RSAC 2017 is behind us. It has been bigger, noisier and more crowded than any cybersecurity event in history. It’s so big, it’s overwhelming. And if you consider the off-site meetings, mini-conferences, meetups and parties you can forgive an average visitor if he or she feels kind of fuzzy afterward. Vendors don’t have it easy, either. With more than 700 companies and organizations presenting, trying to stand out or simply gauge the competition is extremely difficult.
So we’ve put this post together to help you understand what was going on in the Moscone center’s underground halls during this busy week.
- Intelligence is back
This was somewhat of a surprise for us. Threat intelligence was a big theme a few years ago, but with some of the big players being absorbed by larger companies, and with a lot of criticism in the industry about the actual value of threat intelligence, we weren’t expecting it to be a big theme here at RSA. We were wrong- many new companies displayed intelligence products and services, and many established companies started to include these in their portfolio. If this is because threat intelligence vendors have improved their offering and offer more substantial value now, or this is simply a trend cycle? It’s too early to tell. But Threat intelligence is here to stay.
It’s fairly obvious that with the adoption of mobile by just about anyone, enterprises would no longer be able to ignore this security threat and acquire solutions to mitigate it. Mobile security solutions have diversified from the original MDM offering and now include hardened devices, secure messaging applications and biometric authentication solutions.
CASB, visualization, privacy and governance were all solutions presented by cloud security vendors, who are now enjoying almost adoption of cloud services.
- Risk and compliance
Another established category that is somehow making a comeback. With regulation breathing down the neck of new yet-to-be regulated industries, and most organizations having between 6-50+ security solutions installed, it’s no wonder that organization would want and need better tools to manage risk and compliance. The traditional GRC products are being replaced by more flexible products offering greater visibility into the maturity of the organization’s security posture, 3rd party products and external risk. Flexibility and ease of integration are key if these new products are to take hold, less they fall back to the GRC trap (too expensive, extremely difficult to implement and don’t provide enough value or used often to justify their implementation).
Mirai botnet left the entire industry scrambling for solutions to secure millions of devices that were not made with security in mind. Along with effort to create industry-wide standards for IoT security, many vendors now offer solutions to assist organizations that utilize IoT to better manage, authenticate and secure these devices.
- After-market products for SIEM
How do you know there’s a market failure? When there are more vendors offering after-market or add-on products to complement a faulty product. Many vendors were presenting SIEM-enhancement products, from visualization, machine learning, UEBA and automation to complement SIEM products with their inherent problems (numerous alerts, lack of visibility and experienced manpower to operate them). The question on our mind is if and when this products will take the next step and replace the SIEM altogether.
- Orchestration and Automation
With so many tools and processes in place, and with a chronic shortage of skilled manpower, it’s no wonder that customers are now looking for the technology to connect them all and obviate the most mundane tasks of security operations and provide the opportunity to handle more than the 10% most urgent alerts.
- Devops/ secure development
Software vendors are now starting to recognize their reasonability to create bug and vulnerability-free code before they push it out to the world. With this in mind, vendors are now offering various code review technologies and services across all platforms and devices to cater for all applications (including mobile).
What wasn’t there?
- ICS / SCADA , Automotive
These categories were nearly absent from the expo (other than the ICS Sandbox). Perhaps this is because of the show aimed at the traditional enterprise market than the industrial and automotive ones (although IoT is breaking this silloed approach). Nevertheless, these are not yet considered mainstream cybersecurity solutions.
- Solutions for SMBs
The industry as a whole continues to ignore this sector (which comprises about 95% of the economy). Some solutions are scaled down (or dumbed-down) to cater for this less sohpsticated, resources- restrained market, but it seems that most vendors are content chasing the big enterprises. The problem is that more solutions don’t equal greater budgets, and buyers are now contemplating where to spend their dollars. It would seem logical to divert some effort to making and selling products and solutions to the SMB sector, if not only to ensure ongoing growth of these vendors.
The GDPR is an event with significant meaning to the information technology, internet and security industries worldwide. Centered in the EU, it will however have global effect starting in 2018. And yet, most people we’ve spoken to here at the expo were oblivious to it. A shame really, because that database encryption, DLP, access management and breach notification services and products should experience a raise sharp in demand for their offering in the coming year, if only they lable themselves GDPR-ready.
Booth babes ban was a great call by the organizers a few years ago, and it seems most vendors respect this rule. Some booths have had a substantial female presence at their booth fronts, and I suspect not all these pretty faces had deep infosec understanding. But other than these female representatives, there were way to little women in the halls. The industry should really do more to diversify, even for the faintest chance it will help bridge the ever-widening skills gap
Words to ban
Ok Vendors, we get it, you want to be cool and separate yourselves from the crowd. But please tell your marketing department they can stop using these phrases, because, we’ve seen and heard them before:
- Machine learning
- Threat/ risk
- Zero day
Summary of RSAC 2017
RSA is the place to be if you’re part of the Cybersecurity industry. When all is said and done, there no other place on earth where you can feel the pulse of the industry – everyone else is here, so it’s a terrific place to learn what is going on and identify new trends. I suspect the scale and noise drive most of the potential customers away, but still the vendors will be here next year, strutting their “Next-Gen” solutions in extravagant booths and offer a chance to win min- drones and Amazon Echo’s for the price of a tag scan. See you at RSAC 2018!