Entropy Reducers Amalgamated

So Catherine (partner-in-geek here at 3 Phase) and I went today to the Infosecurity New York trade show, which this year was co-located with ISC East. ISC is the International Security Conference & Expo: it's everything you wanted to see from electrical wiring to electronic door locks to barriers that pop up out of the ground to keep you from driving through to wireless speakers to (it seems) dozens of CCTV-over-IP solutions. It was all quite interesting, and it made sense to put infosecurity and physical security next to each other. All too often those of us in the computer field who worry about virtual security forget about the simple things we need to do to secure the data: keep it in a locked cabinet, behind a locked door, with limited access to the general public.

Another side-effect of this happy conflation is that the IT side tends to avoid the hardware issues that actually do affect clients, like power outages, so I actually got to see the very hard hardware side (finding the UPS and, just as important, battery salesman and suppliers) However, the last time I went to Infosecurity NY, there were a number of other networking equipment (read: firewall) vendors there, and this year barely any. (No Juniper/Netscreen, no Cisco/PIX/ASA, no Foundry, just Fortigate from what I could find.)

A few years back—undoubtedly a sign that I’m getting older—I decided that I would go to trade shows to actually see what people are selling and seeing what the near-state-of-the-art is, instead of just collecting swag. (Of course, there was some nice swag to be had, but I missed out on it.) By and large, the exhibitors were interested in selling appliance solutions for security folks like Barracuda Networks and StopSpamNow.com (I cannot remember offhand exactly who they were and don’t care to put a link in the blog for them.) were two of just the anti-spam plugins. It seemed like there were well over half a dozen IDS vendors selling plug-in IDS (Intrusion Detection Systems) solutions, and this doesn't count the firewall vendors (Fortinet, e.g.) who provide integrated IDS into their firewall unit.

There were a few, proud, software solutions vendors—one that impressed me some was SafeBoot, who gives you a pre-boot authentication environment to decrypt the contents of a hard-drive (I imagine your anti-virus software vendor must have a good time with that!)

It was also gratifying to be able to speak occasionally to some of the engineers of products I currently use to find out that the features that were broken 18 months ago finally got fixed. Plus, if you push the salespeople enough, you can actually get them to do the unspeakable: compare themselves honestly against their competition. Things like:

Oh, you want to do <XXX>? Hrm, well, that’s not a feature we really specialized in...if you want that, you might want to talk to vendor <YYY> you’ll be more satisfied overall

Of course, being a trade show, some things still are bothersome:

• You actively have to avoid the gaze of salespeople, lest they come down upon you and pounce and scan your badge and subject you to years of junk-real-mail. This happened to me as soon as I walked onto the trade-show floor; someone basically walked up to me, scanned my badge, and told me “You don’t want that bag, those handles break. Take one of mine.” (His bag is nicer, but he still crossed the line of civility, in my opinion.
  
• Some salespeople just seem to not understand subtle cues that I am not interested; they’re inured to them, I suppose. Instead, I have to resort to more traditional techniques: “I don’t think this product is right for my clients, thanks. Good bye. No you may not scan my badge.”
  
• Some vendors send no one technical at all; just some marketing folk and new-and-clueless ones at that. It’s even more jarring when it’s a vendor of a product that I use and recommend.