February 5, 2007 4:00 AM PST

Security gets mainstream attention at RSA

Security gets mainstream attention at RSA The annual RSA Conference this week is expected to show evidence of a maturing security industry with an increasing role for big-name companies.

The event has long moved far beyond its origins as a get-together for cryptogeeks. It has developed into an annual gathering for corporate IT pros and a showcase for hundreds of companies, small and large, that hawk security products and services to businesses. This year is the 16th anniversary of the event. Again change is in the air.

"We're going to see a flight to quality, consolidation and quite a bit of merger and acquisition activity (in 2007)," said Andrew Jaquith, Yankee Group. "That's what's different about this year's RSA Conference; there is the slight whiff of blood in the air. You can sort of hear the screeching noises of the vultures overhead."

Security is becoming more structured and part of the IT infrastructure at companies, instead of being added on later, analysts said. Companies including Oracle, Microsoft, Sun Microsystems, Cisco Systems and Intel are vying for a piece of the pie, which may hurt the smaller industry players, they said.

"There seems to have been a recognition among some of the larger vendors that they can make money with security or, more likely, that they're not going to make any money if they don't have security in the future," said Gartner Analyst Ray Wagner. "That's certainly going to hurt some of the smaller vendors."

"In a lot of ways security is becoming more boring. But boring is good. Boring means maturation."
-- Andrew Jaquith,
Yankee Group

Case in point, database giant Oracle for the first time will have a major presence at the RSA Conference. The company will be promoting its identity management products as well as software to secure the applications it sells to help large enterprises with things like accounting and human resources. Oracle CEO Larry Ellison is slated to deliver a keynote speech on Wednesday at the San Francisco event.

"Oracle is more and more becoming a vendor of standalone security products that span both Oracle and non-Oracle technologies. You'll see a reflection of that at RSA," said Wynn White, Oracle's vice president of security and management products. Oracle has gobbled up numerous security outfits over the past few years.

Microsoft Chairman Bill Gates will kick off the conference Tuesday in a keynote with Craig Mundie, Microsoft's Chief Research and Strategy Officer. They are slated to talk about the software giant's vision for seamless and secure connectivity across networks and devices. Microsoft also plans to talk up security advances and partnerships.

"In a lot of ways security is becoming more boring," Jaquith said. "But boring is good. Boring means maturation. Boring means you're seeing large companies like IBM have a really rounded out security story. This is good for the mainstreaming of security into the way people run their business."

There is little left to "wow" people when it comes to security technology. Most of what will be on display at RSA is evolution rather than revolution, analysts said. While some of the threats may still be scary and shocking, the fixes are not that amazing.

"I don't think there is going to be the equivalent of the iPhone at RSA, but I do think that's a good thing," Wagner said.

As products have become more mainstream, so have the RSA attendees. There still is a track for the cryptography fans, but the bulk of the event is geared to less specialized visitors.

"Security concerns are moving away from tech geeks with pocket protectors monitoring networks in a back closet somewhere, to something that businesses managers and more senior folks are concerned with," said George Tubin, an analyst with TowerGroup.

Bring on the gear
The more than 340 exhibitors at RSA Conference will be calling out to all attendees in San Francisco's cavernous Moscone convention center. Many companies in the security arena are using the event to announce new initiatives, products or product updates.

Oracle plans to announce an add-on for Oracle Enterprise Manager that will let administrator manage and monitor identity and access management for Oracle and other technologies. Also, Oracle is slated to announce that its identity management and data vault products are now compatible with more Oracle business software products.

Identity management is a hot market led by companies including CA, IBM, Hewlett-Packard and Oracle and which research firm IDC predicts will grow to almost $4 billion in the next couple of years. Typically, identity management software identifies the users of a system and controls their access to resources within that system by associating rights and restrictions with a particular identity.

Other companies are expected to promote their advances in the identity management area at the RSA Conference. This includes Microsoft, which packed the new CardSpace identity management tool into the just introduced Windows Vista operating system. Last year Microsoft also talked up CardSpace, then still called InfoCard.

More traditional security companies will also be present. Firewall specialist Check Point Software, for example, plans to introduce a new Check Point branded security appliance aimed at midsize businesses. The firewall and virtual private network appliance will rival products from companies including Fortinet, Secure Computing and Sonicwall.

Protection from internal threats, such as accidental or malicious disclosure of confidential information, will be a major topic this week. Websense is expected to unveil its new Content Protection Suite and McAfee also is entering the space crowded with smaller players such as Vontu, Code Green Networks and GTB Technologies.

Companies promising to protect against yet unknown threats will also tumble over each other at RSA. Avinti, for example, is announcing iSolation Server 3.0, a product meant to stops threats such as zero-day attacks, targeted attacks other malicious code attacks not detected by traditional security software.

The emerging area of VoIP, or voice over Internet Protocol, security is also represented at the conference. BorderWare, which sells Web, e-mail, instant message and VoIP security tools, plans to promote its SIPassure SIP Security Gateway at RSA.

Web security specialist ScanSafe is launching a new product that is meant to secure Web searches inside a corporate network. Called SearchAhead, the product classifies results from Google, Yahoo and MSN and provides guidance on acceptable or unacceptable sites based on corporate policy and known malicious sites.

ScanSafe already provides a safe searching tool for consumers, and so do McAfee, Exploit Prevention Labs and others. At RSA, Finjan is entering the fray with its Finjan SecureBrowsing tool that alerts users to potential malicious content hiding behind links of search results, ads and other Web pages. It is one of the few consumer-focused announcements expected at the event.

Aside from products, security companies are also slated to announce partnerships this week. For example, Qualys is teaming with VeriSign. The Qualys vulnerability management tools will be used by VeriSign for its managed security services customers. Qualys is also planning to announce a new version of its product at RSA.

Next year, analysts expect, the RSA Conference will be a little smaller.

"We're thinning the herd, we will see fewer exhibitors because there are a lot of investments that some of the folks in the venture community have made probably aren't going to pan out," Yankee Group's Jaquith said.

See more CNET content tagged:
RSA Security Inc., Oracle Corp., conference, air, security

6 comments

Join the conversation!
Add your comment
no
i don't think so

----
<a class="jive-link-external" href="http://privacy.emigrantas.com" target="_newWindow">http://privacy.emigrantas.com</a> - all about web privacy
Posted by darix2005 (31 comments )
Reply Link Flag
Never trust the big guys
Especially when it comes to security, the major players always prove to be clueless. M$ has never been able to provide anything approaching secure systems and I doubt they ever will.

The big security vendors like McAfee and Symantec were good until they got too big and now they all suck a root. The only security apps that really work without themselves being a form of malware come from the small providers like Avast and AVG.

We'll never have decent IT security until people get over the brand name fixation syndrome.
Posted by Michael Grogan (308 comments )
Reply Link Flag
Never follow the path of ignorance
By reading your ignorant comments that "M$ has never been able to provide anything approaching secure systems and I doubt they ever will", one can easily see you know nothing about Windows Live OneCare or Windows Defender, both of which are praised in most unbised reviews (hard to find when we're talking about a Microsoft product, but they still exist). And I'd advise you to learn a little about IT and not confuse Symantec with Norton, because the big security vender that Symantec is is as good as it ever was or even better and it continues to be the security vendor most people and businesses around the world trust (of course we know for you people the logic works the other way around and the better ones are always the ones who sell less). It would be nice too if you'd think before saying such ridiculous things as "The only security apps that really work without themselves being a form of malware come from the small providers like Avast and AVG", as I use Symantec Corporate 10 and I can assure you it is no form of malware and it is more effective than Avast or AVG (when will you people learn that, in this world, you get what you pay for?).
We'll never get decent mainstream security until people get over the Microsoft/Symantec bias/bashing syndrome, that is the truth.
Posted by Fil0403 (1303 comments )
Link Flag
No security anytime soon.
There won't be any security anytime soon. Just as the article said, security has always been an after thought. The original Internet being a network for the DOD, was secured by putting security first, not last. Those security precautions were ignored, when M$ began to mess with the HTML standard, and incorperated the network stacks as an inseparable part of the OS. No there won't be security anytime soon, didn't you hear, there's money to be made off insecurity, why would they destroy their own market?
Posted by chash360 (394 comments )
Reply Link Flag
No seriousness anytime soon either.
If you think there would be such thing as "security" if Microsoft wouldn't have changed the HTML standard (whether you consider it was a mess or not) you are very naive.
And it seems no one had anything better to offer, otherwise 90%+ of the world wouldn't be using Windows now, so maybe you shouldn't be accusing
Microsoft of changing HTML but other companies of not countering Microsoft.
Incorporating the network stack as an inseparable part of the OS was, sooner or later, an inevitable thing to do and in no way can be considered an insecure measure just by itself. Some things were done wrong, yes, but it ends there, and many of those things are now being corrected (Vista is a good example of that, if you have any knowledge about the changes in the network stack).
Posted by Fil0403 (1303 comments )
Link Flag
Security?
If you are going to talk security at the RSA conference you should make sure to include ALL the major security players. You forgot the largest security player! - Symantec
Posted by harsh24x7 (5 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.