The annual security geek-fest known as the RSA Security Conference is just 2 weeks away. Alas, I remember when it was a cozy event that attracted a few thousand visitors and focused on esoteric security technologies like cryptography, deep packet inspection, and malware detection heuristics.
As for 2015, I expect at least 25,000 attendees spanning keynote presentations, show floors, pervasive hospitality suites and a constant barrage of hokey themed cocktail parties.
As far as “buzz-worthy” topics at RSA 2015, I anticipate the following:
Advanced threat detection/response. Lots of security vendors have been chasing this rabbit since FireEye’s IPO so I expect a lot of hype at RSA. Rather than discuss discrete technologies like Sandboxing however, many vendors will pitch an integrated threat detection architecture built upon endpoint forensics, full-packet capture, and static/dynamic malware inspection spanning from on-premise appliances to cloud-based services. Check Point, Click Security, FireEye, Fortinet, Hexis Cyber Solutions, IBM, LogRhythm, Raytheon Cyber Products, and Splunk will likely articulate this type of message. In the past the emphasis was really on detection but I presume that incident response will have an equal role this year. Given this, I anticipate buzz around the Forum for Incident Response and Security Teams (FIRST) as well as vendors like FireEye/Mandiant and Resilient Systems.
Threat intelligence. Between President Obama’s executive order and the chatter on Capitol Hill, threat intelligence is garnering quite a few headlines these days so the momentum will continue at RSA. I expect these discussions to include threat intelligence standards (i.e. CybOX, OpenIOC, STIX/TAXII), threat sharing (ISACs, legislation, etc.), threat intelligence consortiums (i.e. Cyber Threat Alliance.) threat intelligence feeds/services (Arbor Networks, Dell SecureWorks, iSight Partners, Norse, ThreatMetrix, Verisign, Webroot), and threat intelligence correlation/analysis platforms (CRITs, IBM, Symantec, Vorstack, etc.).
Endpoint security. According to ESG research, 58% of enterprise organizations would prefer an integrated endpoint security suite that covers incident prevention, detection, and response (note: I am an ESG analyst). From a market perspective, every vendor wants a piece of the action including the AV crowd (Kaspersky, McAfee, Symantec, Trend, etc.) and startups (Bit9, Confer Crowdstrike, and Cylance). Others like Cisco, FireEye, IBM, Palo Alto, and RSA plan to approach the endpoint from other high ground in the security market, while Bromium, Invincea, and Spikes will center their discussions on that insecure piece of software known as a browser.
Cloud and SDN security. While these two areas are quite different, I am putting them together here as products in each category are built for automation, virtualization, and orchestration. Cloud and SDN security is also all about extending security controls and monitoring to new types of virtual technologies. Cisco will trumpet SDN, Tufin will crow about network security automation, and Evident io, HyTrust, ThreatConnect, and vArmour will yack about new requirements for hybrid data center security.
Identity and Access Management. In my humble opinion, IAM is increasingly important for security but doesn’t get nearly the attention it should. I am sure that FIDO Alliance supporters like ARM, PayPal and Nok Nok Labs will want to elevate these IAM discussion. Microsoft is also ready to advance IAM thought leadership by spreading the word about Azure Active Directory.
While security products always grab center stage at RSA, I hope there is ample discussion about security services as well. Mid-market and small enterprise organizations that can’t keep up with cybersecurity requirements on their own are flocking to service providers en masse so services should get more air play.
To read this article in full or to leave a comment, please click here