I’ve just returned from the RSA security conference in San Francisco, and thought I'd share some thoughts about the experience. RSA is a big conference: 20,000+ attendees, 450 credentialed journalists, and a huge trade show floor. It has a distinctly international feel, and there are a far higher number of suits in evidence compared to a typical IT professional conference. These people direct policy and make strategic security decisions. There's also a very visible government presence with large booths from NSA and DHS.
It might seem unusual for government agencies to have such snazzy exhibits right in the center of the trade show floor, but there's a very good reason. Good security talent is a very hot commodity. The unemployment rate for security professionals is…0%. It's more of a buyer's market than even that indicates. According to a different index the unemployment rate for security professionals is -30 percent. That's right, the need is that much greater than the available pool of candidates. This was reinforced empirically when one speaker asked for a show of hands from attendees that felt they had enough security talent for their operations. As far as I could tell, no one raised their hands.
You IT pros that are worried about your job, take note: Start studying up on security.
There was definitely a siege mentality pervading the conference, spurred on by many reports in recent months about a wide variety of high profile companies being hacked. Mandiant’s recent report on alleged Chinese military hacking put an exclamation point on these concerns. Indeed, the expression “If you think you haven’t been hacked, it’s just that you haven’t discovered it yet” has become a truism.
Many of the vendors I visited had themes around automation and intelligence to help out IT professionals that have neither the cycles nor the expertise to combat sophisticated malware infections or insider attacks. For example, Splunk is a company whose product specializes in consuming and analyzing large amounts of data (note I didn’t use the phrase currently being pounded into the ground) from a wide variety of devices such as servers, switches, and physical security systems. They're focusing on bringing higher degrees of correlation across these devices with intelligent alerting, so for example a suspicious user's activity can be tracked from the entrance door to their logon to their email activity and to what they print and when.
It was clear, across a number of sessions, by far the most successful malware attack sector was from spear phishing - malware email highly targeted to a specific individual or group of individuals based on background social engineering. Wombat Security focuses on improving the filtering quality of the end system: the targeted user. Through a series of interactive lessons and sample tests, it aims to decrease the chance that users will fall for a spear phish and click on an attachment to infect their machine.
Denmark-based Secunia announced the public beta of SmallBusiness, a patch management solution for home offices and small / medium businesses - an area I think has been under-served. It allows an administrator to monitor and approve software patches to client computers as a service from a web-based console. The product is free to monitor 5 or fewer clients (for example, your mother-in-law’s woefully unpatched desktop and your Uncle Harry’s notebook); in its public beta up to 50 clients can be monitored for free.
Though I always ambitiously fill out my schedule with interesting sessions, due to the several roles I fulfill at conferences I manage to miss many of them. The keynotes were interesting (and you can watch them here). In the breakout sessions, my favorite was a panel discussion on emerging conflicts in identity, with identity executives from PayPal, Ping Identity, Salesforce, and Google. Look for more on this session in an upcoming Enterprise Identity column.
Finally, the last session I attended was given by Microsoft Technical Fellow (and Windows IT Pro author) Mark Russinovich. Not presenting on behalf of Microsoft for this session, his talk was entitled "Trojan Horse", and covered a history of malware attacks and the interesting details behind them.
RSA is always an interesting conference. I always learn more about security-related topics. I get to spend face time with the identity community. I always come back and run thorough scans of my own computer network. And of course I'm extremely careful about what email I open.
P.S. – I’ve published some photos of the RSA experience on Windows IT Pro’s Facebook Page.