RSA’s 2016 Cyber Security Conf: “Tech, Tech, Tech, Analytics & Tech”

The 2016 edition of the annual RSA Conference didn’t disappoint, but it did leave more than a few unanswered questions about the future of digital trust and cyber security.

As cyber security conferences go, the 2016 RSA Conference sits atop the heap, with both aggressive attendance and enough bling to signify an industry on the rise. It had all the hallmarks of success, from some solid technical demonstrations to the hors d’oeuvres, wine, and beer served on the show-floor in the afternoon. Here are a few observations, culled from both our on and off-the-floor conversations with the vendors, providers, and attendees.

The Rise of Analytics

Cyber security has long been a technological battle between enterprises and threat actors, and this year’s conference could easily be described as “tech, tech, and more tech”. One interesting theme that emerged was that of analytics – in particular the leveraging of analytics to drive programmed responses, both reactive and proactive, in the face of actual or threatened attacks. This is a significant step in the growing maturity of the cyber security market and is being fueled by a wealth of incoming threat intelligence data from both internal and external sources.

Why are analytics and orchestrated (pre-set, potentially automated) responses so important? The number of daily attacks on enterprise systems continues to increase as threat actors employ technology that equals or surpasses that of many enterprises. Keeping pace, let alone responding, requires significantly more resources and planning than it did even a few years prior. Recent developments in both intelligence/data gathering and analytics are allowing enterprises to shift focus from identifying threat signatures to identifying behavioral patterns of attack and then executing a pre-set (automated) incident response.

Two show-related announcements highlighting the value of this approach include the naming of Phantom, an emerging analytics and orchestration vendor, as the show’s most innovative startup, and the announcement that IBM is acquiring Resilient Systems, with an eye towards leveraging Resilient’s Incident Response platform to turn threat data gathered by IBM’s QRadar Security Intelligence platform into actionable insights.

The As-a-Service Economy Emerges

Holistic Security is one of the 8 Ideals of the As-a-Service Economy identified by HfS as critical to the transformation of enterprises from legacy business models to emerging digital and as-a-service models. Included in Holistic Security is a rethinking of what it means to be a secure and trusted enterprise, recognizing that perimeters are no longer fixed and security must be baked into all aspects of the enterprise. We observed solid support for this concept throughout the conference. Additionally, there are three other Ideals that are quickly making their way into the fabric of cyber security:

• Intelligent Automation (as seen in cyber incident response tools),
• Accessible and Actionable Data (driving much of the development in cyber analytics), and
• Plug-and-Play Digital Services (shifting the “buy and depreciate” cyber security model to the more flexible “leveraging cyber security services” approach).

While each of these areas are still in the emerging phase, witnessing their emergence in a tech-dominated industry indicates that the market is moving forward in the As-a-Service direction.

Five Interesting Gaps

Despite the significant technical displays put forth at RSA, we observed five gaps that bring into question the overall maturity of the cyber security market while opening up some interesting opportunities for both technology/service providers and enterprise CISO’s looking ahead:

• Physical – Digital Gap: the lack of integration between digital cyber security and physical security controls (access, biometric, geo-location, etc.) highlights a significant shortcoming in combating aggressive threat models that often leverage physical elements to breach digital systems.
• Technology – Process Gap: while technical innovation is relatively high, process innovation (e.g., rethinking business process to achieve more efficient and trusted operations through cyber security) is still relatively static.
• Technology – Services Gap: missing from many (emerging) vendors was a coherent strategy for how new waves of tech innovation (even when offered as a “service”) would be integrated into enterprise-wide cyber security services.
• Cloud – Cloud – Cloud Gap: there is a solid perception gap amongst enterprise users when it comes to understanding the boundaries of secure clouds, security services that leverage the cloud, and the securing of user data within the cloud.
• Emerging – Established Gap: the overlap amongst cyber security players at the low-end is as significant as the foothold established security providers have at the high-end, resulting in many emerging players aggressively looking to identify “partner” opportunities while established players are quickly evaluating which emerging players could be leveraged to quickly expand enterprise offerings (think “market consolidation”).

Setting Expectations for 2016

There are several trends HfS expects to see play out in the coming year. Now that technology vendors have begun to shift the cyber security battle from protecting to countering, analytics and automation will increasingly play a part in overall cyber security, as will cognitive over time. Most importantly, however, while we expect continued investment in this sector, we also expect a bit of a shakeout (among the smaller players, even while new players emerge) as enterprise security providers begin to aggressively expand in-house capabilities and partner networks.