Database Security 3.0

More on RSA 2009…

As RSA continued through Wednesday and Thursday, an air of optimism seemed to be resonating with most of the vendors and end users that IT Security still has a place in the budget at most organizations. Its great news for all, and we heard from quite a few folks that they were having the most qualified conversations with buyers in a long time at a trade show.

Although, it’s safe to say that there were a few folks who quipped to me after I had asked the obligatory - so ‘how’s RSA going for you’ question that things were slow. Well, that my friend could be because you are selling encrypted USB drives. Or you were trying to sell security solutions with booth babes (yes, companies still do this, even at security shows).

In fact, it would probably be fascinating to sit in on the post-RSA meetings for the companies who did hire booth babes. “So did our message come across to buyers? Did they understand our value proposition?” Either there was consensus that these were times of desperation and they needed sex to sell, or it was April 19th and they scrambled to hire some modeling agency. Maybe they should have just staged a mock protest instead.

  OK, of real importance at RSA, days 2 & 3…

The much-anticipated Melissa Hathaway keynote, although encouraging in many ways, wasn’t as detailed as some would have liked because it was expected that she’d lay out the Obama administration’s plan to address national cybersecurity issues. What she emphasized most was that the commercial, government and academic sectors would have to come together to effectively mitigate the seemingly insurmountable threat environment.

She challenged the vendors at RSA to help come up with innovative ideas and solutions. She challenged government officials not to ignore this problem, especially in the current economic climate. It appears they’ll be creating a new Pentagon cybersecurity command station, and they’ll unveil the overall US cybersecurity plan this month sometime. So while it left folks wanting more, we’ll see what the plan addresses in depth soon…

Also there was a little more banter around cloud computing and virtualization and being able to secure those frameworks. Virtualization was the buzz last year, and the discussions haven’t gone away. 

Anyway, a decent set of recommendations from the Cloud Security Alliance was unveiled that should kick start a framework for organizations to follow in security their cloud environment.

Kaspersky is behind a new media model/content aggregator that could pave the way for other vendors to follow suit. Threat Post is headed up by former eWeek writers Dennis Fisher and Ryan Narraine, with ‘punditry’ content coming from a slew of security vets. Kaspersky isn’t branding this at all, but it seems like an interesting concept that will challenge the trade publications in reporting styles and content delivery.

Lastly, the McAfee party rocked, again. And it wasn’t just the free beer. If you like rock and roll, it was impossible not to like Anthem, a classic rock band that literally lugged stadium-level sound equipment into a small club Mezzanine that surprisingly didn’t shatter windows from the extremely high decibels they were playing at. Stairway to Heaven, check. Hot Blooded, check. Bohemian Rhapsody, check. All this while they had their own music videos for each and every song projected onto one wall of the club, synched precisely with the live performance. Brilliant marketing. I probably need a hearing aid now though.

The bar has been set pretty high to top RSA 2009 next year...

It’s that time of year again…the trees are budding, folks are exiting the winter doldrums and the RSA conference is back again. Yep, every IT Security vendor from New York to Norway, Boston to Budapest and California to Canada is trying to tell you how their solutions will help your organization secure something. 

Some observations from Day 1…

First off – the major news publications are paying attention to our announcement of AppDetectivePro 6.0 User Rights Review.

Oracle acquiring Sun somehow has dominated the conversations on the exhibit floor and briefing rooms. With this announcement, Oracle has managed to dominate headlines at RSA, and its not exactly a security play.

However, there was definitely some banter on the Pentagon hack of their F-35 Lightning II jetfighter project data. What had some folks buzzing was the Journal article’s startling statistic that the government has experienced 18,050 breaches last year.

Compliance is king. We’ve been saying it at AppSec for quite some time now – but honestly organizations MIGHT be getting it now. You can’t silo compliance and security separately – smart companies get this, like us! But it never ceases to amaze when companies integrate half-baked compliance language into how they position themselves…

We met with Byron Achiodo of USA Today/Last Watchdog blog today – if you aren’t reading his articles (or his book) you are missing out. http://lastwatchdog.com/  Its interesting listening to what he’s working on because he is a guy who wants to get inside what is REALLY happening in the hacker universe – what are they doing, how, and how the heck to we stop them? (Um, protect your database environment.)

There’s a lot of anticipation for Melissa Hathaway’s keynote tomorrow on her review of President Obama’s cybersecurity plan. There’s a lot at stake to determine the key areas of focus, not to mention the $$$ supporting this plan.

Flower power - FaceTime staged mock protests across the way from our booth complete with sit-in’s and a guy strumming a guitar. When did the Moscone Center become part of the Haight?