Here, if you so desire, you can focus your precious time talking with security vendors of every stripe without the clamor of bigger shows like Comnet or Networld+Interop. And you can combine a full day of keynote speeches and presentations with over 150 vendors ready to parade their wares and answer your questions.
Originally the RSA Conference was a security geek-fest focused primarily for developers. Over its 11-year history, the conference has expanded its coverage to include lesser mortals like you and me. I'm reporting the goings on at the 2002 conference in San Jose (February 18-22). The speakers this year are top-notch experts such as Bruce Schneier, Chris Wysopal, Ronald Rivest, John Cleese, and Richard Clarke. Organized into several tracks, you can attend sessions about "How IT Leaders Should Approach Wireless Technology," "On the Impossibility of Constructing Non-Interactive Statistically-Secret Protocols From Any Trapdoor One-Way Function" and "The Computer Security Expert Assist Team." Those are the morning's activities. Then get a bite to eat, and head off to the show floor to talk to vendors in the afternoon. The only bad thing about the RSA Conference is that there are so many interesting sessions packed into such a short amount of time it's hard to decide which ones to go to.
Jeff Curie from Access360 talked at length about "The Evolution of Provisioning" (i.e. "user provisioning") and the difference between provisioning, meta directories, and Web-based access control methods. Decidedly vendor focused, Curie talked about the value of simplifying user management and about some of the unique issues that need to be taken into account in provisioning using the Access360 products as the examples.
Curie states that the reality in the enterprise is that even with global user-provisioning tools, local administrators still use local tools to manipulate the user data base. A provisioning tool needs to be capable of noting changes and taking some kind of action like notifying someone or rolling back the changes, the agents need to be transparent to both the end user and the applications and the provisioning needs to scale and have a complete audit trail. Good stuff to think about even if you don't buy from Access360.
Next up, "Take My Security, Please: The Managed Security Services Market" with Gartner's John Pescatore. It looked like John was going to state the obvious for 45 minutes, but sticking it out paid off with some nice nuggets in the latter half of his talk. Some paraphrased points: If your organization hasn't outsourced services before, don't start with security. Learn to outsource well and understand the expectations spelled out in the contract and SLAs.
Next nugget: If your organization can keep up with security, including updates, new vulnerabilities and new security products, then you're probably OK keeping it in-house. Seems obvious, but unless you have taken a look at what keeping up with security means, this nugget bears reviewing. If you do outsource, keep some expertise in-house. You're ultimately responsible for your own security. Oh, and pure play managed security service providers (Counterpane Internet Security, Genuity, Riptech, etc.) have a difficult time gaining customers because there is no existing relationships on which to base trust.
And rounding out the day: "The American Bar Association's New PKI Assessment Guide." The PKI Assessment Guide is a set of guidelines developed within the Information Security Committee of the American Bar Association, and its members come from a variety of disciplines. The PAG is designed as a tool for lawyers and non-lawyers alike. It's not an assurance checklist nor is it meant to be used as a certification document. Rather, the PAG details a number of technical and legal issues that arise when designing and deploying a PKI. As a work in progress, the PAG will be updated as necessary to reflect changes in the future.
There's only one of me -- and lots of vendors (I did say over 150, right?) -- so
I was spread pretty thin. But here's my take on the vendors I talked to:
ForeScout Technologies has this product called ActiveScout that protects the perimeter by monitoring for reconnaissance scans and returning bogus responses to the initiator. Say a script kiddie is port scanning for a host to attack. ActiveScout detects the port scan and returns responses saying some service which is not open actually is to the scanner, let's say port 389 (LDAP). When the attacker tries to access port 389, ActiveScout notes the attacker's IP address and, knowing there is no reason why there should be connection attempts to port 389, blocks all further access from that IP address.
Sounds like a plan to me. At our Syracuse University Labs I am working on getting a copy to deploy on our host networks. I'll let you know how it goes.
Oblix. While Access360 is all about user provisioning, Oblix is all about access control, single sign-on and easy user management. CTO Nand Mulchandani has a vision of easy user management and tight application integration. Mulchandani is making the right sounds. If our Sneak Preview of Oblix NetPoint 4.6 is any
indication of future execution, Oblix is well on its way to solving a host of user management issues.
TippingPoint Technologies. OK, it's rare that I see a product that combines seemingly disparate functions into a single box and makes it sound not so crazy after all. These guys put a firewall, IDS, and a vulnerability assessment scanner into a hardware unit and made them all play nice. The vulnerability scanner scans the internal network and creates a profile of existing servers and services. The result of the vulnerability scan is used to tune the IDS to look for specific attacks against the live services. Reducing the IDS signatures reduces the false alarms that plague intrusion detection systems. The IDS monitors the traffic passing through the firewall and, when triggered, can take any number of actions, such as alerting an administrator or automatically blocking further traffic. And it's all configurable under one management station.
SSH Communications. These guys are pretty much below the radar, but they are also under the hood of a lot of gear. Traditionally known as a tool-kit vendor, chances are you have some SSH Communications code running in your network. The company's IPVia hardware products are really interesting. Aimed at the carrier market, IPVia is an easy-to-provision and deploy centrally-managed VPN hardware device. The box and a flash card holding the basic configuration are shipped separately. But plug them together, cable them up and you're in business. Need to replace the hardware? Just move the card to the replacement and wa-la! Done. Haven't seen VPN provisioning this easy since the Lucent Brick was in our Syracuse Labs.
Mike Fratto is a senior technology editor based in Network Computing's Syracuse University Real-World Labs® and covers all security-related topics. Send your comments on this article to Mike Fratto at mfratto@nwc.com.
RSS
