And so begins Anitian’s daily blog on RSA 2012.

Today was a short day at RSA. None of the big presentations started today. I did not get to the show until 12:30PM. My Alaska Airlines flight was pleasant, although the plane continued on to Cabo San Lucas, and I contemplated hiding on the plane and going with it. However, despite all my powers, invisibility is not one I have mastered.

The event I did go to is the Innovation Sandbox. I was very much looking forward to this. It showcased 10 new security vendors. And honestly, they were all pretty interesting. I have documented my analysis of these 10 vendors and their technologies.

Sumo Logic (http://www.sumologic.com/) was up first. They offer a cloud-based SIEM. Not new or revolutionary, but it is quick to install, quick to run and does not require any on-site equipment. These guys are well backed and seem to have sound people at the top including some former guys from ArcSight. I see a future for them. The cloud is a logical place for SIEM to move. But, you need to free it of any on-premise hardware. It is the hardware costs and support that quickly reduce the value of any hosted SIEM. Their answers regarding data separation and segmentation were a bit tepid. But, I’ll give them a pass for that now. We have been developing a cloud-based SIEM at Anitian the past year using commercial tools. The pricing models never seemed to work because of the commercial licensing issues. It sounds like these guys don’t have that problem.

MokaFive was next (http://www.mokafive.com/). They offer a “bare metal” virtualization platform that uses cloud storage. Honestly this felt like a rehash of Citrix and some other existing technologies. And the cloud storage thing seems troublesome. Not everybody has a 100Mbps Internet connection to get the image updates. I like the concept – separating the operating system and applications from the user data, which allows for abstraction and isolation. But, I have suspicions about this in practice.

Sonatype was next (http://www.sonatype.com/) I really liked this idea, and I don’t see how it will ever work. The idea is that they have a central repository for open source components. Apache, Java, Sendmail, etc. You subscribe to the service, upload your components, and you have a single point to manage them and get updates from open source development teams. Its basically, a cloud-based versioning system. I like the idea of having these components centralized. I like the idea of having them maintained. But, I just don’t see this getting critical mass. The problem is that a lot of the users of open source components are not going to pay for a service like this. They just will have a hard time seeing the value. I see the value, but I am a security guy who comprehends the risks inherent in deprecated software. Most business people and developers will be hesitant to put all this in the cloud.

Pindrop Security was up next. (http://pindropsecurity.com/) This is a genuinely innovative piece of software. I was impressed with the idea, the concept, the execution and the promise of this product. Basically, this product can analyze audio from a phone call and determine where the caller is located, what type of device they are using, and the type of connection they have. The technology is backed with some sound science and research. It claims to be able to detect if a person is calling from Florida or Nigeria and what device they are using. My only thought is that there is a relatively limited application for this technology. Banks, credit card companies and a few other firms could use this as an anti-fraud technology. The average business would probably not get huge benefit from this.

Imperium was next. (http://impermium.com/). They offer a “social media spam protection.” Frankly, this did not seem like a very impressive product. It also is highly dependent upon a crowd-sourcing model that requires firms to proxy social media through them. Those are two big barriers to entry.

CloudPassage was next. (http://cloudpassage.com/) They offer a host-based cloud security product. They tout that it is completely independent of the virtualization layer, running entirely in the operating system. Well, so does McAfee, TrendMicro, Symantec, and just about every other endpoint security product. I was having a hard time seeing the innovation here other than they attached the words “cloud” and “virtualization” to a host-based security product that has some “cloud” intelligence. Meh.

Next was ContentRaven. (http://www.contentraven.com/) They offer a secure content delivery mechanism for mobile. Secure documents and video are the primary content they deliver. They claim to provide ample controls over distribution, access and recovery. First, their company has a really dumb name. Second, there are a lot of other products that can do this, and more. While this seems like a nice-to-have, I have a hard time seeing it as a must-have. A decent mobile device management platform can offer the same basic feature set – and more. Good Technologies already offers a more robust suite of tools. I have my doubts about these guys.

Next was DomeSecurity. (http://www.dome9.com/) They offer a management platform for cloud firewalls. I missed part of their presentation, but, what I heard did not impress me. It’s a simple concept, that seems unnecessary, and the company name is really dumb. I fail to see why you would spend money on this since the cloud providers already offer these services, for free.

Next was Appthority. (http://www.appthority.com) They offer a platform that sandboxes apps and tests them for malicious behavior. Basically, you can download apps to their platform and test them, and then bless those apps for deployment into your environment. I like their concept and I think it is a good technology. I also think the app stores are basically already doing this and negating the benefits of their software. What would make sense is for Google or Apple to buy them and use them as a pre-flight testing platform for apps before they are released.

And last was ionGrid. (http://iongrid.com/) They offer a platform for delivering enterprise applications on the iPad. You deploy an app on your iPad, then a server in your DMZ and you can then connect to it and get to your apps. Wait, isn’t that just an SSL-VPN? This is another app that makes no sense. Why use this when you could get an SSL-VPN and use an RDP or Citrix client and get the exact same thing. And you could integrate two-factor authentication and other features with the SSL-VPN. These guys do not have a very innovative product. They are just milking the buzz around mobile.

There you have it. I think Sumo Logic, Pindrop and Sona Type are the best of the bunch. They seem to have actual insight into real problems facing companies. Although, based on their technology, Pindrop has a limited market. The others are all interesting, but I was having a hard time seeing them gain critical mass because existing technologies already do what they do, and in some cases offer a lot more.

I’ll post more tomorrow.

Andrew Plato

Share This
%d bloggers like this: