As I mentioned before, unlike some in our industry, I love RSA Conference (#RSAC), chiefly as an “industry–in–a-room” [not to be confused with a mythical SOC-in-a-box :-)] phenomenon.
RSA is best venue for “theme divination”, a strictly non-scientific process of absorbing huge amounts of hype in the vendor expo halls and the sessions in order to predict what the industry will be obsessed about in the next year. Naturally, people will still be patching Windows 2008, changing firewall rules and updating passwords – as well as do many other 1990s-style security tasks, but the minds of many will be elsewhere…
But where? I am slightly ashamed to admit that NO THEME came to me after I soaked up all the hype in the vast RSA vendor halls last week. To be sure, there were themes – see below – but I failed to arrive at The Theme.
What have I noticed overall?
- There was a decent amount of “automate” and “automation” of security, with some “orchestration” mixed in (all “powered” by the security skills crisis). Confusion about automation will be with us for a while… In fact, this item would be as close to a year’s theme as I was able to get – hey, even NAC vendors rebrand as “security automation vendors”
- As a matter of fact, many vendors mention the security skills crisis or security team capacity problems – I’ve seen this on UEBA, EDR, and of course SOAR vendors. Some vendors insist that automation is the answer, some that analytics/intelligence is, while others focus on workflow improvements.
- Along the same line, artificial intelligence (AI) messaging was in the air like an annoying dung fly. But then again, unlike AI, dung flies actually exist…
- Unlike other observers, I‘ve seen less endpoint and less EDR noise – given that I detected “the return of the endpoint” back in 2013, this is not shocking. Maybe the pendulum will now swing back to the network?
- People are launching new Threat Intel Platforms (TIP) which is hilarious, given the size of this “market.” The two leading players probably have enough business… but do we need 3-5 more?!
- Threat detection message is still going strong, as security spend continues to leak from prevention to a balanced mix of prevention / detection / response (of course, there is always that one village idiot who promises to prevent all the unknown threats…why do they never learn?)
- Deception vendors were also out in force, but of course their voices were drowned by all the continuing security analytics clamor (hey…even log management vendors are now “security analytics”, because….eh…because SECURITY ANALYTICS!!!)
- I did notice yet another vendor that used “moving target security” as their slogan. It seems that both vendors using this idea are quite dissimilar, but they are worth a mention as a potential candidate for “paradigm expansion”, if not truly paradigm shift in security.
- A phenomenon I pointed in my RSA 2015 blog has gotten even worse: I’ve seen way too many vendors who are barely a feature, but probably not a product and certainly not a business. What is worse, there were plenty of vendors that felt like random bundles of features, just like Oliver said here and I did here. Yes, somebody somewhere needs exactly that bundle, but most of them are never going to be mainstream….
- A few things I expected to see very little – and indeed they were NOT there:
- IoT security – we all know that there is no money in IoT security yet (“By year-end 2020, IoT risk and security needs will add an average of 2% to the total IoT project costs, up from 0% today.”)
- Insider threat – I continue to insist that very few truly care about it.
- Finally, the show serves as a good reminder that “security market consolidation is B.S.” Well, as somebody said “it is consolidating, never consolidated” – we had a fair number of acquisitions, but also a hugely expanded number of vendors (some say no longer 800, but more like 1200-1500 security vendors our there)
To close this off, I wanted to quote my buddy Dave:
— Dave Shackleford (@daveshackleford) February 18, 2017
There you have it Hope you enjoyed RSA! See you next year!
Past blog posts related to RSA conferences:
- RSA 2016: Musings and Contemplations
- RSA 2006-2015 In Anton’s Blog Posts!
- RSA 2015: Rise of Chaos!!
- RSA 2013 and Endpoint Agent Re-Emergence
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.