The RSA Conference is the largest security industry convention in the world. Throughout all the years that I've been attending, the show has always been a learning experience. This year, ExtraHop had a booth there for the first time. It was busy!
I was very happy to get to speak with a few customers and learn how people are using wire data to gain visibility into their networks.
How Well Are You Using Wire Data?
Coming away from the show, I'm more convinced than ever that applying big data analytics to wire data is the best way to increase your security acumen. Mature IT shops treat their wire data as a source of truth and a source of intelligence.
Of course, IT teams already have a lot of information. Some of it is useful and some of it is not. Sorting through it is the hard problem. This is where ExtraHop really shines—giving you a uniquely navigable view of your network and letting you drill down to the problem as quickly as possible. At RSA we announced Addy, a new cloud-based anomaly detection service that takes it one step further by automatically alerting you to anomalous behavior on the network.
Machine Learning: Theme for RSA 2017
If there was a theme for RSA 2017, I'd say it would be machine learning applied to security. There were an incredible number of exhibitors showing off their machine learning capabilities on the floor of RSA this year.
Is machine learning a fad? What I've seen over the years is an ebb and flow of consolidation across the security market as new techniques are developed, then get folded into existing products. I've seen that happen with many varieties of services and technologies. It is likely that 2018 and 2019 will still see a lot of machine learning applied to security, but a lot of the smaller machine learning companies will no longer be standalone.
The other thing to remember about machine learning is the old adage: Garbage In, Garbage Out. If you have a less-than-ideal source of data, then you will get poor results. This is why machine learning against wire data will be more powerful than machine learning against logs.
The Value of a Workflow that Fits
The last thing I took away from this year's RSA was the value of a workflow that fits into how the security team, the network team, the devops team, and the executive team actually operate.
Walking into an IT shop or a security team and saying, "What you need is more data," is probably offensive and unlikely to go over very well. Walking into an IT shop or a security team and saying, "I've got a tool that integrates into your workflow and will help you with identification and mitigation of threats," is a much better message. You can't just add more things to do. Instead, you have to help people do their existing tasks better and more efficiently.
To get a feel of what ExtraHop's story was at RSA this year, check out the interview with my colleague John Smith below.