As the famed Boston Globe sports columnist Dan Shaughnessy often quips as he starts a column that he either should or could’ve written days beforehand… “picked up the pieces” from another raucous, rapid-fire RSA Security Conference last week.
(Of course he probably wouldn’t try to use the excuse of having no laptop power cord for a couple of days as an excuse for failing to write…)
So what did RSA Security Conference mean to Core Security this year? Plenty of re-connecting with old friends, as well as the start of some initiatives from which we expect big things in the next year to come, specifically.
The unofficial theme of this year’s entire show was undoubtedly the rise of so-called cloud-based security solutions, or services, but for Core the 2010 RSA confab meant so much more than flouting its applicability to one delivery model.
We did officially launch our integration within the cloud-based QualysGuard PCI Connect hosted compliance automation ecosystem, along with an expanded partnership with vulnerability assessment specialist nCircle.
However, the biggest event for our company was an off-site CSO roundtable event that we hosted for roughly 30 of the most influential leaders in IT security today – including security executives from among the largest commercial and government entities in the world.
Led by our newly appointed Advisory Board, the meeting consisted of an open forum where the execs spoke openly about their challenges in managing IT security operations and addressing today’s most pressing cyber-crime and compliance risks.
As Core CEO Mark Hatton and AB members Roland Cloutier, Melissa Hathaway and John Stewart pushed the group to give their most frank opinions on the daunting situation faced by nearly every organization today, it became clear that Core’s vision for more comprehensive and proactive IT security testing and measurement is an idea that is ready for prime time.
Having the ability to constantly monitor a wide swath of IT systems, applications and end users to determine their exposure to real-world threats – having an effective manner to confirm that existing defenses are working, and a smarter filter through which to validate security data and vulnerability scanner results – those are concepts that these leading strategists and practitioners are ready to embrace.
The thrust of the conversation endorsing more pervasive testing paralleled comments that Stewart, Cisco’s CSO, made earlier in the week on a show panel he spoke on with Hathaway and other industry leaders.
“Making security simple is hard to do, but exploitation is increasingly easy; we’re at a precipice and we need to figure out how to tip the scales,” he said.
As Core is already well down the road of building its new enterprise security testing and measurement solution, all the nodding heads in the room served to further reinforce what we already know. We’re in the process of creating something truly powerful and unique, which will already be in some of these C-levels’ organizations by the time we meet for RSA 2011.
In addition to our roundtable event, Core also had one of its CoreLabs researchers, Pedro Varangot, deliver another fascinating session highlighting cutting-edge security risks. This time the topic was abuse of social networks, and how attackers can already employ automation to create highly targeted spear phishing attacks that take advantage of the trust relationships that people have formed over the sites.
We also saw one of our marquee customers, Pennsylvania CISO Bob Maley, joining his peers for a panel that elevated the challenges facing our U.S. states in addressing everything from budget cuts to IT consolidation. Maley also drew rave reviews from the audience for his return performance in scoping out more secure applications development tactics.
Between these aforementioned moments, after-hours receptions held with Qualys and nCircle, and a litany of other business and social events, RSA Security Conference proved once again to be the centerpiece show of the year for the security industry to come together and size up itself.
Here’s to another year of good company, come and gone, and lots of new measurement to come.
We hope to see all of you again next year. Now it’s time to hunker down and make some clouds of our own.
-Matt Hines, Chief Blogger