nCircle.com >> 360 Security >> VERT

« Time to try and catch up. | Main | What's old is new again »

Thinking about the future

RSA is wrapping up and I have to say that I was pleasantly surprised with a lot of things this year.

The traffic at the nCircle booth was excellent, but it's the quality of traffic that really impressed me. In the past, RSA meant a lot of "what do you do?" questions from passers by. This year, we had a lot of people - current customers and non-customers - asking really intelligent questions about agentless network detection. It seems that the customer side of the community has really done their homework over the last 12 months which is great to see.

Fortunately, many of the questions focused on how we do what we do as much as what we've done or are planning to do. Configuration Compliance is on everyone's mind right now and we laid out how we've been attacking it. Roadmaps are very important, but it seems that the customers are getting savvy enough to ask probing questions to decide whether an organization has what it takes to deliver on their promises. They are also looking for assurance that we have what it takes to consistently deliver in the future. In particular, many of the questions were about coverage and people want to know what makes VERT different than others in the space when it comes to our capabilities.

The timing for these questions could not have been better from my perspective. I was on the presentation schedule a couple of times, talking to people about how we approach coverage. I'll save the details for a near-future blog posting, but the title of the presentation was "Beyond Vulnerabilities: The Future of Coverage". Based on the feedback, it seems that our message was very well received and sparked some excellent Q&A. The detailed follow-up questions, in my opinion, speak volumes about how our customers' understanding of the space has evolved over the last 12 months. My core message was that customers and would-be-customers should expect more from the research teams in this space. The use of the term "risk" does not mean that a company has evolved beyond Vulnerability Assessment, and the attendees understood what we've been doing over the last 5 years to build something bigger than a VA solution. This would have been exactly the wrong presentation 1 year ago, but it seemed to strike a chord with conference attendees this year. Sometimes you get the timing right - I'm a great believer in luck and I find that the more I listen to our customers, the more of it we have.

We also had a fantastic couple of discussions with the guys from mitre. We're big fans of the mitre folks and we're looking to do more exciting things with OVAL, CVE, and possibly CCE/XCCDF this year. More information on that later in the year as well.

Thanks to all of you who were in San Francisco and stopped by the booth. For those who weren't able to make it, I'll summarize the presentation for you soon and hopefully it will spark some good conversation.

Posted by Sheldon Malm on February 9, 2007 2:59 PM |

TrackBack

TrackBack URL for this entry:
http://blog.ncircle.com/cgi-bin/mt-tb.cgi/144

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Verification (needed to reduce spam):

Search


About

This page contains a single entry from the blog posted on February 9, 2007 2:59 PM.

The previous post in this blog was Time to try and catch up..

The next post in this blog is What's old is new again.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]