In the last couple of years, events were taken online, moved to virtual forums and conducted using social platforms via video set-up. Events became simpler to attend, but the individual component of the experience was missing – we all wanted to mix with our peers and see the eyes of a vendor as they pitch their latest message for automation, intelligence, analytics, or response solutions for cybersecurity.
There is no real eye contact in the live video; we look at cameras, not people.
At last, in 2022, that is changing. Many events have adopted hybrid platforms, giving participants options for attendance – this provides a choice: if we want to attend in person, we can.
Two of the most significant events I attend annually are the RSA conference in San Francisco and Infosecurity Europe in London. Traditionally these ran in February and June, and we would see messaging tweaks from vendors as new solutions and updates were released in that five-month window. Not so this year, with the two events occurring within three weeks of each other, during the hot month of June.
The Same, but Different
From a technology perspective, two solution frameworks were well-represented amongst established large-scale security vendors and start-ups.
Extended Detection and Response (XDR) is one area where we’ve seen prominent vendors such as Broadcom, McAfee and SentinelOne delivering solutions in the last couple of years. 2022 brought two interesting new entries to the market:
• IBM announced its acquisition of Randori for detection and XDR, and one of the Sandbox vendors.
• Neosec presented its security platform, which protects APIs from business abuse and theft from the perspective of API XDR.
Whilst there were no similar announcements at Infosecurity this year, Microsoft hosted an excellent roundtable session on the topic, which certainly captured attendees’ attention.
The next hot topic at RSA was user access, which means variations on password-less security for most solutions. With Apple making its most recent announcement at the Worldwide Developers Conference (WWDC) to kill off passwords, which ran at the same time as RSAC, there was a lot of interest in this topic.
• RSA announced ID Plus authentication as a cloud-based FIDO-based solution, and I did speak to a few other vendors who drew comparisons as to why they would be better than Apple. Still, overall, it’s evident that the days of 1234567 and Password123 are numbered.
Overall, there were fewer announcements at Infosecurity, but as a supporter of improving security tools and access for SMBs, there was one which was of particular interest to me:
• Menlo Security released its free HEAT assessment toolkit (Highly Evasive Adaptive Threats). These tools enable companies to assess their protection or potential exposure to attacks and gauge possible impact. It’s always great to see vendors releasing free tools to improve cybersecurity postures and awareness.
Messaging Confusion on Important Topics
Every year vendors at significant events want to deliver one message which makes everyone stop, look and discuss. This year has been no different. The prominent vendors, including Juniper Networks, Palo Alto Networks, Netskope and Versa, are now delivering on their SASE and Zero Trust strategies, moving them from the buzz term of two years ago to a necessity today.
Smaller vendors also led with their own messaging in both areas, adding unique twists to draw attention, but not always in the right way. Adding ‘Next Generation’ or ‘V2.0’ causes confusion where we need clarity. A strong product or solution risks being undervalued with a poor message, and sometimes it’s better to follow the market rather than try to stand out.
Security in Summary
Having RSAC and Infosecurity Europe events almost back-to-back this year is unique and unlikely to happen again. In 2023, RSAC has been announced for April, while Infosecurity Europe will remain in the regular June slot.
Did it work having the two events so close together? This year, yes. With restricted travel for many people and a new home for Infosecurity at Excel in London, I felt both events worked well. There were more product launches and announcements at RSAC. Still, in my opinion, the quality of conversation with customers was top-notch in London this year, even with reduced attendance due to a national train strike.
It was great to be back in-person at security events, and I enjoyed meeting with people and discussing our solutions face-to-face. Next year will be even better, and I look forward to having even more exciting conversations on the hottest cybersecurity topics.
Coverage of RSA Conference 2022 Announcements:
• #RSAC 22 Announcements Summary (Day 1)
• #RSAC 22 Announcements Summary (Day 2)
• #RSAC 22 Announcements Summary (Day 3)