So RSA officially kicked off today. I have to say that it stillfeels like the Big Tradeshows, though I don’t know what I wasexpecting. However there was excellent foot traffic, truly interestedpeople in how their problems are being solved, and the usual complementof schotzsky’s (squeeky toys, pens galore, flashlights, and T-shirts). Though I got a Hacking Exposed T-shirt along with a signed copy of theHacking Exposed 10th anniverary edition!
I didn’t get a chance to attend any of the keynotes, but there wasinteresting buzz after Lt. Gen. Alexander’s keynote. He went on therecord on the NSA not owning cybersecurity. “We don’t want to run cybersecurity for the U.S. government. That’s a big job.“,General Alexander stated. This is very positive news and continues totrend towards an emphasis on how multi-agency interaction, as well aspartnerships between the public and private sectors will be required totackle what is likely THE most hard to tackle problem of cybersecurity.
As far as some companies and their innovations that caught my eye (as well as my attention), here are a few:
– Triumphant www.triumphant.com):this company creates “normal” models of the filesystem and overallcomfiguration of a PC and retains that as what the machine should looklike. When they determine this is what the machine configurationshould look like, it becomes easier to identify anomalies. They arenot signature based but through the seemingly simple technique ofkeeping watch over changes in the filesystem, registry, and a multitudeof other machine configuration parameters can identify when it has beentampered with or infected with malware. I saw a demo and it reallytook me by surprise how effective the remediation capabilities were andhow deep they identified all the aspects of machine configurationmodifications made by malware to subsequently fix them.
– Mobile Armor www.mobilearmor.com):it may seem that there are a lot of encrypted USB flash devices in themarket, but the ruggedness of these devices seemed impressive. MikeVogelpohl in their booth joked that the USB device could be run over bya tank and survive. I think I believe it. One of the technicalinterests in their device was how self-contained all the protectioncapabilities were to not rely on anything loaded on the host laptop. Malware inspection, encryption, remote lock/wipe, and a multitude ofsecurity features rounded the feature set of this seemingly tank andbullet proof USB storage device.
– AccessData www.accessdata.com):There are a lot of forensic and correlations tools in the market. Nothaving done an exhaustive search on this capability, what interested meabout these guys is their Forensics Tool Kit (FTK). It’s an addedbenefit to actually be able to craft the set of analytics that areparticularly to the customer’s unique problems or compliancerequirements as opposed to having to make do with a standard, fixedforensics analytical engine. Might be worth it to take a closer lookat AccessData.
On the wireless side, I’ve not seen anything that blew my socks offnor looking at the problem in a new light, as in, where are the reallybig threats coming in the mobile and wireless space? [Gratuitous plugfor my company, AirPatrol] AirPatrol is doing a live demo of theirWireless Locator System 3.0, Endpoint Client integrated with McAfeeePO, and Forensics Database in the McAfee partner pavilion booth. These products add up to an infrastructure-side AND endpoint-sidewireless security solution that seems unmatched in the market.
We’ll see what Wednesday has to offer, though I’m not holding mybreath for revelations, epiphanies, or pixy dust showering upon theexpo floor enlightening the security industry on how to “bring it alltogether” so this security stuff wasn’t so confusing to end users,businesses, and government entities.
Ghost blogger for ComputerWorld Canada during RSA