Source: CSO Magazine On:
I’ve attended the RSA security conference for the past 15 years, and things have changed quite a bit. The event has gone from a few thousand to around 50,000 attendees, leading to a confluence of humanity and traffic around the Moscone Center. Hotel room prices exceed $500 per night – even at some of the “boutique” (i.e. flea bag) hotels in and around Union Square. The RSA event has become the nexus where cybersecurity meets high-end capitalism.
Overpriced hotels and massive crowds are no accident – the RSA Security Conference has morphed from an industry to a global event where some of the smartest cybersecurity minds come together to share information about the latest threats and discuss what defensive countermeasures can be most effective.
Here are a few of the highlighted topics that I and the ESG team will be focusing on:
- Enterprise-class cyber risk management. CEOs want to know about cyber vulnerabilities, who is attacking their critical business processes, and whether the organization has the right controls in place to fend off these attacks. Oh, and they want this information to be timely, up-to-the-minute, and accurate. Unfortunately, many CISOs don’t have the skills, processes, or data analytics to provide this information. To me, this makes cyber risk management an existential issue where we need a vast improvement on the status quo. I’ll be wandering the halls at the Moscone Center, looking for innovation and out-of-the-box thinking that can help bridge today’s cyber risk management gap.
- Cloud-scale cybersecurity analytics. How can enterprise organizations sort through massive and growing volumes of cybersecurity data in real time to find needles in the haystacks? By shifting from on-premises security analytics servers to cloud-based storage, processing, and advanced analytics. This shift is already happening – leading SIEM vendors IBM and Splunk are seeing steady growth in their SIEM in the cloud business, but others – such as Devo, JASK, and Alphabet/Google (Chronicle) – are crashing the security analytics/operations party with cloud-native alternatives. The RSA Conference should provide evidence of how far along we are in this shift.
- The endpoint security shuffle. Many of the 50 (or so) endpoint security vendors will be attending the RSA Conference, crowing about their tightly integrated products. These suites feature a single endpoint agent along with tightly integrated applications for endpoint protection, EDR, asset management, etc. Some accompany their products with managed services, while others integrate endpoint security tools with DLP, email security, threat intelligence, cloud workload protection, network security controls, and so on. ESG research does indicate that the market is moving in this direction – enterprises want to replace endpoint security tools with tightly integrated, full function endpoint security suites. Truth be told, endpoints are prime real estate in cybersecurity, so vendors will fight like dogs to gain a foothold here. This should make the endpoint security portion of RSA quite energetic and entertaining.
- API security. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. Yup, microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. Additionally, API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. My esteemed colleague Doug Cahill will be busy trying to organize this chaos at RSA.
- Network security in a cloudy world. Like endpoint security, network security is a staple – about .25 to .35 cents of every security technology dollar is spent in this area. OK, but will this continue when physical networks give way to cloud-based workload-to-workload communications? In truth, network security is morphing to a hybrid model for distributed policy enforcement across physical, virtual, and cloud-based network communication. At the same time, organizations want central policy management for the whole enchilada. Oh, and the network access model is changing, too, moving to a software-defined perimeter (SDP). So, even though it seems like yesterday’s news, network security will still be a major topic at RSA 2019.
- Advanced and managed security services. Cybersecurity demands a new level of scale, coordination, and expertise. At many organizations, CISOs and the cybersecurity staff need a lot of help to meet these new and unprecedented cybersecurity requirements. Look for a lot of banter around managed services and security process re-engineering services (i.e. for security operations, incident response, cyber risk management, etc.) at RSA this year.
Wow, this is a pretty hefty list, and I didn’t even mention application security, data security, threat intelligence, identity management, etc. See you in San Francisco!