The RSA Conference in San Francisco is the largest annual gathering of people working in, selling to, reporting on or analyzing the security industry. Each year there are general trends that come out of the show, although trends can be in the eye of the beholder.
Attended by roughly 40,000 people, there were more than 500 vendors and 700 sessions, so the observations below are one small perspective with an admitted bias towards Identity and Access Management since that’s where I focused most of my time. Here are some observations on security trends observed at the event that took place last week (Feb. 27 to Mar. 4) a the conference.
1. Apple is winning the hearts and minds of security professionals
The feds were represented well at the show with addresses from the likes of Attorney General Loretta Lynch and Director of the National Security Agency, Admiral Michael S. Rogers, among others. Their general message was to ask for cooperation from the industry for the good of national security. The reaction seemed chilly at best.
In his keynote speech, RSA President Amit Yoran made the case that, “Weakening encryption is solely for the ease and convenience of law enforcement when pursuing petty criminals. No credible terrorist or nation state actor would ever use technology that is knowingly weakened.”
2. Attacks from the inside are not necessarily perpetrated by insiders
When we think of the insider threat, traditionally we imagine the malicious or careless user bent on personal gain, exercising a grudge or unwittingly exposing the organization to vulnerabilities. While those threats are real, the type of insider attack that had most people worried is the outsider who has obtained the insider’s credentials through phishing, malware or social engineering.
This isn’t a new phenomenon, but many of the sessions at the event and a great number of vendors on the show floor were focused on this problem, marking it as a more mainstream concern than previous years. The issue is exacerbated by the fact that insiders (with the exception of privileged users) are not treated to the same level of scrutiny as outside attack vectors, particularly with executives having access to sensitive information.
3. Analytics has entered the cliché zone
Pretty much everyone was talking about analytics. And each of them had a different definition of what it meant or how to deliver it. Analytics holds great promise in the struggle for staying ahead of attackers, but the industry needs to coalesce around the terminology and demonstrate results for detecting and disrupting attacks before much is spent on it by security teams.
4. Venture capital for security companies is slowing, which will drive vendor consolidation
Speaking with four analysts from different firms, this was a consistent point. One said, “there are a lot of security companies that are really just features.” The lack of additional funding means that smaller companies without positive cash flow are going to have to focus on an exit strategy, and most are looking to be acquired by larger companies. This can be good for consumers of security technology, who face too many solution silos, but smaller vendors who don’t find a seat before the music stops will face difficult decisions.
5. What next?
Finally, there seems to be a lot of complaining that the RSA Conference has outgrown San Francisco. When one and two star hotels are going for upwards of $500 a night, perhaps the supply and demand for hotel rooms is out of balance. It will be interesting to see how Dell influences the future of the show, once the dust from that acquisition settles.