RSA Conference 2005 took place last week in San Francisco with more than 275 vendors and more than 200 conference sessions. The last I heard, conference organizers were saying that 13,000 people attended, but that count wasn't official. One thing I am sure about is that with that many vendors and conference sessions, nobody saw everything!
There were some interesting announcements at the conference, so if you were not among the thousands who did attend, then here are a few of the highlights from the show:
In his keynote address, Computer Associates (CA) Executive Vice President Russell Artzt pointed out that business executives must now pay very close attention to security concerns at all levels of the company and be ready to thoroughly account for their decision-making processes, primarily due to government regulations such as Sarbanes-Oxley.
Cisco Systems announced a new phase of its Self-Defending Network technology. The company said that the new Adaptive Threat Defense phase addresses threats at multiple layers, simplifies architectural designs, and provides enterprisewide containment and control.
RSA Security announced the Security Authentication Roadmap, in which the company will provide a standards-based, enterprise-enabled platform for overall credentials management using strong authentication. The company also announced the RSA Authentication Service, which will help provide consumers with "enterprise-class protection" during their online activities; an RSA SecurID Appliance that provides two-factor authentication for businesses with fewer than 1,000 employees; and RSA SecurID SID700 and SID800 USB-enabled authentication devices.
Microsoft Chairman Bill Gates announced in his keynote speech that the company will launch new security initiatives that include various software updates, such as a future release of Internet Explorer (IE) 7.0 for Windows XP systems, the scheduled March release of a beta version of its unified Windows Update Service (WUS), Microsoft Baseline Security Analyzer (MBSA) 2.0, the release to manufacturing of Internet Security and Acceleration (ISA) Server 2004 Enterprise Edition, and Rights Management Services (RMS) Service Pack 1 (SP1). Gates also announced the formation of the Secure Software Forum in partnership with several other companies and the worldwide expansion of its Most Valuable Professional (MVP) program to help developers communicate with each other about developing secure applications.
Shavlik Technologies announced several new products, including NetChk Epicenter, a common GUI for NetChk applications that lets administrators scan numerous systems and applications, view scan results, and correct security problems. The company also announced that it will release patch-management solutions for Unix and Linux platforms--including AIX, HP-UX, Red Hat Linux, and Solaris--sometime in the second quarter of 2005. The company also announced NetChk Spyware and NetChk Shares, which lets administrators discover shared resources on one or more computers, remove shared resources, restrict anonymous access, and test for weak passwords.
Identity management solution provider Abridean joined the BlackBerry ISV Alliance Program, thereby forming a relationship with Research in Motion (RIM). Abridean will help simplify and automate management of Blackberry user accounts in BlackBerry Enterprise Server in combination with other messaging and enterprise systems.
DesktopStandard released PolicyMaker Application Security, which helps adminitrators enforce the practice of giving users the minimum privileges that they need on Windows-based desktops and selectively elevate privileges for users who need them.
Priva Technologies announced an upgrade to its Cleared Security Platform, which uses multifactor authentication in a single-point, end-to-end solution. The product now supports authentication for Web services, Microsoft .NET technology, email signing, and public key infrastructure (PKI).
Seaway Networks released a pretty slick product: the Trident NCA2000-L7P Intrusion Prevention Accelerator Card. The Intrusion Detection System/Intrusion Prevention System (IDS/IPS) card can be used to convert servers into filtering appliances. The board provides 2Gbps of full duplex data processing and pattern matching, including processing of network layers 2-7.
Lyris Technologies improved the detection of phishing and other email-related threats in its MailShield Server product with an upgrade to the embedded Mailshell SpamCompiler engine. Lyris said that MailShield Server is available for Windows and Solaris platforms, and a MailShield Pro version for Windows can record all SMTP transactions and provide a searchable audit trail of all incoming and outgoing messages.
And last, but certainly not least, Intense School presented its Live Online Professional Hacking class, led by Ralph Echemendia. The class teaches participants how to think like an intruder so they can protect themselves proactively rather than having to react defensively to intrusions.