Quick take-aways from the RSA Security Conference

Like many others, I’m still recovering from last week’s marathon at the RSA Security Conference in San Francisco. Here’s a shotgun list of my impressions of the show:

1. The transition from “bolted on” to “baked in” security. With security as a top-of-mind issue across business and IT, security functionality is moving toward cloud, application, and IT infrastructure. Intel announced new chip-level security functionality. Microsoft discussed its plans for IoT devices with a secure microprocessor and even a Windows-based version of Linux. Google is busy enhancing GCP with security functionality for DLP, access control, traffic segmentation, etc. Good development, but command-and-control across infrastructure security is bound to become an issue soon. Someone will make a killing with centralized policy management tools.

2. Managed security services. This topic came up in meetings with Cisco (new partnership with ConnectWise), CrowdStrike (new managed service offering), Trend Micro (new managed detection/response service), and Webroot (partnerships with Continuum and others). Due to the global cybersecurity skills shortage, many organizations are defaulting to managed security services, and this will only continue. Look for more focus on this area at Black Hat and RSAC 2019.

3. Machine learning is everywhere. It seems like every vendor is back-ending their analytics tools with machine learning algorithms. That said, a lot of the machine learning at RSA was fairly basic – nothing more than an academically proven machine learning algorithm applied to security data. I got the next level of machine learning depth from vendors like Bay Dynamics, LogRhythm, and Vectra Networks. As part of RFIs and RFPs, security professionals should really dig into the machine learning (or lack thereof) they are buying – caveat emptor.

4. All for one and one for all. There was a real sense of community at this year’s RSA. This togetherness was highlighted during a keynote by Microsoft’s Brad Smith when he announced that 34 companies had signed on to a tech sector accord. This accord is intended to protect all users, oppose all attacks, empower users, and establish a working relationship for vendors across the tech industry. Smith also talked about the need for a cyber Geneva convention, an effort I fully support. Kudos to Microsoft for driving this, especially because many old-guard cybersecurity pros still don’t consider Redmond as part of the in-crowd. Let’s all hope this effort is real and fruitful.

5. Platforms, platforms, platforms. Security tech vendors such as Cisco, FireEye, McAfee, and Symantec are integrating disparate homegrown and third-party products into their own architectures a la ESG’s security operations and analytics platform architecture (SOAPA). This sets up an imminent platform war, but the road ahead won’t be easy. Platform vendors must convince skeptical infosec pros that they have best-of-breed products and can hold their hands over a two- to three-year timeframe as they replace point tools with an integrated architectural solution. Services will be a key to success here; look for Accenture, KPMG, IBM, Optiv, and others to clean up.

6. Holistic risk management. The RSA crowd understands that cybersecurity is intersecting with business risk. Now vendors must develop new solutions that report on high-priority risks (i.e. application security, assets, configuration management, vulnerability management, third-party risk management, etc.) across the whole enterprise enchilada. Companies such as BitSight, Kenna Security, RSA, and Tenable Networks are all over this.

These are all good topics that deserve attention, but I wish the crowd at RSA spent a bit less time on technology and more on people and process. As Bruce Schneier always says, “Security is a process, not a product.”