In this RSA Conference 2011 preview, SearchSecurity.com News Director Rob Westervelt and Senior Site Editor Eric Parizo discuss possible tips and trends with Joshua Corman, research director of enterprise security practice for the 451 Group
Read the full text transcript from this video below. Please note the full transcript is for reference only and may include limited inaccuracies. To suggest a transcript correction, contact email@example.com.
RSA Conference 2011 preview: Trends and tips
Robert Westervelt: Hi, I'm Rob Westervelt, the news director of
Searchsecurity.com. Thanks very much for watching this video. Today we're
going to be talking about the 2011 RSA conference and joining us is Josh
Corman. Josh is the research director overseeing security research with the
451 Group and we also have here Eric Parizo. Eric is the senior site
editor of SearchSecurity.com.
Well, Josh we're headed into the 2011 RSA conference, and why don't we just
talk about how the conference has changed over the years. It started out as
just a small forum for cryptographers and it has really just blossomed well
beyond that, hasn't it?
Joshua Corman: Yes, I think conferences change over their life cycle and went
from being a very niche industry, with a very niche technical focus. As it
grew and became more mainstream, you had a lot more practitioners. It used
to be the one conference you'd go to if you had a limited budget. It has
sort of morphed in recent years, where some of those practitioners who
perhaps outgrew hearing the same kind of CEO speeches year to year and it
has become more of a business development opportunity, a place to show your
booth, maybe announce products or upcoming products. So it's more of an
insider vendor-focused show at the moment. I'm sure they don't love that
particular matriculation but what's happened is a lot of the practitioners
have migrated south and trickled down. A lot of the folks that maybe would
have gone to RSA are say a couple years ago are now Black Hat forcing the people
from Black Hat to down to SchmooCon, or other migrations of skill set. It's
just a normal part of a maturing industry. Nonetheless, it becomes that
part of your rhythm that once a year we're going to have the RSA
conversation, set the tone, and see where people stand in the industry.
Robert Westervelt: So you say the RSA conference will possibly set the tone.
Is it a trend-setting conference though?
Joshua Corman: I think it's an indicator of the mainstream. There are
certainly some more forward leaning conferences, but they tend to be for the
elite or the digerati, so you're not going to get ground breaking research
here. I know they're making efforts to pull some of that back in. And some
of the talks I am looking forward to this year. I think the goal is to try
to bring more enterprise practitioners and executives back into the fold,
that might otherwise had gotten tired of the same speeches every year.
Robert Westervelt: You mentioned that you are going to be looking forward to
some sessions. You're actually going to be in a session, right?
Joshua Corman: Yes, I'm doing a couple of talks and panels but the one I'm
really looking forward to is there's a tremendous amount of interest on the
CISO practitioners to look for actuarial tables and scientific methods for
Robert Westervelt: Security metrics.
Joshua Corman: Security metrics. So we want to leave the era of faith-based
security behind us. The bad news is we're going to do a talk saying that
security methods are bunk. We're going to look at how security isn't like
car crash estimates and actuarial tables. The laws of physics don't change
very frequently. But we have rapidly changing technology, rapidly changing
Robert Westervelt: What kind of people do you see at RSA? Are these IT
director, CISO's who are going to be kind of the buyers security
technology? Or are there really some, down in the weeds, IT security pros
and maybe some reverse engineers and the hacking subset there too?
Joshua Corman: I hate to predict this year. I know there's a conscious effort
to try to seek more decision makers, more C levels. I think some of them
had left maybe during the bad economy, maybe just scrutinizing the travel
but there are some better talks this year, more use cases, more applicable,
better speakers than I had seen in the past. It had gotten a little
formulaic . I believe the mix will probably tick back up. The highly
technical people seeking training may be going to SANS training, to Black
Hats, to regional conferences. Or even to the co-opetition of the B side
event that happens at the same time as RSA. So if they're looking for late
breaking research or more technical training, they probably won't find it.
There's a whole lot of vendor posturing and vendor dealing and schmoozing
in this development. A little less enterprise focus but I believe they're
trying to change that.
Eric Parizo: In defense of RSA, Rob, it is still the premiere show that
happens in information security every year. It's still very heavily
attended by practitioners and experts and vendors alike. In terms of
reasons to attend this year I think it's important because there's been a
lot of change in the vendor landscape in the last year or so, a lot of
pretty major acquisitions that have altered some serious players' strategy
going forward, so it's a great way for security managers to go and evaluate
vendors all in one place. Plus really the best reason to go always has been
and still is, the peer-on-peer interaction. As I said, it's just such a
well attended show, and there are so many different types of practitioners
and decision makers alike there that there is such a great opportunity to
collaborate. In the hallways, at the breakfast, etc and that's really
where the biggest value comes in I think.
Robert Westervelt: Right, right. And you and I were talking about some of the
key notes. Over the years they have kind of changed a little bit. They've
become more sales pitches to a certain extent. It seems that way. The first
year I attended was the last year that Bill Gates was key noting. And I
know you recently covered the Microsoft key note in 2010, right?
Eric Parizo: Yes, I will say that that is a challenge sometimes. It's hard
to know what is legitimate information versus what's being provided to
attendees on kind of a pay for play basis. That sometimes is a little bit
murky because at the end of the day RSA/EMC is still out to make a buck at
this show. But there's still a lot of useful information I think from the
pretty major talks. Last year we heard from Scott Charlie at Microsoft. He
tends to speak every year. They made the announcement about the Waledac
botnet takedown; they got a lot of press over that. Also it's a good
opportunity to read between the lines during these vendor talks to get a
sense of what they would like to do, beyond and their product strategy.
That was the case last year with Microsoft continuing to further their
network access control strategy or paradigm for consumers on the internet.
Robert Westervelt: As an analyst what is your job at the conference? What are
you looking for at the conference? Do you kind of have one-on-one meetings
Joshua Corman: We have dozens of one-on-ones. They're not really briefings
per se` but it's a good chance for face time. I think the thing I like,
what I resonated best with what you said is it's not so much what you see
on the dais, it's what you hear in the hallways. These are monumentally
important events. It's the single biggest conference of the year and it's
the intangibles of the people who get face time in the hallway. I pay more
attention to what isn't said during key notes, than what is. Again it's not
trend setting but it is trend codifying. Whatever you hear there is going
to be the dominant theme of the conversation for the next 12 months. For
better or for worse. One of the most fascinating things to us last year is
that everyone worked APT my favorite term. Advanced Persistent Threat into
their speeches last minute. But it was very revealing, it's a risk they
take. Because it was revealing to see who really didn't get it. Who thought
this was some sort of Zero-day vulnerability, versus an altered strategy
for a different class of adversary.
Robert Westervelt: Intel acquiring McAfee, HP acquiring ArcSight. How does
that change the shape of the conference or does it?
Joshua Corman: The M&A activity is fast and furious. You may recall last year
there was an acquisition during the show and Teletactics was acquired by
Trustwave, so we fully anticipate someone's going to try to make some
acquisition announcement just around the show. But M&A should actually tick
up in 2011. Anyone that's in the buying mood will find the targets becoming
more expensive over time. So we're anticipating even though last year was a
pretty good year for activity, it's going to be as aggressive or more so
Robert Westervelt: How concerned should the average enterprise IT security pro
be about the acquisitions?
Joshua Corman: It really depends on who's being acquired and who's doing the
acquiring. In a lot of these cases there's absolutely no change until some
sort of transfer trade event. They leave them alone as a wholly owned
subsidiary. So there are several acquisitions that disappeared into larger
infrastructure companies, but that takes a lot of time. There's plenty of
time to plan your exit for your migration to other players but for the
most part some of these CISO's want to reduce and consolidate their vendors
anyhow. Fewer throats to choke, bigger discounts on their end of year
renewals. So they see most of these acquisitions on the whole as a good
Robert Westervelt: Well gentlemen thanks very much. For more news and more
videos check out Search Security.com/RSA 2011. Thanks for joining us.