Booze, bots and other RSA ruminations

SAN FRANCISO -- Dan Kaminsky looks like he could really use some rest. "Long day?" I ask him. He shrugs. It's been a long several days, weeks, and months, he says as we trudge our way to a table in the south foyer of San Francisco's Moscone Center to talk about White Ops, a company he helped found.

It's the fourth day of the RSA Security confab. The place is teeming with busy looking people. It's pretty easy to tell the business types from the folks in the trenches. The suits are mostly all the vendor and the marketing types. The less formal ones are the CISOs, the IT managers, the security administrators, the folks who patch systems and set up rules and deal with all the stuff that goes down when a breach happens.

The really, really casual looking types, the ones with the tousled hair, the scraggly beards and crumpled attire, tend to be like Kaminsky -- geeky security researchers with a passion for finding and, somewhat less often, for fixing holes in the Internet.

Information security is big business. Down one floor from where we are sitting, and across the road in Moscone North, the expo floor is a swarming mass of people, vendor booths, flashing screens and ubiquitous booth babes.

RSA says 400 vendors registered for the event. I believe them. Intel appears to have one of the largest booths, and it's not even a security vendor, although it did acquire security company McAfee a few years ago. BeyondTrust's booth has a high-striker for people to try out their strength, eSentire has a model elephant, ForeScout has a boxing ring with stunt boxers and CA has a booth that looks like the endoskeleton of a prehistoric creature. Germany has a booth.

Even the NSA has one.

It's almost happy hour. Many vendors have set up informal bars and tables stocked with crates of beer and wine in their booths.  Some are starting early. Spirits will continue to flow into the early morning hours at numerous vendor-hosted cocktail parties and dinner receptions in bars and restaurants around the Moscone center. It's a place to meet and greet people and to unwind. Barracuda has a reputation for throwing great parties. This year, there's some buzz about Rapid 7 as well. Everyone wants in on those kinds of parties.

It's hard to believe it takes so many products, so many different services, so many people and so much booze to stop the bad guys.

In a few years, it's going to get worse -- or better, if you are a vendor-- when the whole Internet of Things starts to really happen. There are going to be more assets to protect, new vulnerabilities to patch and a zillion new ways to exploit them. The show will get even more crowded, with  more vendors with even more products, and RSA will probably need to move the event to Las Vegas.

Kaminsky professes a dislike for the business of security, but he's stuck with it now that he's helped found a security company. That's what's been keeping him busy these last few days, weeks and months.

Six years ago, Kaminsky's discovery of a  cache-poisoning flaw in the Internet's core Domain Name System resulted in the largest ever synchronized effort to fix an Internet security problem.  His company's website says he is one of only seven recovery key shareholders with the authority to recover the Internet's root DNS keys in the event of an emergency. I'm not entirely sure what that means, but it sounds important.

White Ops' technology helps detect bots. "Malware ends up using bot technology to remotely control browsers, but we can tell the difference between the real browsers and the bot browsers," he says. Kaminsky originally anticipated the technology would appeal to financial services companies. Instead, it's the online advertising networks that have been eagerly using it to spot and stop bot-enabled click fraud, he says.

With true geek-like enthusiasm, he wants to show me how the technology works. The demonstration mostly involves firing up multiple browsers on his computer and typing something into a screen containing a string of code. It's a little hard to figure out what's going on. If Kaminsky had been more of the marketing sort, he would have had some sort of slide presentation or  clever animation, or at least a handout. But this feels more authentic.

I ask him if there are any technologies out there that struck him as particularly interesting. He suggests checking out Déjà vu Security's Peach Fuzzer. He believes the fuzzing tool will make it much easier for enterprises to find vulnerabilities and to validate the security of the software they build.

Around the show there are other people like Kaminsky and other companies like White Ops that believe they have something that will make a difference in the fight against the bad guys. Even the smaller companies appear to have at least one or two big company references going for them.

The large security vendors tend to hog the limelight at the show with their mondo booths, flashy presentations, their tchotkes, and the booth babes. But it's not as if all the small companies are starving for attention judging by the traffic at their booths.

In a couple of years, a lot of the small companies will grow to become big players or will be acquired by them. Many of the bigger companies on the expo floor were small companies just two or three years ago.

The security industry is growing at Internet speed. The bad guys have done a great job in spawning a booming multibillion-dollar industry in less than two decades. Thousands of people owe their jobs to the unflagging dedication of the countless rogue hackers who have made it their life's mission to get rich pillaging and stealing from others.

It doesn't matter whether you are one of the good guys or a nameless, faceless bad guy. There's money to be made on both side of the fence.

Yes, it's a great time to be in the security industry.  

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon