Just a week to go before the biggest cybersecurity event of the year, the RSA Security Conference in San Francisco. Building upon industry momentum and the dangerous threat landscape, I expect a record-breaking crowd from the Moscone Center to Union Square.
What will be the focus on this year’s event? Well it should be the global cybersecurity skills shortage which continues to get worse each year. According to ESG research, 46% of organizations claim that they have a “problematic shortage” of cybersecurity skills, up for 28% last year (note: I am an ESG employee). In my humble opinion, the cybersecurity skills shortage has become a national security issue demanding a more comprehensive strategy. Here’s an article I recently wrote with more details on this topic.
Now while we should be talking a lot about the cybersecurity skills shortage and there will be a few sessions on this topic throughout the halls of the event, but cybersecurity skills won’t get top billing. Why? Because products drive VC investment and corporate profit. Given this fact of capitalism, product conversations will once again dominate the dialogue. Here are a few highlights I expect at this year’s RSA:
1. The move to security automation and orchestration. Okay, this topic is certainly parenthetical to the skills shortage – since we don’t have enough cybersecurity bodies available, we better make those we have as productive as possible. This makes security orchestration and automation a huge deal in 2016 – heck, FireEye already acquired Invotas and we aren’t through February yet. I look forward to speaking with integrated Cybersecurity orchestration platforms (ICOPs) vendors like FirstHour, Phantom Cyber, Resilient Systems, ServiceNow, and Swimlane to hear more about how they are progressing.
2. Cloud security confusion and progress. My colleague Doug Cahill and I are engaged in a number of research projects in this area and I’ve blogged on some of our findings around heterogeneous multi-dimensional cloud security. Even sophisticated enterprises don’t know where to turn when it comes to securing internal OpenStack and vCloud assets hosted on hyper-converged infrastructure while simultaneously protecting workloads hosted on Amazon AWS, IBM SoftLayers, Microsoft Azure, and others. They’ve tried traditional security controls and they don’t work well so they need a scalable, virtual, and comprehensive software-based alternative. Can’t wait to hear what CloudPassage, HyTrust, Illumio, Trend Micro, and vArmour are seeing in terms of customer deployments and lessons learned.
3. Data security’s secret renaissance. Remember the DLP craze around 2007? Well data security is making a quiet comeback. Symantec’s DLP business grew 35% last year, Digital Guardian’s endpoint DLP business is on fire, Ionic is an up-and-comer, and Varonis is an enterprise favorite for data governance. For years, data security has been an under-invested area of cybersecurity but it seems to be rebounding nicely. After all, 9 of 10 bad guys want to steal data rather than simply cause havoc. Doug will be all over this space.
4. Next-generation endpoint security is in play. ESG is also engaged in a project on next-gen endpoint security and I’ll be presenting our findings on Thursday (details about the session can be found here). Traditional anti-virus is being challenged by upstarts like Carbon Black, Countertack, CrowdStrike, Cylance, Invincea, and SentinelOne. Each of these vendors offers a different solution so Doug and I are talking to dozens of enterprise organizations to see why they need next-generation endpoint security and what decisions they are making. While I look forward to presenting on this topic, I’m also am anxious to discuss our findings with dozens of experts attending the event.
5. Security analytics. This is really one of my bread-and-butter coverage areas and things are changing quickly. UBA vendors like Exabeam, Forcepoint, Fortscale, Niara, Securonix, and Sqrrl are applying machine learning algorithms to detect malicious activities and gaining enterprise traction. Traditional SIEM vendors like IBM (QRadar), LogRhythm, RSA, and Splunk are expanding their domains by adding algorithms and big data security platform support. Meanwhile, there’s a market emerging for threat intelligence platforms like Brightcloud, ThreatConnect, ThreatQuotient, and ThreatStream, while MSSPs like Dell SecureWorks and Symantec continue to gain steam. How can security analysts put all of this stuff together to gain situational awareness? That’s the question I’ll be asking at RSA.
I'll post another blog about RSA this week. As for next week, Doug and I will be walking the halls at the Moscone Center and attending related events all week long. Hope to see you there!