RSA Conference 2019 (RSAC) is just a few days away and the theme this year is “Better”. Better solutions and better connections for a better, safer world. Last year, more than 600 exhibitors packed the show floor and the level of innovation was impressive. I expect to be similarly impressed next week.
The 50 participants in this year’s RSAC Early Stage Expo are tackling some big challenges – from stopping malicious bot attacks, zero-days and phishing scams, to protecting medical device communication and industrial control system networks. It’s exciting to see what’s new and what’s captured the attention of investors. According to Momentum Cyber, a cybersecurity-focused investment bank, the amount of security startup financing reached $5.7 billion in financing through November 2018, exceeding $5.3 billion in total financing for CY17. Fewer financing transactions in 2018 indicates a higher average deal size; investors are placing bigger bets that should increase promising newcomers’ chances for success. Identity and access management, SecOps / threat intelligence, and risk and compliance have been the most active sectors.
However, attendees at RSA Conference can also expect to see additional innovation from larger vendors where previous years’ start-ups have landed and are flourishing. More research from Momentum Cyber shows that security merger and acquisition activity, while down from $20.5 billion in CY17, remained strong in CY18, reaching $15.2 billion through November 2018. As the security market matures and becomes less segmented, we see a 1+1=3 dynamic at work. Through market consolidation, organizations can derive exponentially more value from their security tools. Here’s how.
Integration. Instead of taking on the development burden of integrating dozens of disparate security products across their ever-expanding perimeter, organizations can look to cybersecurity vendors to provide an architecture that streamlines integration of the acquired technologies for them. The latest CISO Benchmark Study released today by Cisco, finds that of 3,200 security decision makers surveyed, 63% have 10 or fewer vendors, whereas in 2017 this number was 54%. Consolidation allows them to gain operational efficiencies and the better protection they seek, rather than struggling with individual products that each generate their own set of alerts, making it difficult to identify those threats posing the most risk to the organization. They can also take advantage of custom automation capabilities so that their multiple best-in-class offerings work in concert to deliver security that is less complex and more effective. For example, something as simple as applying automation to pull data from these different security products and aggregating them into a single, easy to read pane can save a tremendous amount of time and frustration while delivering greater visibility and control.
Total solutions. Customer experience is becoming an imperative in the security industry and the lines between products and services are blurring as the emphasis shifts to total solutions. Market consolidation brings together talent to deliver even greater value as an integral part of a larger security ecosystem focused on solutions. Organizations can select from a spectrum of the capabilities delivered in a way that best matches their operational readiness and resource requirements. There are many examples of services combined with tools and technologies to deliver comprehensive solutions: Incident Readiness and Response (IRR), Segmentation Programs, and Managed Detection and Response (MDR) to name a few.
Taking a closer look at IRR, service providers are using new technologies like infrastructure analytics platforms, application performance management, and security instrumentation platforms to gain the visibility and automation necessary to lead effective Purple Teaming exercises designed to strengthen defenses and response. In the area of segmentation, advanced analytics platforms, authentication and access management tools, and outsourced experts reduce the burden on internal teams to discover devices and traffic patterns, define segments, and establish trusts or policy with other segments.
Creating a better, safer world is more than a theme; it’s a vision we share across the security industry. By working together, from startups to blue chips, that vision can become a reality. I’m looking forward to seeing many of you at RSA Conference 2019 and celebrating how far we’ve come!