Post RSA Security Show in San Francisco, Ca
Last week I attended the RSA Security event in San Francisco, Ca. I wanted to give those that could not attend the event this year my perspective on the event and my observations. I have attended the RSA event for more years than I can remember. No I am not one of those geeky types that puts stars on my badge for every year I have attended an event. This was the first RSA event that I was selected from over 2,400 entries to present.
Unlike many of the other speaking hopefuls I selected a topic that I felt would be near and dear to many security experts, that there was truly no silver bullet out there for security. I looked for industry experts to join me on a panel that would be willing to speak about the need of various security technologies and that security products that are simply stove piped in networks today are the wrong way to go. Security and more importantly the things security products 'learn' in a network are valuable and have become more valuable to other security products and points in your network. So why is this information being kept within it's own appliance? All the vendors on the panel agreed to move in a direction of a security eco-system, one that learns and shares from one another. The session was attended by well over 100 people and that's not bad being at 9am in the morning of the last day of the show.
The session was lead by John Kindevag Senior Analyst at Forrester Research. John and I have known each other over the years and John also recently finished an interesting article titled "If you don't have an IPS you deserve to be hacked". Very interesting reading if you can get a copy of it. The panel discussion covered many areas of security. One topic that got the croud engaged and asking questions was around employee rights when employeers wanted to see everything you were doing on that so called company PC. One argument was that indivuduals should use their own PC so that employeers would not have a right to read emails. The audience asked a question on whether the employee feels an employeer should not have a right to check the PC to see if it's properly protected so that it would not cause harm to the business network or data.
Ken Pappas said it was absolutely fine for an employeer to check a PC to make sure it's in compliance with company rules and regulations but that it did not have any rights reading emails that were being sent to family members at home. The challenge came about concerning company documents being sent out of the building thru personal email or Gmail systems. Ken said, if you think I am going to risk sending company confidential documents over a company network when I can think of 10 others ways of getting it out of the building then you are looking in the wrong direction.
It was a healthy discussion, one that I think everyone enjoyed.
The show was clearly less attended by the masses but the attendees that did make it to RSA were a higher cabilar and were here on a mission. They were shopping for solutions to business problems, not here to collect give-a-ways.
Something that troubled me was the vast amount of vendors and different types of devices I was seeing for the first time. Now remember I have been in the security space for a while and I thought I had seen it all. One morning at 9am as I was walking the show floor looking at all the vendors (some of which I have never seen or heard of) it dawned on me. I said to myself "I am starting to think that some vendors are starting to make this shit up"! Shocking observation to be making but that is what hit me. Are these vendors truly coming to market with a solution to a problem, or coming to the market with something they hope someone will just buy it.
RSA is not something to miss. To me its the center of the universe when it comes to the who's who in security and I am glad to have made it and even more happier to have had the privilidge of presenting at it.
Unlike many of the other speaking hopefuls I selected a topic that I felt would be near and dear to many security experts, that there was truly no silver bullet out there for security. I looked for industry experts to join me on a panel that would be willing to speak about the need of various security technologies and that security products that are simply stove piped in networks today are the wrong way to go. Security and more importantly the things security products 'learn' in a network are valuable and have become more valuable to other security products and points in your network. So why is this information being kept within it's own appliance? All the vendors on the panel agreed to move in a direction of a security eco-system, one that learns and shares from one another. The session was attended by well over 100 people and that's not bad being at 9am in the morning of the last day of the show.
The session was lead by John Kindevag Senior Analyst at Forrester Research. John and I have known each other over the years and John also recently finished an interesting article titled "If you don't have an IPS you deserve to be hacked". Very interesting reading if you can get a copy of it. The panel discussion covered many areas of security. One topic that got the croud engaged and asking questions was around employee rights when employeers wanted to see everything you were doing on that so called company PC. One argument was that indivuduals should use their own PC so that employeers would not have a right to read emails. The audience asked a question on whether the employee feels an employeer should not have a right to check the PC to see if it's properly protected so that it would not cause harm to the business network or data.
Ken Pappas said it was absolutely fine for an employeer to check a PC to make sure it's in compliance with company rules and regulations but that it did not have any rights reading emails that were being sent to family members at home. The challenge came about concerning company documents being sent out of the building thru personal email or Gmail systems. Ken said, if you think I am going to risk sending company confidential documents over a company network when I can think of 10 others ways of getting it out of the building then you are looking in the wrong direction.
It was a healthy discussion, one that I think everyone enjoyed.
The show was clearly less attended by the masses but the attendees that did make it to RSA were a higher cabilar and were here on a mission. They were shopping for solutions to business problems, not here to collect give-a-ways.
Something that troubled me was the vast amount of vendors and different types of devices I was seeing for the first time. Now remember I have been in the security space for a while and I thought I had seen it all. One morning at 9am as I was walking the show floor looking at all the vendors (some of which I have never seen or heard of) it dawned on me. I said to myself "I am starting to think that some vendors are starting to make this shit up"! Shocking observation to be making but that is what hit me. Are these vendors truly coming to market with a solution to a problem, or coming to the market with something they hope someone will just buy it.
RSA is not something to miss. To me its the center of the universe when it comes to the who's who in security and I am glad to have made it and even more happier to have had the privilidge of presenting at it.
posted by Ken Pappas, President at
12:36 PM
0 Comments
