Want CNET to notify you of price drops and the latest stories?

Security gets mainstream attention at RSA

Security is becoming standard and there's the smell of blood in the air as the industry is increasingly dominated by big-name companies.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
5 min read
Security gets mainstream attention at RSA The annual RSA Conference this week is expected to show evidence of a maturing security industry with an increasing role for big-name companies.

The event has long moved far beyond its origins as a get-together for cryptogeeks. It has developed into an annual gathering for corporate IT pros and a showcase for hundreds of companies, small and large, that hawk security products and services to businesses. This year is the 16th anniversary of the event. Again change is in the air.

"We're going to see a flight to quality, consolidation and quite a bit of merger and acquisition activity (in 2007)," said Andrew Jaquith, Yankee Group. "That's what's different about this year's RSA Conference; there is the slight whiff of blood in the air. You can sort of hear the screeching noises of the vultures overhead."

Security is becoming more structured and part of the IT infrastructure at companies, instead of being added on later, analysts said. Companies including Oracle, Microsoft, Sun Microsystems, Cisco Systems and Intel are vying for a piece of the pie, which may hurt the smaller industry players, they said.

"There seems to have been a recognition among some of the larger vendors that they can make money with security or, more likely, that they're not going to make any money if they don't have security in the future," said Gartner Analyst Ray Wagner. "That's certainly going to hurt some of the smaller vendors."

"In a lot of ways security is becoming more boring. But boring is good. Boring means maturation."
-- Andrew Jaquith,
Yankee Group

Case in point, database giant Oracle for the first time will have a major presence at the RSA Conference. The company will be promoting its identity management products as well as software to secure the applications it sells to help large enterprises with things like accounting and human resources. Oracle CEO Larry Ellison is slated to deliver a keynote speech on Wednesday at the San Francisco event.

"Oracle is more and more becoming a vendor of standalone security products that span both Oracle and non-Oracle technologies. You'll see a reflection of that at RSA," said Wynn White, Oracle's vice president of security and management products. Oracle has gobbled up numerous security outfits over the past few years.

Microsoft Chairman Bill Gates will kick off the conference Tuesday in a keynote with Craig Mundie, Microsoft's Chief Research and Strategy Officer. They are slated to talk about the software giant's vision for seamless and secure connectivity across networks and devices. Microsoft also plans to talk up security advances and partnerships.

"In a lot of ways security is becoming more boring," Jaquith said. "But boring is good. Boring means maturation. Boring means you're seeing large companies like IBM have a really rounded out security story. This is good for the mainstreaming of security into the way people run their business."

There is little left to "wow" people when it comes to security technology. Most of what will be on display at RSA is evolution rather than revolution, analysts said. While some of the threats may still be scary and shocking, the fixes are not that amazing.

"I don't think there is going to be the equivalent of the iPhone at RSA, but I do think that's a good thing," Wagner said.

As products have become more mainstream, so have the RSA attendees. There still is a track for the cryptography fans, but the bulk of the event is geared to less specialized visitors.

"Security concerns are moving away from tech geeks with pocket protectors monitoring networks in a back closet somewhere, to something that businesses managers and more senior folks are concerned with," said George Tubin, an analyst with TowerGroup.

Bring on the gear
The more than 340 exhibitors at RSA Conference will be calling out to all attendees in San Francisco's cavernous Moscone convention center. Many companies in the security arena are using the event to announce new initiatives, products or product updates.

Oracle plans to announce an add-on for Oracle Enterprise Manager that will let administrator manage and monitor identity and access management for Oracle and other technologies. Also, Oracle is slated to announce that its identity management and data vault products are now compatible with more Oracle business software products.

Identity management is a hot market led by companies including CA, IBM, Hewlett-Packard and Oracle and which research firm IDC predicts will grow to almost $4 billion in the next couple of years. Typically, identity management software identifies the users of a system and controls their access to resources within that system by associating rights and restrictions with a particular identity.

Other companies are expected to promote their advances in the identity management area at the RSA Conference. This includes Microsoft, which packed the new CardSpace identity management tool into the just introduced Windows Vista operating system. Last year Microsoft also talked up CardSpace, then still called InfoCard.

More traditional security companies will also be present. Firewall specialist Check Point Software, for example, plans to introduce a new Check Point branded security appliance aimed at midsize businesses. The firewall and virtual private network appliance will rival products from companies including Fortinet, Secure Computing and Sonicwall.

Protection from internal threats, such as accidental or malicious disclosure of confidential information, will be a major topic this week. Websense is expected to unveil its new Content Protection Suite and McAfee also is entering the space crowded with smaller players such as Vontu, Code Green Networks and GTB Technologies.

Companies promising to protect against yet unknown threats will also tumble over each other at RSA. Avinti, for example, is announcing iSolation Server 3.0, a product meant to stops threats such as zero-day attacks, targeted attacks other malicious code attacks not detected by traditional security software.

The emerging area of VoIP, or voice over Internet Protocol, security is also represented at the conference. BorderWare, which sells Web, e-mail, instant message and VoIP security tools, plans to promote its SIPassure SIP Security Gateway at RSA.

Web security specialist ScanSafe is launching a new product that is meant to secure Web searches inside a corporate network. Called SearchAhead, the product classifies results from Google, Yahoo and MSN and provides guidance on acceptable or unacceptable sites based on corporate policy and known malicious sites.

ScanSafe already provides a safe searching tool for consumers, and so do McAfee, Exploit Prevention Labs and others. At RSA, Finjan is entering the fray with its Finjan SecureBrowsing tool that alerts users to potential malicious content hiding behind links of search results, ads and other Web pages. It is one of the few consumer-focused announcements expected at the event.

Aside from products, security companies are also slated to announce partnerships this week. For example, Qualys is teaming with VeriSign. The Qualys vulnerability management tools will be used by VeriSign for its managed security services customers. Qualys is also planning to announce a new version of its product at RSA.

Next year, analysts expect, the RSA Conference will be a little smaller.

"We're thinning the herd, we will see fewer exhibitors because there are a lot of investments that some of the folks in the venture community have made probably aren't going to pan out," Yankee Group's Jaquith said.