Blog post

RSA 2017: What’s The Theme?

By Anton Chuvakin | February 22, 2017 | 6 Comments


As I mentioned before, unlike some in our industry, I love RSA Conference (#RSAC), chiefly as an “industry–in–a-room” [not to be confused with a mythical SOC-in-a-box :-)] phenomenon.

RSA is best venue for “theme divination”, a strictly non-scientific process of absorbing huge amounts of hype in the vendor expo halls and the sessions in order to predict what the industry will be obsessed about in the next year. Naturally, people will still be patching Windows 2008, changing firewall rules and updating passwords – as well as do many other 1990s-style security tasks, but the minds of many will be elsewhere…

But where? I am slightly ashamed to admit that NO THEME came to me after I soaked up all the hype in the vast RSA vendor halls last week. To be sure, there were themes – see below – but I failed to arrive at The Theme.

What have I noticed overall?

  • There was a decent amount of “automate” and “automation” of security, with some “orchestration” mixed in (all “powered” by the security skills crisis). Confusion about automation will be with us for a while… In fact, this item would be as close to a year’s theme as I was able to get – hey, even NAC vendors rebrand as “security automation vendors” 🙂
  • As a matter of fact, many vendors mention the security skills crisis or security team capacity problems – I’ve seen this on UEBA, EDR, and of course SOAR vendors. Some vendors insist that automation is the answer, some that analytics/intelligence is, while others focus on workflow improvements.
  • Along the same line, artificial intelligence (AI) messaging was in the air like an annoying dung fly. But then again, unlike AI, dung flies actually exist
  • Unlike other observers, I‘ve seen less endpoint and less EDR noise – given that I detected “the return of the endpoint” back in 2013, this is not shocking. Maybe the pendulum will now swing back to the network?
  • People are launching new Threat Intel Platforms (TIP) which is hilarious, given the size of this “market.” The two leading players probably have enough business… but do we need 3-5 more?!
  • Threat detection message is still going strong, as security spend continues to leak from prevention to a balanced mix of prevention / detection / response (of course, there is always that one village idiot who promises to prevent all the unknown threats…why do they never learn?)
  • Deception vendors were also out in force, but of course their voices were drowned by all the continuing security analytics clamor (hey…even log management vendors are now “security analytics”, because….eh…because SECURITY ANALYTICS!!!)
  • I did notice yet another vendor that used “moving target security” as their slogan. It seems that both vendors using this idea are quite dissimilar, but they are worth a mention as a potential candidate for “paradigm expansion”, if not truly paradigm shift in security.
  • A phenomenon I pointed in my RSA 2015 blog has gotten even worse: I’ve seen way too many vendors who are barely a feature, but probably not a product and certainly not a business. What is worse, there were plenty of vendors that felt like random bundles of features, just like Oliver said here and I did here. Yes, somebody somewhere needs exactly that bundle, but most of them are never going to be mainstream….
  • A few things I expected to see very little – and indeed they were NOT there:
    • IoT security – we all know that there is no money in IoT security yet (“By year-end 2020, IoT risk and security needs will add an average of 2% to the total IoT project costs, up from 0% today.”)
    • Insider threat – I continue to insist that very few truly care about it.
  • Finally, the show serves as a good reminder that “security market consolidation is B.S.” Well, as somebody said “it is consolidating, never consolidated” – we had a fair number of acquisitions, but also a hugely expanded number of vendors (some say no longer 800, but more like 1200-1500 security vendors our there)

To close this off, I wanted to quote my buddy Dave:

There you have it 🙂 Hope you enjoyed RSA! See you next year!

Past blog posts related to RSA conferences:

Comments are closed


  • Amit says:

    I like reading you for the simple reason. “No beating around the bush but straight to the point”.

    “Automation and Orchestration”. Heavy words, heavier money but lightest value addition.

    • Thanks for the comment — I think “Automation and Orchestration” value is in the “IT DEPENDS” bucket, not …ahem… automatically light. To be sure, for some orgs with weak and ad hoc processes, it is probably lighter than light…

  • Aa bb says:

    Just buy from $gartner and everything will be all right

  • Yotam says:

    Great summary Anton!
    As a startup who’s sole mission is to categorize the industry I can say that there way too many vendors in nearly 150 distinct product categories.
    This causes a huge headache for the customers, as they need to navigate and cut through the marketing buzzwords clutter just to understand what a product does….

  • Re: that TIP comment — our data indicates that I am a TIP optimist, based on the above 🙁 🙁 🙁