The RSA Conference 2015 was a busy one for me this year and I met up with about 30 different companies during the week. The big topics this year that I wanted to highlight flowed around automation, threat intelligence and the Internet of Things.
The security industry is mature, and it is very competitive, with a huge number of vendors offering a wide variety of products. RSA is simply packed with hundreds of vendors and it can be quite overwhelming. But it is certainly great to see the industry thriving. Of course, the big leaders dominate with huge stands but I found there were also a lot of specific and niche offerings. I found that for a lot of these, it’s not so much about finding new areas to secure, but providing solutions that can fill a gap of an existing market solution, either by complementing or integrating with that solution.
The issue now is that there are thousands of varying appliances that can integrate with others and with software, that reside on-prem or in the cloud. Doing network protection basically requires training for about a dozen or more different systems. As a result, automation is being hailed as the technology that can resolve most of those management and configuration issues. The idea is to automate functions that are not just discovery based, but also response based. Machine-learning and behavioral pattern recognition are central to these automation procedures. Hexis Cyber Solutions, Norse, Trend Micro, Rapid 7, Akamai, NRI SecureTechnologies, Nexusguard, HyTrust, and vArmour among others are a few that are accelerating these capabilities in their solutions. Interestingly, these vendors are leveraging cloud-based capabilities to support automation technologies and improve monitoring, discovery, management and response. These vendors are also integrating security intelligence capabilities within their solutions, many of which are backed by Security Operations Centers. In order to support these solutions, the vendors are working hard on integrating intelligence to their offerings. This is an area that is highly fragmented with a wide range of solutions – from intelligence on threat groups, motivations, activities, to intelligence about IP addresses, C&Cs, signatures, etc. Depending on the type of intelligence, this can be delivered via software or through consulting-based services. The term is essentially the ‘IoT’ of the security industry at the moment, and it seems that anything and everything is being packaged as intelligence so integration with existing solutions is an advantage.
Another area of interest that is high on the agenda is of course in endpoints, and ultimately in the IoT. All the vendors are looking to extend their security solutions to the space, and in particular around discovery of things in the network. This is mainly to be able to set security policies as well as authenticate these endpoints.
The Trusted Computing Group, supported by companies such as Cisco and Infineon had a great demo space to showcase proof of concepts in the use of TPMs for securing the IoT. Another interesting vendor was Bastille, with a pilot product capable of scanning over 100 different protocols in the enterprise spectrum to identify and localize wireless devices. Promisec also offered an interesting agentless endpoint security solution that could be applied not just to servers but also PoS terminals for example. The next stage will be to determine how to respond to rogue things, how to deal with incidents, and how to managed and configure these things in the network. I haven’t seen any solutions yet on this aspect, but I expect the coming year will see more commercial offerings in this area.
Of course mobile was still an important topic and remains relevant as ever. Authentication, identity management, mobile network defense as well as hardware-based security were high on the agenda, with companies like Nok Nok Labs, Good Technology, Entrust Datacard, Skycure, Keypasco and Pulse Secure. These vendors are pushing simplified architectures, seamlessness and the invisible aspect of mobile security as well as the integration of their solutions with multiple endpoints. These vendors stressed the importance of collaboration with existing standards and the enablement of their solutions with other platforms. The big drivers for security are high-value markets that are ripening for the mobile ecosystem: financial, enterprise and content protection. Healthcare is also on the horizon, but will be slower to emerge.
Finally enablement of the cybersecurity industry as a whole is seeing of course increasing demand in the supporting infrastructure: whether these are cloud-based infrastructures provided by companies like FireHost, human training and capacity building from Security Mentor, advancement in encryption technologies by Vormetric and WinMagic, or simply securing shared collaboration tools from Brainloop. These markets are crucial to improving existing security technologies and the enablement of better security postures.
In conclusion, there is no lack of innovative or interesting companies at RSA. The maturity of the ecosystem means it is highly competitive, but also that true innovation really stands out in the crowd.