This year’s RSA Security Conference 2013 is already in the rearview mirror, and I’ve set about collecting my thoughts on which vendors at RSA had the most interesting products or services to announce at the show. What follows is an alphabetical list of ten companies that had some of the more interesting IT security products on display, based on my own observations and some questioning of attendees, fellow journalists, and a security analyst or two.
Top 10 Security Companies to Watch
1. Barracuda Networks – Barracuda is a familiar name to many IT professionals, providing a variety of security products over the years, from virus and spam firewalls to web security services. This year Barracuda unveiled a revamped next-generation firewall (NGFW) aimed squarely at small and mid-sized businesses, as well as announcing a deal with Microsoft that will see Barracuda’s web application firewall available for Windows Azure cloud services.
2. Bromium – I blogged a bit about Bromium when it was in the start-up phase last year, and the company made an impressive entrance onto the market at RSA. Citrix XenSource co-founder Simon Crosby is one of the key executives at Bromium, which relies on what it calls “micro-virtualization” to keep desktops “utterly secure.” According to Bromium, their technology leverages hardware virtualization to isolate suspicious tasks into virtual containers that protect the rest of the desktop or the network. The product is dubbed Bromium vSentry, and it’s worth checking out the vSentry white paper[PDF] or watching the embedded video (below) for more info.
3. Cloudmark – I love meeting with smaller vendors and companies that are doing remarkable things, and Cloudmark absolutely falls into that category. Cloudmark’s Andrew Conway described how Cloudmark provides technology that helps combat SMS spam and hacking, which is a relatively underreported aspect of mobile security. According to Conway, SMS attackers have been able to create Eliza-like messaging software that is programmed to gather information from SMS users based on the text messages they send. Here’s an abbreviated (and SFW) sample output of the program at work, with the “vca_sweet” messages being automatically generated by the SMS hacker’s program.
[2/8/13 4:45:07 PM] Cloudmark Researcher: Hello?
[2/9/13 9:33:40 PM] vca_sweet: heya
[2/9/13 9:33:59 PM] Cloudmark Researcher: wassup?
[2/9/13 9:34:11 PM] vca_sweet: hi …. have we spoken before?? 22..female..you??
[2/9/13 9:34:30 PM] Cloudmark Researcher: older guy. You texted me?
[2/9/13 9:34:49 PM] vca_sweet: i’m sorry..i get to be forgetful from time to time! how are u??
[2/9/13 9:35:05 PM] Cloudmark Researcher: OK. Where do you live?
[2/9/13 9:35:12 PM] vca_sweet: miami
[2/9/13 9:35:28 PM] Cloudmark Researcher: Late at night there, huh?
[2/9/13 9:35:48 PM] vca_sweet: Just got out of the shower..long week been working a lot! but i’m feeling naughty! so what’s up…. wanna have some fun? =)
[2/9/13 9:36:04 PM] Cloudmark Researcher: What are you wearing?
[2/9/13 9:36:16 PM] vca_sweet: im wearing almost nothing lol
[2/9/13 9:36:39 PM] Cloudmark Researcher: What’s the weather like there? Hot?
4. Microsoft – An integral part of RSA since the conference began, Microsoft was on hand to make the case for “security optimism” and to tout the latest security capabilities of Windows 8. I got the chance to sit down with Microsoft’s Chris Hallum from the Windows 8 client security team at RSA, and he pointed out some problems with hard drive encryption that the latest version of Windows Bitlocker was designed to address. “In the past, drive encryption had two big challenges,” Hallum said. “It was hard to configure, and it took a long time to encrypt large drives.” For more information, read parts of my interview with Hallum about Windows 8, or check out our Windows 7 Bitlocker articles on the Petri IT Knowledgebase.
5. Narus – Next-generation security threats often need the most innovative approaches to combat them, and Narus — a subsidiary of Boeing — is attempting to do that. Narus uses a combination of automation, “machine-learning,” and other factors to help identify security threats. Forrester Research Security Analyst Heidi Shey also thought Narus was doing some interesting work in security: “Narus surprised me. There’s been a corporate relaunch, and an increased focus on innovation, both for their own products, as well as technologies they will license and OEM to other vendors,” Shey said. “They are not just about network traffic monitoring and analysis anymore. Their new N10 solution is for data security–think secure file distribution and collaboration.” Check out the Narus security infographic [PDF] for more information about their approach.
6. Qualys – Cloud and web security vendor Qualys had a number of announcements at RSA, including an enhanced version of their BrowserCheck Business Edition offering, new features in QualysGuard Web Application Security (WAS) 3.0, vulnerability management tools for Amazon EC2 and VPC, and an expansion of their popular FreeScan service. I’ve personally used Qualys BrowserCheck to make sure all my browsers and plug-ins are patched and updated, and the Qualys Freescan service brings that same ease of use (and free!) approach to scanning your servers, desktops, networks, and web-based applications.
Qualys BrowserCheck (above) is a free, easy-to-use tool for checking the security of browsers and plug-ins. A Business Edition with more functionality is also available.
7. Remotium – One of the aspects of the RSA conference that I look to most every year is the Innovation Sandbox, a program that seeks out, promotes, and rewards companies that are doing smart, innovative things in the world of information security. This year was no different, and the winner of the program this time was Remotium, a new company that seeks to solve mobile device management security by using virtualization to effectively run mobile applications in the cloud and then stream the apps and data to those devices in real-time. It’s an innovative solution, and it garnered praise from a panel of judges that included Paul Kocher, president of Cryptography Research, and Gerhard Eschelbeck, CTO & SVP at Sophos. Remotium also integrates with Active Directory, making it easier for security admins to integrate the service with their existing IT infrastructure.
8. Secunia – Another small vendor doing some cool things is Secunia, a small security vendor based in Copenhagen, Denmark. One of their newest products is Secunia SmallBusiness — now in public beta — that provides cloud-based patch management for small businesses with up to 50 client PCs. I spoke with Morten Stengaard, Secunia’s director of product management and quality assurance, who said that Secunia SmallBusiness was designed for small IT shops who need security just as much as larger companies, but who don’t have the manpower, budget, or resources for the level of security they may want. “You can control all of the security updates through one web-based console,” Stengaard said. “It can automatically update programs with the latest patches and can verify that Microsoft patches have already been applied.” One potential benefit for system administrators who volunteer their time as the default family IT support technician — as yours truly has done many times in the past — is that Secunia SmallBusiness is free for up to five clients, so you can use the service to remotely ensure that the PCs of family and friends are getting the latest patches and updates, hopefully avoiding those late-night calls to triage an infected PC for a loved one.
9. SpiderOak – Another company at RSA that Forrester Research analyst Heidi Shey was keeping an eye on was SpiderOak, which — at first glance — has many similarities to online file storage services like DropBox or Box.net. That would be a faulty assumption, as SpiderOak layers in a host of features and capabilities that are aimed at security-concious organizations, like a fault-tolerant design, available two-factor user authentication, encryption support, and other enhanced privacy features. It also syncs files and data across multiple devices, so could be a service to watch for system administrators concerned about the security chops of other cloud storage services.
10. Wickr – As the well-publicized hacks of celebrity cellphones has proven (both by hackers and by supposedly legitimate news organizations) keeping text messages, video, and photos secure on a mobile device isn’t always that easy. That’s where Wickr steps in: This free app provides a number of security features for your smartphone communications, including the ability to delete sent messages, improve privacy, enable anonymity, and a number of other security enhancements. Time will tell if Wickr will find a place as a secure alternative for traditional smartphone texting and messaging methods for security-minded companies — or if it will become the app of choice for philanderers and cheats, like the ‘TigerText’ phone app. Still, you have to give the company props for taking a novel approach to messaging security.
Have any security companies or products exhibited at RSA that you think deserve a place on this list? Drop me an email with your favorites.