Security firms gear up for RSA show

More than 10,000 visitors are expected to visit this year's RSA Conference in San Francisco this week, where more than 250...

More than 10,000 visitors are expected to visit this year's RSA Conference in San Francisco this week, where more than 250 exhibitors are displaying technology to stop malicious hackers, viruses and other online scourges.

Once the exclusive province of cryptographers, the annual conference has grown and diversified in recent years along with the IT security industry itself.

This year's conference will reflect heady times for that industry, with a high-profile keynote address by Microsoft chairman and chief software architect Bill Gates. Attendance at this year's show is expected to be up by about 20% over last year, partly because of Gates' appearance at the show, an improving economy and a sustained interest among companies and the public in computer security topics such as viruses, spam and identity theft.

Conference organisers have also changed tactics to try to broaden the appeal of the show, adding a separate discussion track on identity and access management and adding a private Executive Security Action Forum for Fortune 500 chief information officers and chief information security officers.

Dozens of companies, large and small, are planning news announcements to coincide with the conference, with the need for better security management the dominant theme.

Companies including VeriSign and IBM are backing a new programme to develop an open standard for strong, multi-factor authentication that can be used across the internet.

VeriSign will announce an initiative called the Open Authentication Reference Architecture (Oath), which will replace the patchwork of proprietary user authentication products, allowing users to  access services on corporate networks and the web seamlessly, VeriSign executives said.

IBM said its Tivoli Identity Management product will support Oath.

Sun Microsystems will announce changes to its product line which are intended to make network security easier to manage.

Sun will integrate its Java Card technology with a wide range of the company's other software products. The closer integration will provide strong, multifactor authentication without requiring custom integration for customers who use its Java Desktop System, the company's alternative to Windows, said Rama Moorthy, manager of the security marketing and strategy group at Sun.

The idea is to make security ubiquitous, invisible to users and easy for businesses to use, Moorthy said.

Sun will also announce closer integration of its identity management product, the Java System Identity Server, with Microsoft's Active Directory Server. A new version of the Java System Identity Server that incorporates technology acquired with Sun's purchase of WaveSet features improved lifecycle management for user accounts and will allow customers to manage accounts directly within Microsoft's Active Directory Server using the Java System Identity Server.

Companies such as Qualys and Tripwire will use RSA to announce new versions of their products that work better with other security management technologies.

A new company, Skybox Security, will use the RSA Conference to unveil its product, called Skybox View, which is described as an enterprise risk management platform. Skybox View creates an integrated security model of an organisation's network that maps network scanners, firewalls and routers, as well as considering management systems and security policies. The product then launches simulated attacks against them to identify likely access paths for attackers.

Meanwhile, firewall maker Zone Labs will unveil the latest version of its Integrity security policy enforcement product, Zone Labs Integrity 5.0. The new integrated firewall and security policy management product features tighter integration with Check Point Software Technologies firewalls and virtual private network (VPN) products so that companies can limit network access to machines that comply with security policies regarding antivirus updates, system configuration and patch level.

Finally, the Organization for the Advancement of Structured Information Standards (Oasis) will announce growing support for its emerging AVDL (Application Vulnerability Description Language) standard, which allows security products from different companies to share data about software vulnerabilities.

Paul Roberts writes for IDG News Service

Read more on IT risk management