Another year of RSA has come to a close. As we reflected on the changes from 2019 to now, it wasn’t surprising to see what was top of mind for not just the audience but also what was reflected in the vendors who were present and the messages they were promoting. During last year’s RSA, our team was emphasizing the need to measure cybersecurity effectiveness like any other business function. And, that to be successful, organizations would need access to the most relevant threat intelligence for their industry or business model, combined with the ability to automate validating that the dollars they were spending on security were, in fact, doing what they expected. At the event, we announced partnerships with threat intel providers like Anomali and Intel471 as the first step toward making this important strategy a reality for our customers.
However, the industry was only just starting to shift. Soon after, Verodin was acquired by FireEye, we saw more significant breaches to governments and large organizations, and most recently, the Iran threat introduced new threats of which every organization needed to be aware. By now, the market had begun to fully embrace the need for measuring cybersecurity effectiveness with proof that could be shared at the CEO and Board of Directors level.
Now, fast forward to RSA 2020 and not only has cybersecurity effectiveness become a board level conversation, but also, new vendors are like Microsoft and Amazon with their cloud offerings were highly visible at the event and have incorporated the importance of securing the cloud into their offerings. What has not changed at RSA, however, is that there are so many vendors…many saying the same thing…that an organization needs to be ever more vigilant in testing and validating that what is in place is protecting its assets.
We have attended numerous RSA gatherings, and this year, we noticed immediately a decline in attendees from years past. And while walking through the show’s floor, we also observed that while the vendor presence was still active and all the “right” logos were present, there was an absence of new and innovative approaches or solutions to solve the real problems that we’re all facing – and quite simply, that problem is that the security products and solutions most commonly used are not working or are misconfigured, as evidenced by breaches happening every day.
What was particularly noteworthy for the Verodin team was at this year’s conference, we exhibited our new integration of FireEye Threat Intelligence and the Verodin Threat Actor Assurance Module (TAAM). Met with great enthusiasm from fellow conference attendees, Verodin TAAM provides organizations with a much needed solution that can evaluate their ability to detect, block and alert on the latest attack behaviors from numerous threat actors, while also enabling security teams to continuously validate and optimize their security programs.
Yet, despite the lack of new “things” and fewer attendees, the conference still provided an important platform where we – the cybersecurity industry – can have the critical conversations to address the need for change.
Our key takeaways from RSA Conference 2020 include:
- There was a noticeable uptick in vendors changing their messaging to lead with either “data,” a measurable improvement in customer security, or “outcomes,” solutions for real customer needs. Unfortunately, many vendors did not have a clear path on how to get there. For instance, we observed that many pitches were disjointed and how to solve unmet customer needs remained unclear, but one startup stood out – Securiti.AI nailed it when it came to the customer need in the privacy-space.
- We all know that cloud is not new, but for the first time, it was pervasive across the vendor booths exhibiting various cloud security solutions. Cloud also seems to be linked to another trend that we noticed – non-security vendors, especially in the cloud hosting space, such as Microsoft and Google, are releasing their own security offerings. Aside from platform specific security features, offerings like "Cloud SIEM" will probably, over time, impact the SIEM market and the traditional players in that space, such as IBM and Splunk.
- Zero Trust, a security architecture championed by Google, appears to have gained enough customer interest that vendors are now fully onboard, marketing "Zero Trust" offerings…despite the fact that neither the customers nor the vendors are fully on the same page as to what Zero Trust really means.
- Automation and SOAR are not new, but similar to cloud and Zero Trust, SOAR, automation and orchestration products seem to be at the forefront of vendor offerings. Organizations are looking into automation and orchestration as a solution to solve workforce and workflow issues. Why? Because they don't have enough people and because the tools they have are not working or are too complicated to configure optimally. As a result, organizations are hoping that another tool can fix what is broken with their security programs.
But most importantly, we observed a change in the conversations we were having. There was a broad awareness and willingness to discuss how broken most InfoSec programs are from the customer’s perspective. And this is a refreshing change, as for years, these conversations were disconnected from reality – from "of course this ‘thing’ works" to today, where customers are admitting their programs are broken.
This is truly important and marks a milestone to addressing the need for change, because if we can turn the corner on the willingness to speak frankly amongst ourselves and recognize that many organizations are making decisions without evidence and based on assumptions, then we are one step closer to making meaningful change. And to do that, we need to recognize the importance and need for implementing instrumentation and validation.
Want to learn more about how we can help you start validating your cybersecurity effectiveness? Want to know how you can start validating your controls against current and actual attacks? Download An Executive Summary: Addressing Cyber Risk and Security Effectiveness in the Digital Age and reserve an advanced copy of our 2020 Security Effectiveness Report.