Huge Turnout at RSA Shows Hackers are Winning
In the battle between enterprises and malicious hackers, the bad guys are clearly winning, judging by the sheer number of people and exhibitors at the RSA security conference going on here this week.
Wed, February 26, 2014
Computerworld — SAN FRANCISCO -- In the battle between enterprises and malicious hackers, the bad guys are clearly winning, judging by the sheer number of people and exhibitors at the RSA security conference going on here this week.
With an estimated 30,000 attendees and more than 400 exhibitors, RSA 2014 is the biggest event since its launch as a conference for cryptographers in 1991.
That's clearly a good thing for RSA, which by one analyst's estimates generates more than $100 million in revenues from the event. It's also a great thing for security vendors because it shows demand for their products is booming.
But the conference's growth is a also sobering reminder of the continuing challenges enterprises face in protecting their networks and data against malicious attackers. The RSA conference is not a Consumer Electronics Show or a Mobile World Congress. If demand for security products is increasing, it's because security tools are not doing the job well enough, enterprises are not implementing them properly or because hackers are finding new ways to breach networks.
Whatever the reasons, the security problems are continuing to grow for companies. It's one thing to have a home alarm system and another thing entirely when it takes guard dogs, perimeter fences, security grills, motion detectors and guns. Then it becomes an indictment of the entire neighborhood.
Year after year, vendors use RSA and similar venues to tout state-of-the-art security technology. Some of the products are enterprise tested and ready. Many are vaporware products fueled by hype from venture capital dollars.
This year is no exception. Two cavernous halls at San Francisco's Moscone Center are filled with vendors offering a dizzying array of products purportedly addressing every conceivable enterprise security need.
There are technologies for predicting, detecting, blocking, responding and mitigating attacks. There are tools that let enterprises measure risk, prioritize assets, control privileged users and monitor network behavior on a continuous basis.
Like every year, some products are touted as trend-setting, just like antivirus tools, firewall technologies, security incident management products, IPS products and data leak prevention tools were pitched a few years ago. This year, the buzz is about automated threat monitoring, network intelligence, data analytics and incident response.
Many vendors are using the breach at Target as a classic example of what could happen to enterprises that fail to implement their specific product or technology.
"If you have an intelligent opponent, it behooves us to make our systems better," says Sam Curry, chief strategy officer and chief technologist at RSA. The best way to do that, he said, is to combine traditional approaches with data analytics and selective automation of crucial processes.