Notes on RSA 2010 Exhibits

Great exhibition, as usual, and I really enjoyed it.

A. Most interesting (to me) exhibits and new products, in no particular order:

• PrevX "micro anti-virus." Got to try this. Only 1 MB footprint. Rather than download 5K+ signatures, it merely "pulls over" any suspicious software, fingerprints it, and transmits the prints to its central system to see if it's bad. Allows a much bigger signature database. Get your 1 year free trial copy at http://www.prevx.com/RSA.
• ThreatPost, a division of Kaspersky. More vulnerability data can't hurt.
• Secunia, which has a free desktop version, does a continual survey of which apps on your machine need patching, and optionally actually does it. Great for mindless staff. Enterprise version starts at $28,000.
• FBI recruiting booth, looking for cybersecurity talent.
• DHS, ditto. Rolling out CSET Cyber Security Evaluation Tool. Big focus, at last, on SCADA via their Control Systems Security Program. If you have, or are building, a utility (gas, electric, etc.) control system, they offer FREE programmer training and FREE evaluation of your design and/or system. Your only cost is airfare to Idaho Falls plus hotel.
• Damballa, only vendor (I saw) to openly discuss APT, which they treat as just another intrusion. Look for its control process signature and shut it down before even locating the malware.
• FreeScale, say they have built crypto into their processors, including secure booting. At last a ray of hope.
  
• Ipswitch MoveIt file transfer system. Bunch of simple, obvious solutions for moving files around securely within and outside the enterprise. Looks very useful.
  
• PGP recently acquired TrustCenter CA service. Interesting because I might actually trust PGP as a CA. $400 deposit signs you up at their most basic level.

B. Vendors not present this year: @Stake, CoreStreet, CounterPane.

C. Dead elephant in middle of room: Lack of secure booting / program loading on Intel micro processors renders most purported e-security solutions ineffective. The causes of this (national security) disaster shall remain nameless. You know who you are.

D. Sightings-of / encounters-with people I knew: Jeff Kutler interviewing David Chaum, Sandy Lambert showed me pics of her grandkids.

See you all again next year!