As I am starting to write this, RSA 2018 is not even over yet, but I think I am ready to blog my impressions from this year’s event. As I mentioned many times, I love the #RSAC conference, unlike many of my peers. I like the “industry in one room” vibe, the connections, the hallway insights and – yes – I even like the over-the-top vendor expo. And, no, I never said “50,000 lemmings can’t be wrong”, this is a fake quote
OK, this post is about RSA themes and trends observed by me! Note that I don’t pay attention to some areas of security that are perhaps very important, but I personally don’t care about them – like, say, application security. Hence the list below is biased by my interests.
- My #1 fear for RSA this year was that “AI” will stare at me from every booth, and it didn’t happen. Hurrah! Machine learning and “AI” were visible, but not overwhelming. Somebody mentioned there was a booth with a slogan “machine learning cyber AI”, but I failed to locate it.
- For a few years, I’ve been looking for IoT security (as well as its OT and ICS brothers), and my impression this year was that perhaps more vendors mentioned the theme, but not many (my suspicion is that the spend is just not there).
- Here is one “was old, now new” bit – and this is an insight to me. I saw a lot of asset management. Say, what? Well, asset discovery and asset management for the modern era is a BIG HUGE problem, and so I am happy to see some vendors appear to handle it creatively.
- Also, from the “old to new” bucket: I think I’ve seen more email security this year (I assumed that it is a solved problem, apart from well-crafted spear phishing – which is IMHO unsolvable in principle)
- Ah, and another “old to new”: I’ve seen a bunch of flow-based security monitoring tools, and my first reaction was “oh, so 2002!” Now, I need to be convinced that they matter for modern threats.
- Threat hunting – well, we did a panel on that and hopefully we contributed to signal and not noise. Many booths did have something about hunting and of course few if any defined it, but, just as “AI”, it didn’t feel too excessive.
- There was comparatively more data security (if not DLP) at the event, and I hypothesized that perhaps GDPR made them do it [I even saw a data diode in one booth – and who doesn’t love those…]. GDPR itself also was not a big presense, boosting my fears that it may help security … or hurt it.
- Furthermore, every year I seek to confirm that few care about insider threats – and this year is no exception. I’ve seen some sleepy booths that mentioned insiders, but, as I suspect, no insider threat rush.
- Moving target security – OK, it does sound vaguely interesting, but does it work IRL? To me, the proof is in the pudding and the vendor saying “we secure military IoT” isn’t pudding …
- And finally…. BLOCKCHAIN. You just had to ask, eh? Unlike my esteemed colleague, my uneducated opinion is that blockchain is good for two things only: providing cybercriminals with money and generating hilarity. So, no, not a security trend IMHO. Not now. Not later. Not ever.
Past blog posts related to RSA conferences:
- RSA 2017: What’s The Theme? (with some #AI jokes, but they are “so 2017”)
- RSA 2016: Musings and Contemplations
- RSA 2006-2015 In Anton’s Blog Posts!
- RSA 2015: Rise of Chaos!!
- RSA 2013 and Endpoint Agent Re-Emergence
- RSA 2011 Conference Notes
- RSA 2010 – Day 4-5
- RSA 2008 Summary and Reflections
Read Complimentary Relevant Research
How to Evaluate Cloud Service Provider Security
Security and risk management leaders continue to experience challenges to efficiently and reliably determine whether cloud service providers...
View Relevant Webinars
2017 CIO Agenda: A Security and Risk Management Perspective
The 2017 CIO Agenda highlights the importance of building a digital ecosystem for enterprises. Security and Risk Management leaders must...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.