Archive for the ‘Shows’ Category

The RSA Conference is right around the corner and this year, Patrick Oliver Graf, NCP’s General Manager of the Americas, will be on-site for two days, brushing elbows with other pioneers in the information security industry.

With nearly two decades of technology sector experience, including extensive practice in networking security, Patrick will be available to discuss how NCP is at the forefront of mitigating security risks due to faulty or unsecure remote access connections. rsa 3

For instance, Patrick can explain how NCP is answering to the demands of today’s mobile workforce with the integration of its Secure Enterprise VPN Server with Apple iOS devices, in addition to its IPsec clients for Android platforms. Patrick is also available to comment on how NCP’s Secure Enterprise Management (SEM) system simplifies the complexities of large scale VPN rollouts, securing its nomination year after year for renowned industry awards.

If you are attending RSA 2013, February 25-March 1 in San Fransisco and are interested in meeting with Patrick at the conference, please contact to connect for scheduling.

For more information about RSA 2013, see here.

For more information about NCP, visit us on LinkedIn, Twitter, or YouTube.

We are here at Interop New York at booth #831, so feel free to drop by and say hello to the NCP engineering team — including many familiar faces and names from VPN Haus. Not only will you be able to see some cool product demos, but also, we’d be curious to know your thoughts on the show’s presentations, expos and keynote addresses.

The tracks at this year’s show deal with some of the most pressing issues of wireless & mobile and security and risk.  For instance, yesterday there was a session on BYOD essentials to give attendees an overview on how to construct effective BYOD policies, especially as organizational information finds its way to user handsets and other non-enterprise-owned devices. Today there’s a session on Information Risk Management and Security that looks at emerging threats to organizations from both a business and technological perspective.

A common theme throughout this year’s show is ending the cycle of IT being the “break-fix” department. Also, Google’s CIO Ben Fried took the stage to push IT managers to empower users with the right IT equipment they need to do their jobs well.  Implied in his address was the issue of teleworking, as Fried referenced that he’d prefer his employees to use the corporate laptop over their personal computers, even when working home. While inspiring, we can’t help but mention that in order to strike a balance between efficiency and security, companies will need to prioritize their security software alongside updated productivity hardware and software, especially in this mobile world.

For those of you not on the ground with us, continue to check in with here and on Twitter for more updates!

*Editor’s Note: This post is syndicated from the Interop Blog.You can see the original post by clicking here

By Rainer Enders, CTO at NCP engineering

At Interop 2012, I’ll be hosting a session, “Less is More: Why SSL VPN is NOT What You Think It Is” that explores the inherent flaws of SSL VPN. The reality is, SSL has been buoyed by a staggering number of myths and security assurances promised by vendors and assumed as safe by VPN users. But in fact, high profile security breaches have occurred as a result of using key security building blocks of SSL VPN technology. These have included various Certificate Authority (CA) breaches, such as those at ComodoDigiNotar, GlobalSign, Gemnet and KPN.

So, why is this happening? Do users implement the technology incorrectly, or is it simply not as good as all the hype makes it out to be? Is there something else or different we should be doing? What are solutions to the underlying problems?

These are the very questions I’ll answer in this session, drawing upon my 20 years of experience in the networking and security industry. As CTO, Americas for NCP engineering – I’m confronted with examples of SSL misunderstanding and misuse on a daily basis. With this session, I’ll expose SSL VPN security myths and dispel dangerous hype, which is leading to over-reliance on the protocol. I’ll also leverage real-life examples and provide practical ways you can strengthen your remote access connectivity.

Clearly, confusion exists about the security capabilities of SSL. Ultimately, this misinformation undermines the technology and lessens its appeal in scenarios where SSL is an ideal solution. This session will put the most persistent SSL myths to rest and clarify the technology’s capabilities – and its limitations. I’m looking forward to seeing you there.

The session Less is More: Why SSL VPN is NOT What You Think It Is will be held Thursday, May 10, 2012, 11:30am – 12:30pm at Interop 2012.

Given that it’s the largest security trade show in world, we thought one day of RSA wrap-up couldn’t cover the breadth and depth of the show. Here’s a round-up of some other notable trends that emerged from the show. And here’s to staying safe until RSA 2013.

The 2011 Global Encryption Trends Study was published during RSAC 2012. Sponsored by Thales and conducted by the Ponemon Institute, the reveals that encryption is now seen as a strategic issue and that organizations are increasing their investment in encryption across the enterprise.

The study shows that the CIO, CTO or IT leader still tends to be the most important figure in deciding encryption strategy (39% of respondents), but non-IT business managers have an increasing role in determining that strategy (more than doubling since 2005 to 21% of respondents), demonstrating that encryption is no longer seen as just an IT issue but one that affects an entire organization.

The main drivers for deploying encryption solutions are to protect brand reputation (45%) and lessen the impact of data breaches (40%). Compliance is also a major driver for using encryption with 39% of respondents saying it is to comply with privacy or data security regulations and requirements.

Compliance is also driving increased budgets with the highest IT security spend dedicated to data protection in countries that rank compliance as the most important driver for encryption. Compliance is in fact the number one driver for using encryption in the US, UK and France. – Steve Ragan, Security Week. See full article here.


    • iOS is cool, Android is not, and BlackBerry is dead: That’s not to say BlackBerry is gone, but it’s just a matter of time, as almost everyone in the room was migrating to another platform. It’s also not that Android isn’t showing up on corporate networks – it is, but with caveats. We’ll get to that. iOS is generally accepted as okay, mostly because of the way the App Store screens applications prior to availability.
    • Everyone has policies. Most are not enforced. We spent a good portion of the session talking about policies, and everyone agreed that documenting policies is critical. Though enforcement of these policies is clearly lagging, especially for senior folks. But any employee seems to know the corporation can wipe their device, and many folks at the show have wiped devices, and even got a thank you from the user (who actually appreciated their help.) Wait, what? Yes, employees were happy the corporation wiped the device. That’s a security win.
    • MDM is still young: Almost everyone was looking at something to manage devices. But most of the solutions weren’t enterprise-class yet. This is going to be a huge market and there will be a lot of competition, so don’t sign long-term deals.
    • Good Technology is everywhere: One of the caveats of using these smartphones is using something like Good to create a sandbox, so employees can only access corporate data through that secured app. Most were using it for email, and some have extended it to proxying other apps, even on Android. So they’ve basically reduced corporate use of smartphones to a single app, but it seems to work. I’m sure Motorola is ecstatic they spun Good out a few years ago. —Mike Rothman, Securosis. See full post here.


The RSA security conference took over downtown San Francisco this week with thousands of attendees packing vendor parties at restaurants and clubs. The festivities were a throwback to the heady days of the Internet boom, when venture capitalist funds fueled a bubble that burst in 2000 after years of hype surrendered to an inability to generate profits. – Antone Gonsalves, CRN. See full article here.


This year’s RSA Conference wrapped up just last week, so we wanted to take a look at the top trends and issues that emerged at the show. Here’s a condensed round-up of what a few industry pundits are saying about this year’s show:

George V. Hulme, CSO

There was an unusual level of gloom at the RSA Conference this year, and for good reason: a number of the biggest and most respected security firms have been very recently breached, including RSA Security, VeriSign, and Symantec.

This wasn’t the first year the IT security industry was embarrassed. Last year, HB Gary Federal was breached and that event consumed a considerable amount of talk at the show. That’s not to forget the recent big name breaches at organizations such as Google, the U.S. Department of State and Nasdaq in recent years.

“There is a feeling that no matter what steps one takes, it can’t be won. Systems can’t be kept adequately secured,” said a security executive at an international electronics manufacturer.

For full column click here.


Robb Reck of InfoReck

  1. The general tone I heard is that we’re tired of the Cloud as a buzz-word. We’re tired of having to discuss the same Cloud-y topics over and over. But the fact is, we need to keep doing it. The Cloud sessions were well-attended because for many security leaders, it’s where our organizations are going, and we’re not prepared to lead the way yet. So this love/hate relationship with Cloud security exists.
  2. BYOD is the phrase of the year. Some people call it “consumerization” of IT… but that’s so 2010. Bring your own device (BYOD) was 2012’s hottest topic, with long lines to get into those sessions, especially anything that dealt with the iPad or iPhone. This subject most reveals the lagging nature of security. The first iPhone was released in 2007, and the first CEO probably required his IT staff to support it about 15 minutes later. Yet we are still working on the right balance of corporate governance versus consumer freedom, and how we can enable remote access to corporate data without running the risk of this data getting into the wrong hands.
  3. Big data. Personally, I think this topic is cool, and this is probably my favorite trend from RSA. Analyzing big data is a relatively unexplored frontier. We’re doing an adequate job of aggregating logs and amassing large databases. But we’re terrible at figuring out how to parse this data and deliver real value to the business…There were a number of sessions where we could talk and learn more about how security can utilize big data to discover trends and better protect the environment.

For the full post, click here.

We’ll continue our RSA round-up on Thursday. Until then, what was your biggest lesson learned from RSA 2012?