After much anticipation, the 2013 RSA Conference has come and gone. I have a number of topics to blog about starting with my positive impressions of the show:
1. Attendance was way up. In the past, a typical RSA Conference in the U.S. attracted around 15,000 attendees with a few boom years of around 18,000. This year’s conference was likely a record-breaker with roughly 24,000 to 25,000 registered attendees. The exhibition show floor was packed! It seems clear that business, IT, and security executives are paying more attention, funding cybersecurity initiatives, and seeking industry knowledge about threats, vulnerabilities, and defenses.
2. Advanced Malware Detection and Prevention (AMD/P) was pervasive. AMD/P was high on the agenda as vendors like Check Point, Fortinet, and McAfee jumped in by announcing sandboxing capabilities for existing IPS and firewall products. At the same time, industry “veterans” such as Damballa, FireEye, Palo Alto Networks, Sourcefire, and Trend Micro trumped up use cases and success stories. This is a positive development in my view as it confirms the dangers of advanced malware, provides users with competitive choices, and increases the security engineering brainpower for research and innovation in this area.
3. Incident detection got a lot of air play. Based upon ESG research and my own anecdotal experience, I believe that about 70% of enterprise security dollars are dedicated toward risk management and attack prevention while the remaining 30% goes toward incident detection and response. This is understandable from a historical perspective but it no longer works – when organizations are breached they often lack the right incident detection/response skills, processes, and tools. CISOs finally recognize this shortcoming and are looking to the industry for help. Vendors like Co3, Guidance Software, IBM, LogRhythm, RSA Security, and Splunk are responding to user demand with tools that simplify security forensics, analytics, and automation.
4. Security integration. ESG research indicates that 44% of large organizations plan to design and build a more integrated security architecture over the next 24 months. Why? Existing security point tools are costly to operate and don’t provide the right level of enterprise monitoring or command-and-control. CISOs are clearly looking to address these issues with integration across a security software architecture. Security vendors like Check Point, Cisco, IBM, McAfee, Sourcefire, and Trend Micro are busy integrated their products into solutions architecture to position themselves for these burgeoning enterprise requirements.
5. Cybersecurity reality. In between trade show gimmicks and cocktail parties, many of my RSA meetings took on a more serious and sober tone. Based on a series of breaches and the Mandiant report, there is a general recognition that our cyber adversaries have gotten much stronger while the IT attack surface continues to grow. Given the clear and present cybersecurity dangers, the information sharing and education component of RSA seemed especially focused this year.
All in all it was a very good RSA conference with timely topics, serious discussions, and a rational perspective on where we are and what we need to do. Alas, it wasn’t all sunshine and flowers. My next blog will focus on security industry hype and legacy behavior still lurking about the halls of the Moscone Center during RSA.