Last week's RSA Conference was a whirlwind of meetings, presentations, and unusual west coast rain storms. I'm not sure about the attendance numbers but it seemed especially busy - not surprising after the many cybersecurity events of 2013.
I met with around 40 different security vendors throughout the week and heard some encouraging news. Rather than crow about the latest technology fad or threat du jour, many security vendors are now focused on:
1. Integration. In the past, vendors tended to push a bunch of point products on a one-off basis, but enterprise CISOs are now resisting this onslaught as they don't have the time or personnel to manage an army of security widgets. Smart vendors are responding with more integrated product suites and central management. For example, TrendMicro is aggregating all of its endpoint elements into one product offering while FireEye is extending its protection across the enterprise. Similarly, Cisco is adding Sourcefire technology into traditional Cisco security and networking, while Symantec has consolidated a number of products into a data center security suite. Finally, Palo Alto Networks has externalized integration with a number of proof-of-concept projects with VMware NSX for virtual network security in large data centers. These efforts aren't simple bundling and marketing spin; there is actual R&D going on to make products work better together.
2. Ease-of-use. Security professionals don't have the time for complex product deployment, customization, or lengthy training classes on product administration. Fortunately, some vendors are addressing this by making their products much easier to use. Newcomer TraceVector is designed to identify and apply risk scores to malware with a simple but thorough graphical interface. Click Security uses visual analytics to help security professionals see the relationships associated with malicious traffic patterns between various internal and external hosts. LogRhythm's new 6.2 release is designed to advance and improve how security intelligence gets delivered to security analysts. Given the IT security skills shortage, this trend is very encouraging.
3. Middleware. Once you start integrating security piece parts, you need middleware to act as the software glue between them. McAfee announced this type of architecture as part of its Security Connected and Threat Intelligence Exchange (TIE) announcements. In the short term, McAfee will use its middleware to integrate its own products and threat intelligence, but it plans to extend these capabilities to third parties over time to support heterogeneous environments.
4. Automation. Given the scale of network traffic and malware, CISOs want intelligent technologies to take some of the risk management and remediation burden. I hosted a panel discussion on security automation that featured speakers from Boeing, NIST, and JW Secure (sponsored by the TCG) around this topic. All agreed that we need to instrument security tools and provide standard enumeration and protocols so we can share information more effectively. Many vendors are using the DHS/Mitre TAXII and STIX standards along this line to automate and integrate threat intelligence sharing. Aside from standards discussions, new security products from companies like Proofpoint, Tufin, and vArmour are designed specifically to automate today's complex security tasks. Once again, the security skills shortage makes automation a necessity.
The RSA Conference tends to be a security technology lovefest that gives attendees the impression that we are a mere CPU cycle away from defeating our cyber adversaries. I get the seduction in play here and certainly realize that technology alone won't solve our cybersecurity problems anytime soon.
In spite of my skepticism, I was pleasantly surprised and encouraged by this year's event. By all indications, security vendors are finally considering something that was minimized in the past - actual enterprise security requirements. An obvious, long overdue, and positive step for the industry.