Cisco Subnet An independent Cisco community View more

Anticipating RSA 2015

Focus on threat detection/response, endpoints, threat intelligence, IAM, cloud, and SDN

The annual security geek-fest known as the RSA Security Conference is just two weeks away. Alas, I remember when it was a cozy event that attracted a few thousand visitors and focused on esoteric security technologies like cryptography, deep packet inspection, and malware detection heuristics. 

As for 2015, I expect at least 25,000 attendees spanning keynote presentations, show floors, pervasive hospitality suites, and a constant barrage of hokey themed cocktail parties.

As far as "buzz-worthy" topics at RSA 2015, I anticipate the following:

  1. Advanced threat detection/response. Lots of security vendors have been chasing this rabbit since FireEye's IPO, so I expect a lot of hype at RSA. Rather than discuss discrete technologies like Sandboxing, however, many vendors will pitch an integrated threat detection architecture built upon endpoint forensics, full-packet capture, and static/dynamic malware inspection spanning from on-premise appliances to cloud-based services. Check Point, Click Security, FireEye, Fortinet, Hexis Cyber Solutions, IBM, LogRhythm, Raytheon Cyber Products, and Splunk will likely articulate this type of message. In the past the emphasis was really on detection, but I presume that incident response will have an equal role this year. Given this, I anticipate buzz around the Forum for Incident Response and Security Teams (FIRST) as well as vendors like FireEye/Mandiant and Resilient Systems. 
  2. Threat intelligence. Between President Obama's executive order and the chatter on Capitol Hill, threat intelligence is garnering quite a few headlines these days, so the momentum will continue at RSA. I expect these discussions to include threat intelligence standards (i.e. CybOX, OpenIOC, STIX/TAXII), threat sharing (ISACs, legislation, etc.), threat intelligence consortiums (i.e. Cyber Threat Alliance.) threat intelligence feeds/services (Arbor Networks, Dell SecureWorks, iSight Partners, Norse, ThreatMetrix, Verisign, Webroot), and threat intelligence correlation/analysis platforms (CRITs, IBM, Symantec, Vorstack, etc.).
  3. Endpoint security. According to ESG research, 58% of enterprise organizations would prefer an integrated endpoint security suite that covers incident prevention, detection, and response (note: I am an ESG analyst). From a market perspective, every vendor wants a piece of the action, including the AV crowd (Kaspersky, McAfee, Symantec, Trend, etc.) and startups (Bit9, Confer Crowdstrike, and Cylance). Others like Cisco, FireEye, IBM, Palo Alto, and RSA plan to approach the endpoint from other high ground in the security market, while Bromium, Invincea, and Spikes will center their discussions on that insecure piece of software known as a browser. 
  4. Cloud and SDN security. While these two areas are quite different, I am putting them together here as products in each category are built for automation, virtualization, and orchestration. Cloud and SDN security is also all about extending security controls and monitoring to new types of virtual technologies. Cisco will trumpet SDN, Tufin will crow about network security automation, and Evident io, HyTrust, ThreatConnect, and vArmour will yack about new requirements for hybrid data center security.
  5. Identity and Access Management. In my humble opinion, IAM is increasingly important for security but doesn't get nearly the attention it should. I am sure that FIDO Alliance supporters like ARM, PayPal, and Nok Nok Labs will want to elevate these IAM discussions. Microsoft is also ready to advance IAM thought leadership by spreading the word about Azure Active Directory. 

While security products always grab center stage at RSA, I hope there is ample discussion about security services as well. Mid-market and small enterprise organizations that can't keep up with cybersecurity requirements on their own are flocking to service providers en masse so services should get more air play. 

I look forward to RSA, it is always educational and fun. I just hope that the cybersecurity community at large takes the time to appreciate the seriousness of our industry in between bountiful helpings of alcohol, food, and marketing rhetoric. 

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.