Security Experts:

Connect with us

Hi, what are you looking for?


Training & Awareness

Security Trends From RSA Conference 2016 in San Francisco

RSA Conference 2016

The RSA Conference in San Francisco is the largest annual gathering of people working in, selling to, reporting on or analyzing the security industry. Each year there are general trends that come out of the show, although trends can be in the eye of the beholder.

RSA Conference 2016

The RSA Conference in San Francisco is the largest annual gathering of people working in, selling to, reporting on or analyzing the security industry. Each year there are general trends that come out of the show, although trends can be in the eye of the beholder.

Attended by roughly 40,000 people, there were more than 500 vendors and 700 sessions, so the observations below are one small perspective with an admitted bias towards Identity and Access Management since that’s where I focused most of my time. Here are some observations on security trends observed at the event that took place last week (Feb. 27 to Mar. 4) a the conference.

1. Apple is winning the hearts and minds of security professionals

The feds were represented well at the show with addresses from the likes of Attorney General Loretta Lynch and Director of the National Security Agency, Admiral Michael S. Rogers, among others. Their general message was to ask for cooperation from the industry for the good of national security. The reaction seemed chilly at best.

In his keynote speech, RSA President Amit Yoran made the case that, “Weakening encryption is solely for the ease and convenience of law enforcement when pursuing petty criminals. No credible terrorist or nation state actor would ever use technology that is knowingly weakened.”

2. Attacks from the inside are not necessarily perpetrated by insiders

When we think of the insider threat, traditionally we imagine the malicious or careless user bent on personal gain, exercising a grudge or unwittingly exposing the organization to vulnerabilities. While those threats are real, the type of insider attack that had most people worried is the outsider who has obtained the insider’s credentials through phishing, malware or social engineering.

This isn’t a new phenomenon, but many of the sessions at the event and a great number of vendors on the show floor were focused on this problem, marking it as a more mainstream concern than previous years. The issue is exacerbated by the fact that insiders (with the exception of privileged users) are not treated to the same level of scrutiny as outside attack vectors, particularly with executives having access to sensitive information.

3. Analytics has entered the cliché zone

Pretty much everyone was talking about analytics. And each of them had a different definition of what it meant or how to deliver it. Analytics holds great promise in the struggle for staying ahead of attackers, but the industry needs to coalesce around the terminology and demonstrate results for detecting and disrupting attacks before much is spent on it by security teams.

4. Venture capital for security companies is slowing, which will drive vendor consolidation

Speaking with four analysts from different firms, this was a consistent point. One said, “there are a lot of security companies that are really just features.” The lack of additional funding means that smaller companies without positive cash flow are going to have to focus on an exit strategy, and most are looking to be acquired by larger companies.  This can be good for consumers of security technology, who face too many solution silos, but smaller vendors who don’t find a seat before the music stops will face difficult decisions.

5. What next?

Finally, there seems to be a lot of complaining that the RSA Conference has outgrown San Francisco. When one and two star hotels are going for upwards of $500 a night, perhaps the supply and demand for hotel rooms is out of balance. It will be interesting to see how Dell influences the future of the show, once the dust from that acquisition settles.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tips for making a presentation that will help improve the state of security programs and reflect favorably on the presenters and their companies

Management & Strategy

UK-based cybersecurity training solutions provider Immersive Labs announced on Wednesday that it has raised $66 million in new capital.

Application Security

Hack The Box Raises $55 Million in Funding Round Led by Carlyle

Management & Strategy

Neurodivergence, by its name, implies a different way of thinking. The question we wish to examine is whether the inclusion of this neurodiversity can...

Management & Strategy

The US government’s 120-day Cybersecurity Apprenticeship Sprint has come to an end. The initiative has resulted in more than 190 new cybersecurity programs and...

M&A Tracker

Security awareness training company KnowBe4 will go private after being acquired by Vista Equity Partners for roughly $4.6 billion in cash.KnowBe4 first announced receiving...


Faced with the daily barrage of reports on new security threats, it is important to keep in mind that while some are potentially disastrous,...