I spent most of this week at the Gartner IT Security Summit in Washington, DC. Outside of RSA, it's probably the largest gathering of security companies on the US calendar and it's a great opportunity to get a sense of how the industry is trending without having to surf to a hundred web sites or talk to a hundred marketing people.

One thing I like to do at events like this is walk the show floor. I try to stroll past each and every booth at the same pace and without stopping. The challenge is to see 1) if you can figure out what someone does in the 3-4 seconds it takes to walk past the booth and 2) if there are any trends that emerge in messaging or types of solutions, etc. What I found this year kind of surprised me.

In 2006, there were two types of solutions that seemed to dominate the floor: network admission control and data leakage (with the old reliable identity and access management coming in a strong third). This year, the NAC vendors were almost all gone and there were many fewer data leakage vendors than I had expected. Nor was there any one type of solution that really seemed to dominate.

The question is: What does this mean? On the one hand, I continue to be staggered by the number of new vendors in the security space. They seem to be like ants in the kitchen -- acquire one and two more crawl out of the cracks in the window sill. It's madness, I tell you! There were a good half a dozen names I had never seen before and I wonder if the number of companies that continue to pop up is good or bad for our industry. It's certainly good that technological innovation continues, but I wonder about the financial status of these companies as funding for security startups continues to be more difficult to get. There sure is a lot of money that's been poured into security and I'm not sure how investors are going to get it back.

On the other hand, it seemed that there was much less hysteria than in years past. No "we-can-make-every-one-of-your-compliance-problems-vanish-overnight" or "confidential-data-is-seeping-through-the-cracks-in-your-network-while-you-sleep-Run!-Run!" pitches this year. There seems to be more maturity in how the industry is addressing its buying audience and I find this fairly encouraging. Despite the number of companies, maybe the industry is slowing growing up after all. It'll be interesting to see how this plays out.