Blog post

RSA 2018: Not As Messy As Before?

By Anton Chuvakin | April 26, 2018 | 4 Comments


As I am starting to write this, RSA 2018 is not even over yet, but I think I am ready to blog my impressions from this year’s event. As I mentioned many times, I love the #RSAC conference, unlike many of my peers. I like the “industry in one room” vibe, the connections, the hallway insights and – yes – I even like the over-the-top vendor expo. And, no, I never said “50,000 lemmings can’t be wrong”, this is a fake quote 🙂

OK, this post is about RSA themes and trends observed by me! Note that I don’t pay attention to some areas of security that are perhaps very important, but I personally don’t care about them – like, say, application security. Hence the list below is biased by my interests.

  1. My #1 fear for RSA this year was that “AI” will stare at me from every booth, and it didn’t happen. Hurrah! Machine learning and “AI” were visible, but not overwhelming. Somebody mentioned there was a booth with a slogan “machine learning cyber AI”, but I failed to locate it.
  2. For a few years, I’ve been looking for IoT security (as well as its OT and ICS brothers), and my impression this year was that perhaps more vendors mentioned the theme, but not many (my suspicion is that the spend is just not there).
  3. Here is one “was old, now new” bit – and this is an insight to me. I saw a lot of asset management. Say, what? Well, asset discovery and asset management for the modern era is a BIG HUGE problem, and so I am happy to see some vendors appear to handle it creatively.
  4. Also, from the “old to new” bucket: I think I’ve seen more email security this year (I assumed that it is a solved problem, apart from well-crafted spear phishing – which is IMHO unsolvable in principle)
  5. Ah, and another “old to new”: I’ve seen a bunch of flow-based security monitoring tools, and my first reaction was “oh, so 2002!” Now, I need to be convinced that they matter for modern threats.
  6. Threat hunting – well, we did a panel on that and hopefully we contributed to signal and not noise. Many booths did have something about hunting and of course few if any defined it, but, just as “AI”, it didn’t feel too excessive.
  7. There was comparatively more data security (if not DLP) at the event, and I hypothesized that perhaps GDPR made them do it [I even saw a data diode in one booth – and who doesn’t love those…]. GDPR itself also was not a big presense, boosting my fears that it may help security … or hurt it.
  8. Furthermore, every year I seek to confirm that few care about insider threats – and this year is no exception. I’ve seen some sleepy booths that mentioned insiders, but, as I suspect, no insider threat rush.
  9. Moving target security – OK, it does sound vaguely interesting, but does it work IRL? To me, the proof is in the pudding and the vendor saying “we secure military IoT” isn’t pudding …
  10. And finally…. BLOCKCHAIN. You just had to ask, eh? Unlike my esteemed colleague, my uneducated opinion is that blockchain is good for two things only: providing cybercriminals with money and generating hilarity. So, no, not a security trend IMHO. Not now. Not later. Not ever.

Past blog posts related to RSA conferences:

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed


  • Eric Sun says:

    Great summary Anton—matches with we saw on the floor! Agreed with the skepticism around flow-based monitoring: there are a ton of new Managed Detection and Response vendors, and they’ve clearly chosen the endpoint.

    Re: blockchain, glad we aren’t seeing the word mashed into vendor marketing. The rise of crypto makes an impact, though—security teams need to better detect stealthy because of the sheer profitability of cryptojacking.

  • Thanks for the quick blog, Anton. Good stuff!

    We had our 6th annual “ArcSight Employee Alumni” reunion party!!

    PLUS – I was very pleased to see a lot of interest to work at Demisto as we grow!

  • Rene Kolga says:

    I do believe insider threat is one of the most underappreciated issues in cybersecurity. Studies by cyber-insurance companies seem to confirm that –

    But hey, we still haven’t truly solved the Patch Management challenge, so better invest there first! 🙂

    From the trends that I’ve noticed this year – Zero Trust was definitely very prominent. Additionally, it’s amazing that pretty much all vendors (especially endpoint) are going with the same message: “Whatever you have now is terrible, uninstall it immediately and put us in-place”. What happened with layered defense?