RSA Conference 2007

This year RSA Conference isn't as good as expected. I can't notice any difference between last year products and this year ones. It's just as if the market stoped last year and the innovation was wandering without any proper route. Nowadays everybody talks about NAC, but also last year!! Big vendors as Cisco, Juniper, RSA, Verisign, Microsoft, IBM, CA, etc only speak about the same subjects: some kind of NAC, log management, two/three factor authentication and old IDS/IPS style appliances.

I've been reviewing all the booths and I haven't been able to locate any innovation. Just some little booths were they were managing other important issues like malware real detection/protection (and not anti-virus stuff), date leakage or some idea trying to bind the technical facts to the risk analysis field (and not looking only at the firewalls ruleset!!!)

What happens with VoIP, smartphones, online fraud, botnets, etc that are targetting all the users? I guess that they don't care.

Anyway, conferences such as RSA are soooo different to, for instance, BlackHat. The more I attend any of those, the more I think that there are two different mainstreams when talking about information security. One is the 'enterprise' feeling of security, and the other the daily security threats that we face up as normal users.