The Roaring 20's of security?
This year's RSA show is slowly winding to its finish. This year's show is bigger, flashier, and richer than ever – more people, money, and partying in spite of the fact that this year's San Jose location if far more subdued than the usual San Francisco venue.
In spite of this, it seems a bit like the "Roaring 20's" to me. There are a zillion point tools vendors here giving away tee shirts and other booth knickknacks but at the same time, the big guys are talking about adding security right into the infrastructure.
Cisco, Nortel, 3Com, and Juniper are talking about security as a network service – right there next to WAN acceleration and network-based applications. Microsoft is demonstrating next generation client security, patching, and management. Sun is adding more security to Solaris and IBM is talking about Linux protection. The vendors get it. Security is important so they are simply "baking" security right into the technology stack.
So where does that leave the zillion VC-backed startups and established security vendors at the show?
Some are lucky; the market is coming to them. There was a big emphasis on Identity and trust at RSA 2006, good news for companies like BMC, CA, Novell, and RSA Security. Some see the writing on the wall and are adjusting their strategies accordingly. Many encryption vendors are moving toward key management for example. This is a great strategic move – as encryption becomes ubiquitous, key management is critical. Still others are increasing their coverage and enhancing business-centric features. Borderware integrated its gateway protection from e-mail to business communication and supports this with a ton of policy and reporting tools. F5 covers the gamut of application networking enablement and protection.
These are a few examples of vendors who "get it" and are zigging and zagging with industry changes. A lot of other "one trick ponies" are busy attending VC cocktail parties, hoping to be Symantec or Cisco's next acquisition candidate.
That leaves a vast majority of "others." How viable is Webroot with 25 million Microsoft Anti-Spyware users enjoying free software? Vernier Networks has a neat solution but what happens when Cisco and the networking crew bake network access control into switch ports? Akonix talks a good IM security game but how much upside is there in this space now that Symantec bought IM Logic and others are adding IM protection into their e-mail gateways? Does the industry really need 25 SIM/SEM vendors?
Security is a constantly changing beast so there will certainly be an entirely new crew next year and lots of Champaign flowing back in good old San Francisco. Nevertheless, there is an underlying sense of panic. At the end of the day, that frosty Heineken I drank at a VC shindig last night may have cost some investor thousands of dollars in losses.