Osirium at RSA 2016

Published: 11 March 2016

Andy Harris, RSA 2016 Notes

By Andy Harris

We're just back from the world's biggest CyberSecurity conference, and on reflection there's so much deja vu. As the conference closed, I stood quietly in the queue waiting to pay for parking and just listened to the delegates around me. A stand out comment was this:

I've been coming here 20 years now, 20 years ago it was about patching systems and poor password management, this week it was about patching systems and poor password management!

Being from the UK I kept quiet, but inside I was bursting to mention Osirium, but that wouldn't be cricket since the show had finished and we were queuing. It's a common theme being from a newer company, one wants to tell our fellow professionals that we can help solve some of their pressing issues.

Andy Harris, at RSA 2016

I got to spend most of the Thursday walking amongst the stands and listening to pitches using the old two badge trick and posing as a punter. What really stuck me was how utterly impossible it was to tell what most vendors actually did by looking at the messaging on the stands. It seems to me that in the States they very quickly follow trends and all use identical words.

In the CyberSecurity market every vendor is obsessed with board level messaging, so that's what we got, 'Security and peace of mind for no effort gets you more business' It occurred to me that the 'C-Suite' of their prospects were highly unlikely to be at the RSA conference!

Marketing Messaging Meter

I had a chat with two senior marketing execs of a company once known for firewalls, they saw the irony immediately and the three of us made a mutual promise to improve Cyber Security marketing for the good of all.

More worryingly I stopped by a stand with the message 'Don't pay the ransom'. I expected to find out how they recovered data from systems encrypted by ransomware. I was told that I needed to buy their product before any Ransomware struck, along with the promise that they could stop all Ransomware including that which has not been written yet.

Despite all the industry flock following these delightful things happened:

  • I came across a stand that stated exactly what they did, with proper diagrams and example reports.
  • Three chaps from a major organisation walked up to our stand and asked for a demonstration of Privileged Identification Management working with Privileged User Management and Enterprise Class Password Lifecycle management. Initially I thought that David our CEO had set me up, but no it was genuine, these chaps actually knew what they were after!
  • A lady came on to the stand for a quick demonstration, she had just completed a 6 month IAM (Identity and Access Management Project) with a competitor, she wanted to know if we could quickly show who has access to what applications and systems, and how to know if third party access was currently enabled. Her reaction was "When are you going to open a US Office!"

It's clear that the US market for PxM has plenty of competitors, but from the comments we heard about our demos people in the US think that we've got product that is easy to use, robust and easy to reason about the analytical data.

Release Date: 
Friday, 11 March 2016
Article Type: 
Blog Post
Andy Harris