Security Experts:

Observations From RSA Conference 2019

The RSA Conference is one of the premier events in the cybersecurity world. At times, it can be an overwhelming experience for vendors and attendees alike because of its massive scale and fast pace; however, it’s also a great opportunity for people like me to get insight into trends in the industry. When vendors, clients, partners, and professionals from all corners of the industry come together, you get a very clear picture of how people are thinking about the present and future of cybersecurity. 

My focus is on security orchestration, automation, and response solutions, better known by the acronym SOAR, and it’s been especially interesting to see how SOAR has evolved alongside broader industry trends. Here are a few observations from my time at RSAC 2019 about SOAR and the cybersecurity world at large.

SOAR is more of a known quantity now

What a difference a couple of years makes. The term SOAR has only existed since 2015, and while the foundational elements that it brings together—e.g. security automation, incident response, threat intelligence—have been on the scene for longer, many of these technologies have only become household names across the industry in the last few years. The past year has been huge for the growth of SOAR, and we saw that reflected in the way that conference attendees approached SOAR and how vendors presented their platforms. The buzzwords and bold marketing claims are giving way to more tangible offerings, as prospective buyers are learning to see through the noise and understand exactly what they’re looking for. From my perspective, this is a great development. I had a lot fewer conversations explaining what SOAR was, and more conversations that could get right into the details of the technology.

There’s a shake-up going on in the SOAR market 

As SOAR has become more prominent, there have been major moves in the industry, including the acquisitions of SOAR companies by major tech players. Bigger cybersecurity companies are seeing the SOAR market growing and are recognizing the potential of adding it to their offerings. There are actually only a few independent SOAR vendors left. These big public changes in the market have made many people start to pay attention and are affecting the way that people at RSAC were talking about SOAR, particularly because acquisitions and consolidation can make buying decisions more complicated. Buyers were wanting assurances that SOAR platforms would coexist with the rest of their security infrastructure, regardless of who developed the tools. 

Don’t forget about the human users

I deal with software buyers and users every day, but that can’t compete with RSAC for the opportunity to talk to a huge amount of people who are on the front lines using security tools in their day-to-day roles. Something that I heard from a lot of people is that as the technology behind the tools evolves, vendors shouldn’t forget about who is actually using the platform. For instance, powerful automation is great, but if the interface doesn’t reflect the real-world workflows of analysts, those gains in speed will be quickly cancelled out. Or to take another example, if a system’s integrations all require extensive manual coding, it’s going to require a lot more time from users up front, before it starts saving them time down the line. It’s a valuable thing to be reminded of periodically. As developers, it’s easy to get lost in the new features and powerful tech, while forgetting about who the solution is actually for.

And finally…

Maybe it’s just me, but it seemed like fewer organizations were throwing big parties at RSAC. There are still lots of fun events, but the focus seems to be on more intimate settings that are conducive to connecting with colleagues, clients, partners, and others in the industry. This is fine with me! After being on my feet all day presenting and talking to folks, going to a big party is the last thing I want to do. 

It’s an exciting time of the year, because there are several other events coming up where the security industry will come together to share their solutions, exchange ideas, and meet like-minded people from around the world. Now that the dust has settled from RSAC 2019, I’m already looking forward to the next one.

view counter
Stan Engelbrecht is the Director of Cybersecurity Practice at D3 Security and an accredited CISSP. Stan is involved throughout the product delivery and customer success lifecycle, and takes particular interest in working with customers to configure solutions. You can find Stan speaking about cybersecurity issues at conferences, in the media, and as the chapter president for a security special interest group.