RSA 2016 – the roundup

Go to enough conferences and it’s easy to become jaded. When you visit the same booths, listen to the same talks, and interact with the same people, it feels like Groundhog Day. I get less excited about conferences than I used to.

The security industry has always been about the long game. Changes are often incremental, and much like boiling a frog, can be easily missed.

Sure, one could harp on about how RSA isn’t a serious conference. The actors keynote was a embarrassing sideshow to what should be a serious industry event. At times, the show floor resembled a carnival. But when you filter these distractions out, you’ll find there are important conversations taking place, and lessons to be learned. Read on to find out what I took away from RSA 2016.

No New Buzzwords

Each RSA conference tends to introduce a new buzzword, like APT, Threat Intelligence, or Big Data Security Analytics. But mercifully, there were no such mega-trends this year.

I see this as a good thing. People are realizing that introducing new buzzwords at the rate of conferences solves nothing. Sometimes, we just need to focus on fixing the basics.

A Positive Shift In The Talks

A few years ago, most talks complained about how researchers and security engineers didn’t have enough resources, or weren’t visible in to the higher levels of corporate management.

But a lot has changed in recent years. Many chief security officers now have a seat at the board, or at least can influence it. Consequently, much of the discussion has shifted away from how to get on the board, to what needs to be done now that they are there.

All About The Collaboration

A few years ago, most vendors were focused on how they could displace their competitors. This often resulted in them bad-mouthing the competition, which created a tense, uncomfortable atmosphere.

Things have changed. There’s now a willingness to collaborate within the security ecosystem. As a result, we’ve seen smaller niche vendors emerge whose sole purpose is to exist in a symbiotic relationship with other vendors. I often refer to the “SIEM Plus” market, where many products are designed to enhance the capabilities of an existing SIEM, rather than supplant it. These include vendors that can do additional analytics (e.g. user behaviour) or improve workflow (orchestration).

More Consultancies

I noticed there were more consultancies exhibiting at RSA this year than I recall from previous events.

This is another positive trend, as it shows users understand that having the right product isn’t enough. Partnering with the right consultancy firms can provide the right mix of technical expertise, product selection and management, to the tools they’ve paid good money for.

People Understand the Cloud (Finally)

This year I felt like people finally started to ‘get’ what the cloud is, and the unique security challenges it poses. I didn’t once hear of anyone refer to the cloud as a throwback to the mainframe days of centralized computing, which was refreshing.

A Market For Investors and Buyers

Someone once told me that RSA isn’t the place where vendors go to sell to the public. It’s where they go to sell themselves to other larger vendors, or to flaunt their wares in front of investors.

There has been a downturn in the investor market where it comes to security. It’s not surprising. The rate at which investment was pouring into cyber security was unsustainable in the long run. That doesn’t mean security isn’t a growing industry to invest in.

Take the threat detection niche, for example. Here we’ve seen two dominant factions emerge. On one hand you have threat intelligence – which seeks to detect threats using prior knowledge of threats (the actors, their motives, etc). On the other hand, there are vendors looking to detect and stop threats based on zero prior knowledge. Examples of this include honeypots for deception, and isolation techniques.

This resembles the Betamax vs VHS wars of the late 70’s and early 80’s – it provides ample opportunity for investors to hedge their bets by having interest in both camps.

From the perspective of vendors on the acquisition path, the slowdown in investment can potentially mean that a lot of startups (some with great technology) will lose some steam and valuation. This makes it the perfect opportunity to acquire new assets at bargain-basement prices.

Wrapping Up

It’s easy to get distracted by the circus of RSA. It’s a shame that many of the interesting conversations that took place have been shadowed by the theatrics of this year’s event.

RSA, I feel, is the barometer for the security industry. It highlights the mood of investors and CSOs, and it shows the direction in which vendors are moving. If I had to sum up this year’s mood, it’s one of optimism and collaboration, which is more than welcome.