said in an interview that while the bandwidth of attacks dropped, attackers generally are launching repeated attacks against organizations, hence the larger number of them.

Akamai blames so-called cloud stressor sites where people  can rent cycles ostensibly for stress-testing a network. But, Scholly said, low-priced sites are “thinly-veiled attack networks.

He cautioned that content management sites like WordPress and its users have to ensure the applications are fully patched, and infosec teams must close vulnerable ports.

Among the product announcements made this morning

—-Gigamon announced an optional Metadata Engine for its GigaSecure security delivery platform. The platform, announce last summer, is a rack-mounted server that can aggregate network traffic and spin it off into a variety of security tools plugged into it such as next-generation firewalls, Web application firewalls, IPSs, SIEMs, sandboxes and content inspection gateways to give greater visibility.

As its name implies, the Metadata Engine analyzes a wide range of metadata that comes out of all these feeds such as NetFlow, IPFIX records, URL/URI information SIP request information, HTTP response codes and DNS queries.

The analysis can then be fed to an SIEM or big data analytics pool for further processing.

The goal is to enable security pros to respond and mitigate threats faster, Johnnie Konstantas, Gigamon’s director of security solutions, said in an interview, detect usual by detecting unusual behavior inside the network, such as suspicious lateral movement, or  attackers trying to communicate with command and control servers.

The module costs US$4,999 per GigaVue chassis.

CoSoSys, a Romanian-based company makes the Endpoint Protector agent for Windows, Macintosh and Linux, a device control agent which can lock down ports on a computer.to block the use of storage devices.

However, until now the software’s Data Loss Prevention module, which inspects content being transferred to another device or cloud service, was only available for Windows and Mac. That won’t be for long.

The company said it is starting a private beta test for a Linux version of DLP, which is expected to be generally available in April. Pricing wasn’t announced.