Every year I try to recap what I saw and did at RSA, so here’s the capture for 2017. It won’t be comprehensive, but should get most major things.
Impressions
Things are just fine for companies selling products, but not so great for the companies using them.
We continue to under-emphaize fundamentals, and we get hacked as a result.
I was hoping this year would see more companies talking about resilience instead of prevention, but I didn’t get that impression from the floor or from the vendor list.
Activities
IOAsis: This was my second RSA at IOActive, and this year was both more stressful and more excellent than last year. The IOAsis, for those who don’t know, is an off-location event that IOActive puts on at the major security conferences, and basically serves as a getaway from the main event where there are too many people. This year I had a couple of panels, a couple of talks, and a ton of customer meetings and media interviews. Lots of stress, but lots of productivity as well.
Hanging with Friends: What I look forward to most is seeing my friends and co-workers all in one place.
Vendors and Networking: RSA to me is a sales, vendor, and networking conference. It’s a chance for me to see the various vendors and what they’re selling and a chance to see all my security friends who I only see a couple of times a year.
Speaking: I spoke at RSA on Thursday on the topic of testing Medical Devices, and the slides are here.
RSA Vendor Categories
RSA organized their vendors into the following spaces, which I found interesting enough by itself.
Analytics, Intelligence, and Response
Application Security & DEVOPS
C-Suite View
Cloud Security and Virtualization
Cryptography
Governance, Risk, and Compliance
Hackers & Threats
Human Element
Identity
Law
Mobile and IoT Security
Policy & Government
Privacy
Professional Development
Protecting Data & Applied Crypto
Technology Infrastructure & Operations
My Vendor List
I didn’t get to walk the floor as much this year as I normally do, but I did see or hear about a few key ones. My favorite types of technologies right now are based around data analysis, biometric authentication, attack surface and risk visibility/scoring, and deception.
What I’ve done here is gone through the RSA 2017 Vendor List and capture vendors that I found interesting in some way. If I already know the vendor and/or think it’s common knowledge, I probably didn’t list it.
These are meant to be those that are new or noteworthy in some way.
[ NOTE: These are my own hyper-concise summaries for these vendors and many could be inaccurate. I created this list either based on my own experience with the vendor or by reading the short summary they had published on the RSA site. Don’t take it personally if I mangle a product you’re close to; reach out and I’ll fix it. ]
Acalvio: DEVOPS integration of Deception technologies.
Adlink: IoT UTM device.
Agari: Enterprise phishing defense.
Akips: Virtual network monitoring appliances.
AlgoSec: Security policy management across cloud, on-prem, SDN, etc.
Allegro: OEM-focused embedded device software security.
AllthatSoft: Mobile application defenses, including obfuscation.
Anomali: Adversary detection through realtime threat indicator correlation.
Appthority: Mobile risk analysis and analytics.
Apricorn: Portable USB storage security.
Aqua Security: Virtual container security.
Armis: Wireless/IoT security.
Arxan: Application self-protection.
Attivo: Deception-based threat detection.
Auth0: Simplified SSO.
AvePoint: Protects O365 and SharePoint data.
Ayehu: IT automation and orchestration.
Baffle: Reduces impact of breaches by encrypting all data.
Balabit: Privileged user monitoring and user behavior analytics.
Bandura: GeoIP-based filtering.
Bastille: Security for the Internet of Radios.
Bay Dynamics: Prioritize enterprise security activities based on risk.
BehavioSec: User behavior analytics.
BigID: Helps enterprises secure the personal data they store.
Biscom: Enterprise data transfer technologies.
Bitglass: Real-time CASB.
BitSight: Security ratings for companies based on many factors.
Bivio: Counter-threat technologies with many Federal customers.
Blackduck: Understand the risk of the open-source software you’re using.
Blueliv: Scrapes the deep/dark web finding information on your organization.
BlueTalon: Data-centric security focused around noSQL technologies.
Bradford Networks: Reduces malware containment time.
Bricata: Modern NGIPS-based threat detection.
Bromium: Application isolation technology.
Bufferzone: Virtual container technology.
Buguroo: Cyberintelligence based on static analysis, vulnerability management, fraud detection.
Carbon Black: Next-gen endpoint security.
Catbird: Software defined network microsegmentation.
Cavirin: Security and compliance across physical, public, and hybrid clouds.
Cavium: High-throughput network gear.
Centri: Data security for the Internet of Things.
Centrify: Secures enterprise credentials and systems through centralization.
Centripetal Networks: Threat Intelligence gateway.
CheckRecipient: Ensures sensitive data isn’t sent to the wrong people via email.
Cloudera: Data management and analytics.
Cloudlock: API CASB.
CloudMask: Track and protect data throughout its lifecycle.
CloudPassage: Visibility and protection for servers in any environment.
Cobalt Labs: Trusted, crowd-sourced pentesting platform.
Code42: SaaS provider of endpoint data protection.
Corax: High-level risk metrics that enable better decision-making for your organization.
Corelight: Bro-based network monitoring.
Corero: Realtime, high-performance DDoS defense solution.
Counter Craft: Automated deception-based counterintelligence campaigns.
CounterTack: EDR technologies.
Covertix: Find, classify, and protect sensitive data as it travels.
Covisint: Identity for the Internet of Things.
CradlePoint: Software-defined, always-on connectivity based around 4G LTE.
CrossMatch: Risk-based authentication by user and context.
CrowdStrike: Endpoint protection, threat intelligence, and response.
CryptoMove: Active defense.
CryptoSense: Identify and remove crypto-based bugs in software.
Cryptzone: Software-defined network access solutions.
CSPi: Cyber-threat detection and solutions.
CTERA: Secure file services within the cloud.
Curtail Security: Identify zero-day through software-based traffic analysis.
Cybellum: Zero-day protection platform.
CyberArk: Enterprise credential and privileges control.
Cybereason: Detection and response using big data, behavioral analytics, and machine learning.
Cyberfend: Defends stolen credentials.
CyberOwl: Early warning system for high value targets including IoT.
Cyber Triage: Endpoint-based incident response software.
Cybric: Continuous security-as-a-service platform for SDL.
CYBRScore: Measure’s a user’s ability to defend a network.
CyKick Labs: Defends web applications with machine learning, big data analytics, and machine learning.
Cylance: Machine learning based endpoint protection.
Cymmetria is a cyber deception startup.
Cyphort: Integrate with security tools to discover and contain advanced threats.
CYREN: Cloud-based proxies and sandboxing.
Cytegic: Cloud-based cybersecurity management solution for risk management.
D3 Security: Incident response and case management.
Daon: Developing and deploying biometric authentication.
Dashlane: Access management.
Datablink: Advanced authentication and transaction signing.
DataLocker: Hardware and cloud-based encryption solutions.
DataSunrise: Database security.
Dedrone: Complete drone detection and countering platform.
Defence Intelligence: DNS security solutions.
DefenseStorm: Unifies detection, investigation, reporting, and compliance into one platform.
Digital Shadows: Provides a complete view of an organization’s digital footprint and its attackers.
Distil Networks: Web application bot detection and mitigation.
DomainTools: Turns threat data into threat intelligence, linking indicators to domains.
Drawbridge Networks: Microsegmentation based automatic detection and response to internal attacks.
[ …to be continued. Currently stopped in the D’s, but will continue soon. If you want to help let me know on Twitter. ]
Notes
The vendor list is very much focused on technologies, so there aren’t many solution or service companies listed.
__
I do a weekly show called Unsupervised Learning, where I collect the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.