SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, March 5, 2012

Bejtlich's Take on RSA 2012

Posted on 3:00 AM by Unknown
Last week I attended RSA 2012 in San Francisco. I believe it was my third RSA conference; I noted on my TaoSecurity News page speaking at RSA in 2011 and 2006.

This year I spoke at the Executive Security Action Forum on a panel moderated by PayPal CISO Michael Barrett alongside iDefense GM Rick Howard and Lockheed Martin CISO Chandra McMahon. I thought our panel offered value to the audience, as did much of the remainder of the event.

Most of the speakers and attendees (about 100 people) appeared to have accepted the message that prevention eventually fails and that modern security is more like a counterintelligence operation than an IT operation.

After ESAF (all day Monday) I divided my time among the following: speaking to visitors to the Mandiant booth, discussing security issues with reporters and industry analysts, and walking the RSA exposition floor. I also attended the Wednesday panel where one of our VPs, Grady Summers, explained how to deal with hacktivists.

Speaking of the RSA floor, I took the photo at left praising the 55 new vendors appearing at the exposition for the first time. I counted 13 I recognized as "established" companies or organizations (Airwatch, CyberMaryland, Diebold, FireHost, Fluke Networks, Global Knowledge, GoDaddy.com, Good Technology, Nexcom, PhishMe, Prolexic Technologies, Qosmos, and West Coast Labs). I didn't recognize the other 42. There were probably dozens more who were not first-time RSA vendors that I wouldn't recognize either.

I suppose there are different ways to think about this situation. A positive way would be to view these new companies as signs of innovation. However, I didn't really see much that struck me as new or innovative. For example, a company specializing in password resets doesn't really get the heart pumping.

Another point of view could be that the presence of so many new companies means venture capital is active again. I saw plenty of that at work for certain companies who I know have just rebranded, relaunched, or have been resuscitated in recent months. Several of them sported mammoth booths and plenty else. They must figure that if they have 7 or 8 figures to spend, they're going to put it into marketing!

I was in some ways overwhelmed by the number of attendees. I saw references to over 20,000 people attending RSA 2012. I believe many of them wore $100 (or even free, courtesy of vendors) "expo only" passes. With 20,000 people willing to participate in a security event, that tells me my @taosecurity Twitter follower count (over 11,000 today) has more room to grow. I would not have expected to rise much beyond 10,000 when I started Tweeting.

One of the best aspects of RSA 2012 was the Security Bloggers Meetup, which I was able to attend in person as I blogged previously.

My buzzphrase of the conference was "big data." To me, "big data" sounds like SIEM warmed over. I'll have more to say on this topic in future posts.

I'll probably return to RSA next year on behalf of my company, and again I will focus on the exposition and non-session activities. It's the only place where you can see so many security vendors in one place.

What did you think of RSA this year?

Tweet

Email ThisBlogThis!Share to XShare to Facebook
Posted in conferences | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • DojoCon Videos Online
    Props to Marcus Carey for live streaming talks from DojoCon . I appeared in my keynote , plus panels on incident response and cloud secur...
  • Bejtlich Speaking at TechTarget Emerging Threats Events in Seattle and New York
    I will be speaking at two events organized by TechTarget , for whom I used to write my Snort Report and Traffic Talk articles. The one-da...
  • SANS WhatWorks Summit in Forensics and Incident Response
    I wanted to remind everyone about the SANS WhatWorks Summit in Forensics and Incident Response in DC, 8-9 July 2010. The Agenda looks gre...
  • Sguil 0.7.0 on Ubuntu 9.10
    Today I installed a Sguil client on a fresh installation of Ubuntu 9.10. It was really easy with the exception of one issue I had to troubl...
  • Microsoft Updates MS09-048 to Show XP Vulnerable to 2 of 3 CVEs
    Microsoft published a Major Revision of MS09-048 to show that Windows XP Service Pack 2 and Windows XP Service Pack 3* are now Affected So...
  • BeyondTrust Report on Removing Administrator: Correct?
    Last week BeyondTrust published a report titled BeyondTrust 2009 Microsoft Vulnerability Analysis . The report offers several interesting ...
  • Human Language as the New Programming Language
    If you've read the blog for a while you know I promote threat-centric security in addition to vulnerability-centric security. I think ...
  • DNI Blair Leads with APT as a "Wake-Up Call"
    AFP is one of the few news outlets that correctly focused on the key aspect of testimony by US Director of National Intelligence Dennis Bla...
  • SANS Forensics and Incident Response 2009
    The agenda for the second SANS WhatWorks Summit in Forensics and Incident Response has been posted. I am really happy to see I am speakin...
  • NYCBSDCon 2010 Registration Open
    Registration for NYCBSDCon 2010 is now open. As usual George and friends have assembled a great schedule ! If you're in the New York...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ▼  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ▼  March (9)
      • Inside a Commission Hearing on the Chinese Threat
      • Impressions: Fuzzing
      • Impressions: Hunting Security Bugs
      • Impressions: The Web Application Hacker's Handbook...
      • Impressions: Web Application Security: A Beginner'...
      • Review of SSH Mastery Posted
      • Bejtlich's Take on RSA 2012
      • Keep CIRT and Internal Investigations Separate
      • TaoSecurity Blog Wins Most Educational Security Blog
    • ►  February (6)
    • ►  January (3)
  • ►  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ►  August (18)
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ►  April (13)
    • ►  March (17)
    • ►  February (2)
    • ►  January (9)
  • ►  2010 (193)
    • ►  December (14)
    • ►  November (11)
    • ►  October (6)
    • ►  September (16)
    • ►  August (15)
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ►  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile