Gartner Blog Network

RSA 2019: Happily Not Over-AI’d

by Anton Chuvakin  |  March 12, 2019  |  1 Comment

My RSA Conference (#RSAC) this year was only a one day affair due to a new baby at home, but I cannot skip my ”duty” of writing this blog post with conference observations and impressions.

Here they are:

  1. My first observation from the HUGE ~900 vendor expo was a happy one: mad claims of “AI” were NOT staring at me from every booth. At least one vendor with “AI” in the name honestly said “we use basic statistics, really.” In fact, my impression is that AI was mentioned at perhaps 1-5% of the booths, if that. Count this one as a win for sanity!!
  2. Another thing I feared to see and fortunately had not seen: GDPR and privacy. The former is a solved problem, as I was told, and nobody cares about the latter 🙂
  3. In fact, there was so little compliance overall, you can forget that merely 7-10 years ago, much of security was in fact sold as “helps compliance.”
  4. Among other things spotted, perhaps subjective: I’ve seen a fair amount of identification and authentication this year.
  5. Perhaps not unrelated, I’ve also seen a lot of zero trust this year. The concept comes from 2010, but for some reason many vendors have re-discovered it and plastered it all over their booths.
  6. While AI was not there in annoying volumes, “hunting”, sadly, was spotted on many booths. Needless to say, much of this had no relation to the practice of threat hunting.
  7. Automation as theme was spotted by others, but, frankly, I didn’t feel it was an oppressive presence, just like AI.
  8. From the classic security products, I’d say DLP is still very much there.Threat intelligence vendors also were seen in force. Or perhaps random vendors claimed, out of the blue, that they do threat intelligence now 🙂
  9. As before, I picked a few of the “we analyze logs but we are totally not a SIEM” vendors. I have no idea why they do it, but some keep doing it, in a very self-defeating manner. Saying “not a SIEM” when you have one, only removes you from a $2b market…
  10. As we predicted, UEBA capabilities spread all over the security toolset. In fact, I’ve seen plenty of “EDR with UEBA”, “CASB with UEBA” and a lot of other tech with UBA or UEBA or just user analytics.
  11. Refreshingly, SaaS almost-SIEM is having a big moment! Both Microsoft and Alphabet are building theirs. For years, I insisted that “SaaS SIEM is the future” but also, until recently, that “SaaS SIEM does not really exist” (2015).
  12. Sadly, the trend I mentioned in 2015 RSA post is still very much with us: many vendors claim that they “<protect/block/detect> of threat <X/Y/Z> in the environment of <A/B/C>” but cannot explain anything beyond that point. This is how you get “DLP for Kubernetes”, really. This is why we cannot have nice things in infosec …
  13. In fact, the number of vendors who don’t know what they themselves do, or at least cannot explain it even to an expert is too high. Epic FAIL!
  14. Related to this, I feel that I’ve detected fewer patterns and in fact more vendor diversity. It seems to follow this trend, only more so. This makes “market-defining” activity much harder.

There you have it!

P.S. Also see this (Gartner access required)

Past blog posts related to RSA conferences:

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: conference  

Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Thoughts on RSA 2019: Happily Not Over-AI’d

  1. […] admittedly, the times have changed. SaaS SIEM is finally here and recent advances all look likely to make this model more popular. In some segments, like say vulnerability […]

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.