SAN FRANCISCO –Shinji Ueda traveled all the way from Tokyo to be at the RSA Security Conference at San Francisco’s Moscone Center this week. Mr. Ueda, manager of the IT business department, machinery division of Sojitz Corporation, consults to the Japanese Government’s Ministry of Defense and the Cabinet of Japan on issues of cyber security.
For the past 60 years, his company has been the sole representative of Boeing aircraft to the Japanese Market. Understandably, Mr. Ueda worries about IP belonging to both Japan and the U.S. falling into the wrong hands and cites a constant barrage of cyber attacks coming from China. This is why he consults with his government leaders to improve security on a national level.
During the show, Mr. Ueda joined one of his security partners, Narus, at a press and analyst dinner on February 26. Narus had just emerged from an eight-month cocoon during which the company, having been recently acquired by Boeing, took itself off the web. At RSA, Narus came out as a sleeker, more intelligent way to analyze and contextualize security data.
Sitting next to him at the dinner, I asked Mr. Ueda why Narus?
“Hopefully Narus is something different,” he says.
He echoes the sentiments of most who made the annual trek to RSA this year. Attendees were feeling ‘owned’ by the bad guys and unsure of their security investments. Everyone--from keynoters to vendors to average attendees--wants a better way.
“We as a community need to admit our security model is broken. Then we need to deal with it,” says Andrew Brandt, director of threat research for Solera networks, who hosted a panel on future trends in security.
As such, vendors are working on better ways of seeing into incidents that may be occurring on the network or endpoint, protecting non-traditional end points (and their applications and mobile data), wrapping security around SCADA and other critical infrastructure control systems, adding another layer of “intelligence” to SIEM systems for analysis, and much more.
Vendors are working on every level of the stack and trying to make security more self-learning and holistic. They are offering their wares in multiple forms: as on-premise devices and software, in the cloud or through SaaS (Software as a Service), or at the chip layer as companies such as Wave and even Windows (with its Win8 release), take advantage of a more mature Trusted Computing Group platform for self encrypting drives, tamper resistance and monitorability.
Some of these innovations sound more promising than others. So my suggestion is to watch these trends for a little while and see where they take us.