Apr 07 2008
This is a decidedly un-scientific survey, but if the stream of emails I’ve been receiving the last couple of weeks is any indication, PCI, virtualization and anti-malware will be the bells of the ball at RSA this week. DLP will put in a good showing, but the other three will be much more prevalent, with PCI in the lead by a significant margin. Of course, this is just based on the PR emails and requests for meetings, but that’s been a pretty reliable indicator before.
My own employer, Trustwave, will have a booth at RSA for the first time ever. We’re going to be talking about PCI, but our managed services offering will also be a large part of the message being communicated. I don’t plan on being there much, but I will be stopping by the booth from time to time. I’m nearly as interested in seeing what my own companies message is as I am the competitors. PCI isn’t an issue you can fix with a single product, even ours, so be very wary of the vendor hype as you wander around the showroom. Many companies offer solutions that address one or several points, but no one can wave a magic wand and make you compliant. That’s enough of my own professional windmill tilting for the moment.
Virtualization is the hot topic of the moment, so expecting a big turnout of technologies addressing all it’s foibles is a no-brainer. The real question will be how many of these products are really virtual machine related and how many are just other products that were re-branded to take advantage of a PR wave. It’s a bit harder to rebrand as VM compared to NAC a couple of years ago, but I’m sure a number of companies will be doing exactly that. Anti-malware is going to be in evidence just because it’s cycle is peaking right now; there’s not a lot new here, but it’s something people are thinking about again as the malware writers complete the shift from talented amateurs to professional criminals. And DLP is still a good idea, but when it comes down to it, I think this is a technology that is less a security product and more a business policy enforcement product. Unluckily for DLP, there are not ‘business policy enforcement’ conventions.
The press releases continue to pour in as I get ready for my week at RSA. I skim every single one, do a quick read on about half and take the time to really understand about 5% of the press releases I get. It’d be higher, but most of the PR folks just spam everyone on the RSA Press list, never taking the time to figure out if their product is relevant to the people they’re sending the press releases too. Me, cynical? Nah, you must be thinking of someone else.