CONFERENCE REPORT
Security Fears Spark Interest in RSA Conference

With a rash of major virus outbreaks still fresh in their minds, network administrators and others will flock in record numbers to the annual RSA Conference this week, where they will be met with a flood of new product and service announcements aimed at quelling security and privacy fears.

RSA's event this year will feature a keynote address from Microsoft (Nasdaq: MSFT) chairman Bill Gates, a joint announcement from RSA Security (Nasdaq: RSAS) and Microsoft, and speeches from a range of security experts, including representatives from the U.S. Department of Homeland Security.

Microsoft has not indicated what Gates will say at the conference, but he certainly has plenty of topics to choose among, including a slew of recent vulnerabilities discovered in Microsoft products and the uproar generated when a portion of Windows source code found its way onto the Web.

RSA has estimated as many as 10,000 people will attend at least part of the weeklong conference, a 20 percent increase from last year.

Open or Shut?

Gartner (NYSE: IT) vice president John Pescatore told the E-Commerce Times that enterprises seeking quick fixes at the conference likely will be disappointed, despite the number of new offerings unveiled.

"There's no security silver bullet," he said. "Enterprises that understand that securing networks is a long-range, never-ending proposition that requires everyone from the CEO on down to be on board are the ones that will be the most secure."

Underscoring the complexity of the security equation, with a focus on standards rather than individual products, VeriSign (Nasdaq: VRSN) announced Monday its Open Authentication reference architecture, or OATH, a non-proprietary approach designed to help enterprises reduce their reliance on network passwords.

VeriSign said the open architecture will be more affordable and easier to deploy than systems using two-factor authentication, such as passwords and smart cards or biometrics.

"As we've seen with personal computers, networking, and other advances, adoption of any technology requires a fundamental shift from proprietary to open architecture," VeriSign CEO Stratton Sclavos said in a statement.

Standard or Automatic?

Meanwhile, the Organization for the Advancement of Structured Information Standards (OASIS) soon will announce that more private companies as well as the U.S. Department of Defense will support its Application Vulnerability Description Language standard. That standard is designed to break down the walls between various vendors, enabling faster and more efficient sharing of information about security flaws.

Plenty of other vendors also are debuting new products at the conference, including Sun Microsystems, which plans wider integration of its popular Java Card technology and a security architecture that will make it easier to deploy authentication and encryption.

No Wires

Later in the week, antivirus firewall maker Fortinet -- a firm founded three years ago by NetScreen founder Ken Xie -- will announce a content-based wireless firewall product that Fortinet vice president of marketing Richard Kagan said is the first of its kind.

The firewall, known as Fortinet WiFi, is designed to be installed at a wireless access point. The goal: to stop content-based threats, such as e-mail-borne viruses and worms, from being spread by even trusted wireless users.

Mobile security is one of several hot topics at the conference, with PC Guardian, SafeNet and Colubris Networks all joining Fortinet in launching new wireless products.

Overall, Kagan told the E-Commerce Times, the focus at this year's conference will be on new and innovative approaches that match the wave of new threats emerging seemingly every day.

"I think there's going to be a lot of focus on truly integrated security systems," he said. "A lot of organizations are frustrated that what they've already got is not addressing the problems that they're facing every day."