The annual RSA Conference in San Francisco begins in earnest Monday morning with pre-session seminars about the state of IT security and skill shortages.
But this year’s conference is surrounded by controversy in addition to the dire warnings on network threats given by the usual high-profile speakers.
After news reports burst out last December that the U.S. National Security Agency (NSA) allegedly paid RSA $10 million for putting a backdoor into its encryption process, several invited speakers turned their back on the conference. Attendees will be waiting to hear if and how RSA address the claim when executive chair Arthur Coviello gives the opening keynote on Tuesday.
Our colleague Candice So of ITBusiness.ca will be at the conference for some sessions and has written an advancer on what to expect this week.
Meanwhile a number of hardware and software vendors are using the conference as a backdrop to make product announcements. Among the first are Fortinet, which is updating its appliance operating system and hardware, and Hewlett-Packard, which is announcing partnerships to bring more threat information into its management software.
Due to the number of reported breaches several Web service providers such as Google and Yahoo are increasing their use of SSL encryption, Dave Finger, Fortinet’s product marketing director said in an interview. That creates a challenge for IT security staff who want to see into that traffic. Usually they let it pass –either because they want to respect user privacy or are concerned about the performance hit inspecting the traffic may take.
As a result, Fortinet has upgraded its FortiOS operating system version 5.0.6, which runs its next-generation firewalls and other appliances, to include faster performing SSL inspection. This will give enterprises more visibility into network traffic, Finger said.
The software now also gives more out of the box reports from the FortiAnalyzer appliances, and tighter integration with the FortiAuthenticator strong authentication and FortiSandbox threat isolation devices.
Fortinet is also releasing a new version of the FortiAuthenticator, the 1000D, which provides organizations a choice of hardware, software, email and SMS tokens for network authorization for up to 10,000 users. It fits in the middle of the FortiAuthenticator line.
Last year Fortinet announced the FortiSandbox 3000D appliance for filtering and quarantining traffic. This week the appliance’s operating system is being upgraded to version 1.2, which includes enhanced instrumentation to better deal with virtual machine evasion techniques, an updated assessment engine to increase detection rates and a new call-back detection to identifiy outbound communications in both the sandbox and on the wire.
Coming shortly is a new FortiSandbox 1000D, which can handle eight virtual machines concurrently (compared to the 28 VMs of the large 3000D). It will cost about US$40,000. The sandbox can be deployed standalone or linked to the FortiGate firewall and FortiMail appliances.
Also coming shortly is the FortiAnalyzer 3500E, with 24 TB of storage for analysis that can be expanded to 48 TB.
Hewlett-Packard announced a partner network for its Threat Central security intelligence platform that will allow a number of third-party security devices to connect their data feeds for analysis.
Those already signed up include BlueCoat, Arbor Software, InQuest, ThreatGRID, Wapack Labs and Trend Micro.
At the same time it released an API for its Tipping Point Security Management System (SMS) server, which also allows third parties to connect to the SMS server and into Threat Central.
BlueCoat, Damballa, Lastline and Trend Micro are part of that program.
The idea is to make Tipping Point’s intrusion protection and next generation firewall products more valuable to these partners’ joint customer base, Rob Greer, Tipping Point’s vice-president and general manager.
“Customers have a SIEM (security information and event management solution) in place or a number of management platforms for various point technologies,” he said, “and what we’re doing is allowing them to get the benefit of multiple vendor security intelligence.”
For example, SMS server will be able to have access to data from Trend Micro’s Advanced Threat Cloud and BlueCoat’s malware analysis engine.
HP also announced enhancements to its ArcSight line of SIEM products. ArcSight Logger 5.5 has improved search capabilities, while ArcSight Enterprise View 2.5 automates risk scoring.
The bot threat
Some of the most serious threats networks face today are "bots," remotely controlled robotic programs that strike in many different ways and deliver destructive payloads, self propagating to infect more and more systems and eventually forming a "botnet."