RSA confab: Boom times for security

Though still organized by RSA Security, a company with its roots in cryptography, the confab has developed into a showcase for security companies and an annual gathering for IT professionals. This year is the 15th anniversary of the event.

"There has been significant growth," said Ray Wagner, an analyst with Gartner. "The RSA Conference four, five years ago was much more of a technician conference."

The changing face of the conference mirrors a growth in concern over security in companies large and small. Once just an extra task for an IT manager, a digital breach may now bring legal entanglements for organizations. That's one reason why concern over security has moved into boardrooms.

Driving that increasing concern is a rise in threats such as armies of zombie PCs, higher awareness of data security dangers, and a need to comply with data protection laws.

With security now printed in bold on many corporate agendas, a plethora of new companies have sprouted up to sell products. At RSA, more than 275 exhibitors will show their wares. Product announcements at the show run the gamut and include application security software, e-mail security appliances, antivirus software and encryption technology.

Charles Kolodgy, an analyst at IDC, said: "The security market is as active as I have seen it in a long time. There seems to be something for everyone."

Many of the new vendors who jumped into the market are looking to cash out, often by being acquired by a larger player. Analysts have said that some of the security start-ups deal in features, not products, and essentially exist to be taken over.

And while new players continue to enter the space, takeovers are common. Symantec, in particular, has gobbled up many small security companies. Executives at the Cupertino, Calif., company said last fall that they plan to make six to eight acquisitions per year, with a major deal--such as Symantec's buy of Veritas Software--about every 18 months.

Over the past years, Microsoft has also been acquisitive in the security space, as it ramps up to deliver antivirus and anti-spyware products. The Redmond, Wash., software giant is set to take on traditional security players later this year with the launch of those lines.

Bill Gates will kick off the confab in San Jose, Calif., on Tuesday, the third time the Microsoft chairman will have opened the event. Other luminaries occupying the keynote stage will include Sun Microsystems chief Scott McNealy, Cisco Systems head John Chambers and Symantec CEO John Thompson.

Gates is expected to talk broadly about security in his speech, titled "Security in Tomorrow's World." The talk won't be as product-focused as in previous years, but Gates is expected to talk up security in Windows Vista and discuss Windows Defender, Microsoft's anti-spyware product, a second beta version of which is due out soon.

Last year, Gates unveiled Internet Explorer 7 at the conference and said Microsoft would deliver antispyware technology for consumers at no cost.

RSA itself also plans to make an announcement, which the company will describe only as a strategic shift. Company CEO Art Coviello is slated to speak Tuesday, after Gates.

Bring on the gear
Many companies in the security space are using the event to announce new products or updates to existing wares.

Symantec plans to introduce a new network access control appliance. Such products perform a health check on computers that join a network to make sure they meet company policy on such things as up-to-date patches, security software and installed applications. The new appliance comes preconfigured, Symantec said.

In a similar vein, Endforce plans to release access control software called Informant, a companion product to Endforce Enterprise. The software silently monitors a network to detect unknown machines and then alerts an administrator.

Nortel Networks also plans to introduce products and updates to its Secure Network Access portfolio. These technologies all target risks from internal users who may unknowingly introduce malicious viruses to a company network.

Sellers of identity and access management products that let businesses manage usernames and passwords, as well as oversee access to corporate resources, are also making noise at RSA.

Computer Associates International plans to announce the integration of its SiteMinder and Single Sign-On products for enterprise Web, client server and legacy systems.

In addition, Oracle is readying Identity Management 10g Release 3, a new version of its authentication and access management suite. The product is due out in May and will blend technologies Oracle acquired when it bought OctetString and Thor Technologies last year, the company plans to announce next week.

On the PC security side, Internet security company CallingID is set to release a version of its toolbar for the Firefox Web browser. The toolbar is designed to offer protection against phishing and other online attacks. It shows, among other things, who owns the sites a surfer visits and indicates whether the site can be trusted for business transactions.

Zone Labs, part of Check Point Software Technologies, is expected to introduce a 64-bit version of ZoneAlarm , its free firewall product. A 64-bit version of ZoneAlarm Pro, a for-pay product that includes spyware protection and a firewall, is due out later.

For Linux users, Eset will launch a new version of its NOD32 software. The product protects Linux systems against a host of threats, including viruses, Trojans, spyware, phishing and other malicious software, the company said.

To secure wireless connections, AirTight Networks plans to announce SpectraGuard Safe software, which lets administrators control wireless connections on PCs. It's designed to allow or prevent connections using various technologies, including Wi-Fi, Bluetooth and EvDO.

There are also options for file security. Tablus intends to give details about a technology relationship that will enable its customers to encrypt information on the fly. At the same time, GuardianEdge plans to launch the company's Encryption Anywhere Hard Disk platform, a full-disk encryption product.

Companies worried about an increase in the use of Skype on their networks can turn to Blue Coat Systems. The proxy-appliance maker plans to announce changes to its product line to allow network administrators to control which users can use Skype. Previously Blue Coat's products allowed only organization-wide blocking of the popular Internet telephony application.

In the enterprise rights management space, Liquid Machines plans to announce Document Control 6.0. The update is set for release in April and works with Microsoft's Windows Rights Management Services. New features include secure collaboration, application-level auditing and reporting, centralized policy administration and enforcement, and support for the Microsoft .Net architecture, the company said.

Vulnerability management company nCircle will show a new tool designed to help enterprises analyze security data. Called nCircle Focus and set to arrive in April, the tool promises to help companies more efficiently identify where there are risks, the company said.

nCircle faces competition from Novell, which plans to show off a new version of Novell Audit. The secure logging and auditing product collects data about the security, system and application events that occur across a network. Novell Audit can immediately notify users when a security breach occurs, the company said.

You've got e-mail tools
On the e-mail side, antivirus software maker Sophos is set to introduce the ES4000, an e-mail security appliance. The new product, due by the end of March, offers automatic updates and Web-based management features. It also removes viruses, spam, spyware, Trojans and other forms of malicious software from e-mail, Sophos said.

In the same realm but on the hosted side, Postini said it will launch its Postini Encryption Manager. The company has integrated encryption technology from Zix with its technology to allow its customers to secure sensitive e-mail, including to recipients who don't have encryption software.

Database security vendors are also seeking the spotlight. Application Security will demonstrate a new version of AppRadar, its database intrusion detection and security auditing product. Scheduled to be available next month, the new version improves protection for databases against attacks, abuse or misuse without degrading database performance, the company said.

Another database security company, Guardium, is set to showcase its recently announced Data Privacy Accelerator, which is designed to prevent unauthorized access to confidential data stored in databases. Guardium's appliances support major databases, and the new product includes policies, real-time alerts and audit reports.

Protegrity said it will unveil a product to protect sensitive data inside a company. Defiance 4.0 is a suite of tools meant to protect data at the application, storage, file and database levels. It also includes auditing capabilities.

The show will still have plenty for the cryptography die-hards, including the traditional cryptographers panel and a session that might cause a stir, called "Cryptanalysis of Hash Functions and Potential Dangers."