Observations about IBM, HP, mobile security, Blue Coat and Barracuda Networks I’ve been in back-to-back meetings at the RSA Conference which limits my time for blogging. Here is my brain dump for the day:1. The focus of RSA seems to be on cloud and mobile security. I get that these are hot areas with lots of marketing buzz but I have two problems here: 1) Mobile security technology is relatively easy but the weird triangulation between a user, an organization and a service provider creates some interesting dynamics. Do I buy mobile security from my mobile carrier? If I do, has does the corporate security group get engaged? Do I really want my company putting security software on my personal device? I’m not sure how this will be solved but suffice it to say that this is different than my corporate PC. 2) I understand that we have to make the cloud secure before we will really embrace this model but let’s face it, existing IT infrastructure isn’t secure. Why aren’t we talking about securing this first? 2. RSA is mostly about security products, not security. I know, it’s a money thing but I wish we would highlight more about use cases, reference architectures, and best practices and less about the latest security widget.3. HP and IBM are way more focused on security than most people think. HP now considers security one of its five top business initiatives and IBM has created a virtual security group headed by Steve Robinson with its own P&L. Both companies can address what I call “big security” use cases like securing networked business processes, creating IT risk management best practices, or dealing with cyber security issues at critical infrastructure organizations. How many other security vendors at RSA can do this? Less than 5.4. Speaking of HP, the company is talking about a vision that merges ArcSight with HP operations software for further improvements to both IT service management and security automation. Cool stuff. If this takes off, it will be the exclusive domain of a handful of companies. BMC could play but it needs a security portfolio. CA could play but it needs a better security portfolio. Attachmate may be a wild card here with NetIQ and Novell. 5. There are a number of threat reports available and most are pretty good. That said, Blue Coat Networks did a great job of presenting its web threat report yesterday. Very insightful and a worthwhile read.6. Another buzz area is virtualization security but this one is more real to me than others. Why? Virtualization security is pretty elementary today, based mostly on physical safeguards. While vendors are announcing virtual security products they need to focus on education before they jump into technology. ESG Research indicates that security professionals lack virtualization knowledge and best practice models for server virtualization security. Until they gain this knowledge they won’t buy security tools. Time to teach the market how to fish.7. When I think of security vendors, I almost never think of Barracuda Networks but I have to give it credit for its manufacturing and distribution skills. Someone is buying these gateways. More tomorrow. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe