Last week, I attended two security-related events in San Francisco. I spoke on the topic of the converging endpoint on a panel at America’s Growth Capital’s 6th Annual Information Security and West Coast Emerging Growth Conference. And I walked the floor at the RSA Conference, where Lumensions exhibited. Here are my thoughts on the key themes and big takeaways from these events.

Healthy interest in next-generation security technologies
The AGC event is interesting because it focuses on private-company presentations. Because private company presentations don’t have to disclose numbers such as company size, bookings, and customer counts, you need to get a sense of the technologies and then use your gut regarding their viability. That said, there are a lot of small, private venture-backed companies in the information security space and it’s clear that there’s plenty of interest in funding next-generation information security and IT operations technologies. While a lot of venture and private equity firms were quiet in the first half of 2009, they started aggressively spending in the second half of the year, and that is continuing. The number of new companies at the event indicates that the appetite for next-generation technology seems to be strong from both a product purchaser and investor perspective.

Suite-based security solutions are the answer to the converged endpoint
At both events there was tremendous focus on how to define the endpoint and how to address endpoint security going forward. I spoke on the AGC panel about the converging endpoint. The focus on layer 2 and 3 gateways and complete neglect of our endpoints for the past decade or more has left us  at great risk – clearly cybercriminals are taking full advantage of it.

What we’re seeing is that endpoint security technology is quickly commoditized or rendered irrelevant unless it’s delivered as part of a security suite. In other words, unless an individual point solution is groundbreaking in some way, people aren’t interested in using it. This shift has been aided by the ailing economy. People need more for less. Plus, people are fed up with all the conflict on these endpoints because agents from different vendors are stepping on each other or running duplicate services.

Lumension has remained ahead of the curve to define innovative ways and approaches to effectively manage endpoint risk and provide lower TCO by moving away from just being a point technology provider to an endpoint management platform and suite provider. We have launched our first applications on our new platforms that deliver an agile single console, single server, single agent architecture through our Lumension Endpoint Management and Security Suite and Lumension Endpoint Management Platform. In moving to this new platform we have also unified various workflows together supported by multiple parts of our underlying technology – Vulnerability Management, Antivirus, Data Protection and Compliance and IT Risk Management.

Cloud-based computing is a reality
Cloud computing also got plenty of attention at both events. While the cloud has been around for a long time, it keeps manifesting itself in different ways. Essentially, it has followed the centralized -> decentralized -> centralized -> decentralized path for technology. Now the cloud seems to be an emerging, preferred delivery mechanism in the security and IT operations arena.

Of the three versions of the cloud – public, private, and hybrid – hybrid seems to be the popular model for larger enterprises. They don’t want to trust everything to a straight-up cloud solution. Small businesses worldwide are more inclined toward a pure cloud offering over a hybrid solution because they that want to leverage the cost-structure benefits.

At RSA, I saw that most security vendors are trying to find a methodology for delivering their technology in the cloud. Some of these offerings are 100 percent SaaS-based, allowing customers to employ agents and run scans in the cloud without any local footprint except perhaps agents on local machines. Others are trying to figure out how to deliver content via the cloud. Any company that wasn’t involved in a cloud discussion was missing one of the key themes of the show, which was “how do you provide SMB enterprises with lower cost, higher-speed delivery that’s easier to implement?”

So, cloud-based migration is a reality. The only question is what type of cloud environment companies will see. Will it be nice and fluffy or dark and stormy? Companies will have a hybrid of cloud and on-premise systems to optimize security and efficiency. We tap into the opportunity several ways. We are already a SaaS-based company and are looking at offering more service-based content and support. Note our recent announcement with Microsoft of our Endpoint Integrity service, which is cloud-based application that provides trust information. Companies that store information via third-party cloud infrastructure and providers will need a way to monitor and audit policy, and our compliance and risk management solution can help them do that.

How antivirus technologies need to evolve
On the AGC panel discussion, one traditional antivirus vendor insisted that the reason for recent outbreaks is companies using out-of-date technologies. But the majority of vendors agreed that it’s about more than that. Essentially, everyone – except that antivirus vendor – agreed that you can’t protect environments solely with older, reactive technologies. Traditional endpoint security suites need to morph to include next-generation technologies, namely whitelisting. Plus, companies need to exercise due care patching known holes. Everyone also agreed that the more integrated whitelisting is, the better. The only disagreement was about how whitelisting should be implemented in the enterprise, and that seems to be dependent on size. While smaller enterprises will need something that is plug-and- play, larger enterprises will want the flexibility to address different areas based on the network, risk, and geography. It’s clear that whitelisting will be an important part of protection in the future.

Compliance and risk management are gaining in importance
It’s obvious that there’s a real focus on the cost of ownership associated with understanding real-time compliance and risk management. Some of the more prominent booths at the RSA Conference were staffed by companies focused on governance, risk, and compliance (GRC). Many of these same companies were in small booths two years ago, indicating the level of importance that these technologies have taken on.

Most business leaders today only want to talk about compliance and how they need to be compliant with whatever industry requirements they have, be it PCI or others. The challenge with this is that companies are lulled into this believe that compliance means they’re secure. However, it does not equal security in that you can be complaint but that doesn’t mean you’re secure.

Given today’s highly regulated business environment combined with the rising cost of compliance, organizations need a comprehensive solution that provides high visibility and continuous monitoring of their compliance and IT risk posture, while supporting greater levels of automation across audit workflows.

Making operational whitelisting a reality
Someone asked me “What stood out as unique and extraordinary the RSA Conference?” I believe the next most interesting thing is the introduction of operational whitelisting in the everyday business environment. We have to move towards a more proactive security model with application whitelisting. This technology can now no longer be related to static environments like POS as new levels of integration and change management have come about making this technology much more scalable and operational. Big antivirus vendors say they’re doing that today, but only Lumension has delivered an operational version.

At the show, we announced our Intelligent Whitelisting capabilities. In this unified workflow we integrate our antivirus, application control and patch management capabilities to deliver a new whitelisting capability that overcomes the traditional barriers to whitelisting. We also interface to our compliance and risk management solution so that operational network information is automatically fed into our risk management framework. This delivers much more automation in managing risk and compliance thereby improving visibility while reducing the cost of compliance.