CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Training & Awareness

Security Trends From RSA Conference 2016 in San Francisco

RSA Conference 2016

The RSA Conference in San Francisco is the largest annual gathering of people working in, selling to, reporting on or analyzing the security industry. Each year there are general trends that come out of the show, although trends can be in the eye of the beholder.

RSA Conference 2016

The RSA Conference in San Francisco is the largest annual gathering of people working in, selling to, reporting on or analyzing the security industry. Each year there are general trends that come out of the show, although trends can be in the eye of the beholder.

Attended by roughly 40,000 people, there were more than 500 vendors and 700 sessions, so the observations below are one small perspective with an admitted bias towards Identity and Access Management since that’s where I focused most of my time. Here are some observations on security trends observed at the event that took place last week (Feb. 27 to Mar. 4) a the conference.

1. Apple is winning the hearts and minds of security professionals

The feds were represented well at the show with addresses from the likes of Attorney General Loretta Lynch and Director of the National Security Agency, Admiral Michael S. Rogers, among others. Their general message was to ask for cooperation from the industry for the good of national security. The reaction seemed chilly at best.

In his keynote speech, RSA President Amit Yoran made the case that, “Weakening encryption is solely for the ease and convenience of law enforcement when pursuing petty criminals. No credible terrorist or nation state actor would ever use technology that is knowingly weakened.”

2. Attacks from the inside are not necessarily perpetrated by insiders

When we think of the insider threat, traditionally we imagine the malicious or careless user bent on personal gain, exercising a grudge or unwittingly exposing the organization to vulnerabilities. While those threats are real, the type of insider attack that had most people worried is the outsider who has obtained the insider’s credentials through phishing, malware or social engineering.

This isn’t a new phenomenon, but many of the sessions at the event and a great number of vendors on the show floor were focused on this problem, marking it as a more mainstream concern than previous years. The issue is exacerbated by the fact that insiders (with the exception of privileged users) are not treated to the same level of scrutiny as outside attack vectors, particularly with executives having access to sensitive information.

Advertisement. Scroll to continue reading.

3. Analytics has entered the cliché zone

Pretty much everyone was talking about analytics. And each of them had a different definition of what it meant or how to deliver it. Analytics holds great promise in the struggle for staying ahead of attackers, but the industry needs to coalesce around the terminology and demonstrate results for detecting and disrupting attacks before much is spent on it by security teams.

4. Venture capital for security companies is slowing, which will drive vendor consolidation

Speaking with four analysts from different firms, this was a consistent point. One said, “there are a lot of security companies that are really just features.” The lack of additional funding means that smaller companies without positive cash flow are going to have to focus on an exit strategy, and most are looking to be acquired by larger companies.  This can be good for consumers of security technology, who face too many solution silos, but smaller vendors who don’t find a seat before the music stops will face difficult decisions.

5. What next?

Finally, there seems to be a lot of complaining that the RSA Conference has outgrown San Francisco. When one and two star hotels are going for upwards of $500 a night, perhaps the supply and demand for hotel rooms is out of balance. It will be interesting to see how Dell influences the future of the show, once the dust from that acquisition settles.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.