RSA Conference 2002: Where FUD Gets Down to Business

By Cameron Sturdevant  |  Posted 2002-02-27 Print this article Print

Tester's Choice: This year's RSA Conference was a witches' brew of federal money, a rowdy crowd of nervous-but-not-showing-it second-tier players, serene market leaders, and circling, savvy IT security managers.

The RSA Conference, one of the longest-running computer security shows, was held in San Jose, Calif., during the week of Feb. 18-22. It was a witches brew of federal money, a rowdy crowd of nervous-but-not-showing-it second-tier players, serene market leaders, and circling, savvy IT security managers. According to President Bushs 2003 budget proposal, IT spending by the federal government will jump another $7 billion, to $52 billion, most of which is meant to boost so-called homeland security. At the RSA conference, it looked more like a New Deal program for high-tech security companies. On the show floor I saw a plethora of "security solutions" maneuvering for visibility in front of government agencies and merger-minded big players. After talking with nearly 30 different companies over three days, it became clear that many of the showy second-tier companies are exploiting potential or real weaknesses in market leaders to get mind space.
For example, one interesting company, TippingPoint Technologies, touted its 3-in-1 intrusion detection, firewall and vulnerability assessment tool that runs on a proprietary OS. TippingPoint couples the product with a vulnerability update service. This is a direct challenge to established companies such as NetScreen that uses ASIC-based technology to get blisteringly fast performance, but can be relatively slow when it comes to updating new attack profiles.
TippingPoint also rattles the cage of Check Point Software Technologies FireWall-1, a software-based product that is widely used even though its often beaten in straight performance tests. Name dropping Market leaders RSA Security, Netegrity and Internet Security Systems were mentioned in nearly every interview I conducted. At the show, these companies were placid in the face of the rabble, but all are clearly thinking about the technology challenges facing IT managers. For one thing, the implementation and education sessions I attended were packed with savvy IT staff who asked thoughtful questions about the best way to plan for security in a wireless network and about upcoming standards development, again, especially concerning wireless networks, which are areas that are still emerging turf. There are still plenty of companies vying to answer IT managers tough questions with their products. For example, there were at least 11 companies hawking user identity management products (including Authenex, Authentica, Authentify, BioPassword Security Systems, Bridgewater Systems, Business Layers, Courion, Digital Signature Trust, IBM, Iridian Technologies, Novell, Oblix and Passlogix). There were also at least five smart-card vendors (ActivCard, Datacard Group, Datakey, Gemplus and SchlumbergerSema) and an innumerable swarm of VPN hardware and software products. Nearly all vendors were talking about services in addition to their products, in part because integrating security into existing networks is quite difficult, but also because security vendors are discovering that they need an ongoing revenue stream to stay in business. The conference was also swirling with more informal themes, including what to do about wireless, personal privacy, attack mitigation, the role of litigation in security (and it is coming on strong), identity management and whats the best way to implement crypto. My advice is to think back to Sept. 10. What were your biggest security concerns then? For most IT managers, those should be the biggest concerns today. As I packed up my laptop and tape recorder, I left the show with a mix of feelings. On one hand, its always a good thing to cover a maturing technology that has real value for IT managers and that lends itself to hard-science analysis (using X amount of computing power for Y hours will break Z level of encryption). On the other hand, seeing so many distrustful people gathered together at an event designed to promote fear, uncertainty and doubt made it clear that eWeeks coverage (we had two news reporters and two technical analysts covering the event) was needed to bring a practical perspective to bear on the subject. Senior Analyst Cameron Sturdevant can be contacted at
Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel