RSA Conference Wrap-Up — Part 1
The RSA Conference has long been a leading indicator of the security market. Therefore, it was not surprising that this year’s conference was bigger than ever with vendors, customers, the press and venture capitalists rubbing elbows and sharing new ideas about the next big thing. Clamoring for attention on the showroom floor was nearly every noteworthy security vendor, from tiny shops addressing discrete problems to huge enterprise vendors offering products to solve almost all of their customer’s security needs.
Nearly every security topic is discussed at RSA, from physical security to Anonymous and state sponsored cyber attacks. However, there was lots of attention focused on security concerns related to three critical areas: mobility, cloud, and big data. With mobility, most organizations have begun to establish BYOD (Bring Your Own Device) policies. However, managing the onslaught and ever changing variety of devices and platforms is proving to be both an organization and technical challenge. As these customers adopt cloud computing, security teams are struggling to ensure that the environments are secure enough to provide the right balance of flexibility and safety. Finally, big data was an overarching theme for vendors at the conference and mentioned in nearly every keynote. The use case for big data with security is becoming clear – gather vast amounts of security data such as logs and threat feeds, and then analyze these data using a big data engine such as Hadoop to detect abnormalities that would not trigger traditional rule-based systems. Operationalizing outcomes from such a massive amount of data is still a pipedream for many vendors and security operations teams.
The summaries below on Agari, Airwatch, Alert Logic and HyTrust are based on conversations I had with vendors at RSA. Many of these vendors are beginning to look for ways to add big data technologies into their solutions in order to add “intelligence” into their product.
Agari is a security startup that focuses on protecting brand reputation and consumer security through the prevention of reverse-phishing and other fraudulent email activity. The problem that Agari is addressing is that criminal organizations are sending out massive emails from addresses that appear to be from a legitimate sender. For example, if a customer receives an email that appears legitimate and is from a sender within a company’s domain, for example accounts@YourBank.com, they are likely to respond. When it turns out that the email is fraudulent, not only are customers harmed, but YourBank suffers a major loss of trust.
The company has partnerships with email vendors in order to stop fraudulent emails from reaching customers. The solution is cloud based and uses a big data architecture to analyze billions of emails daily. Currently Agari is focusing on the following vertical markets: financial services, eCommerce, and travel booking. They have landed a number of notable customers, including JP Morgan Chase. Although Agari is in a niche market, their solution is tailored to solve an increasing problem.
Airwatch is a Mobile Device Management (MDM) vendor that is helping companies implement Bring Your Own Device (BYOD) policies (See my previous blog on BYOD: http://ddkirsch.wordpress.com/2012/05/02/byod/). The MDM market is crowded and nearly every security vendor has some sort of multi-device management offering. Airwatch has gained significant traction, and finds that many of its customers are actually implementing their 3rd or 4th MDM product. The top reasons Airwatch reports winning customers is their feature set and variety of supported devices. Airwatch has a strong focus on securing nearly every device that employees are bringing into the corporate network. Although founded ten years ago, the company just received its first round of financing from Insight Capital Partners of roughly $200 Million.
Some of the highlights of Airwatch’s approach are:
1. A cloud deployment model which means that clients do not need to make a large, upfront infrastructure investment. Approximately 70% of Airwatch’s customers use their hosted, cloud service. If a customer wants to gain greater control over their Airwatch deployment, a cloud deployment can be transitioned to on-premises to either a dedicated appliance or a virtualized environment.
2. Airwatch is aggressively partnering with device manufacturers and platform developers. The company has a strong partnership with Samsung and has announced new partners. By partnering with device manufactures, Airwatch is able to offer greater security for both the hardware and software lawyers.
3. An easy to use, yet powerful administrative interface is critical for successful implementation. During a hands-on demo, it was clear the Airwatch has spent a significant amount of effort on ease of use.
Alert Logic offers a Software as a Service (SaaS) solution for both compliance and security of cloud infrastructure. At the core of the product is the capability to ingest and analyze millions of events a day in a in-house developed NoSQL database. The company has several patents on their analysis technology. Alert Logic has created a taxonomy that all of the log data goes into. Several different “lenses” are offered to clients — for example the security lens highlight different events than the compliance lens.
Alert Logic has remained hypervisor agnostic, which allows it to be deployed in a variety of environments. In Addition, the solution remains the only Network Identity Detection System (IDS) available in the AWS Marketplace (Amazon Web Services).
In February, 2013 Alert Logic announcement their 3rd generation log manager that is built on a big data framework. The new log manager is meant to change the way customers interact with the solution. Customer searching and exploration is a key highlight of the new user interface. A simpler query has been added so users don’t need to execute complex specialized searches.
HyTrust focuses on addressing the unique security and compliance challenges associated with cloud computing. The company has a deep partnership with VMware and works with organizations that are using VMware technologies to either create a virtualized data center or an on premises private cloud. HyTrust’s most recent customers have engaged with them in order to address the following problems:
1. A large company in a highly regulated industry wanted visualization and auditing capabilities for data center services that they were outsourcing.
2. With the cloud, services, storage and applications that used to be spread across an organization are consolidated into an easier to manage environment. This consolidation can lead to risk however because so many critical services a relying on the private cloud infrastructure. HyTrust addresses this concern by offering sophisticated monitoring capabilities at the individual Virtual Machine level.
3. Empowering users to do their jobs while at the same time segregating duties, limiting access and meeting other compliance and auditing mandates is difficult. This can lead to users creating workarounds. HyTrust offers a monitoring capability that reports and logs events but allows them to take place. This monitoring capability allows organizations to meet auditing requirements while at the same time enabling