The annual RSA Conference in San Francisco is always a great opportunity to reflect upon past and current trends and evolutionary developments that continue to shape the ever-shifting cybersecurity landscape. And for those like me who've attended faithfully for 10 years or more, it can seem a bit like a high-tech carnival mixed with a high school reunion. The attendee is presented with endless flashy booths promising the chance to win a prize for listening to the latest product pitch, punctuated by random encounters with old and new friends and associates.
And it works for most, who come away invigorated with new ideas and renewed faith in our noble mission to secure the digital world—following a day (or two) of much needed recovery, of course.
I prefaced the show by attending the Cloud Security Alliance Summit on Monday. A not-for-profit dedicated to promoting cloud computing security best practices, the CSA provides this valuable forum for industry members to share real-world experiences from the field and for select vendors to present compelling security solutions.
This year, Phil Venables, Board Director and Senior Risk and Cybersecurity Advisor at Goldman Sachs Bank, set the stage by showing how the ongoing digitization of businesses and information makes cybersecurity a first-class business concern with immense strategic importance. He emphasised the urgency of embedding security directly into enterprise applications and infrastructure while integrating risk management across all business processes.
ExtraHop's own Chief Customer Officer and co-founder, Raja Mukerji, provided attendees with an overview of network detection and response (NDR) technologies and how they can help with security. He also introduced Alex Stamos of the Stanford Internet Observatory, who provided a brief critique of Silicon Valley's failure to foresee and guard against recent security breaches, and also detailed the massive opportunity ahead for technology and security vendors to work collectively with Washington, D.C., to build a durable competitive advantage for US technology companies. RSA President Rohit Ghai later provided his own perspective on those sentiments in his RSA keynote when he criticized industry for failing to hold IT and software makers accountable for cyber hygiene and vulnerabilities.
Security Trends on the RSA Show Floor
While cruising the North, South, and Early Stage Expo floors to get a feel for what some of the nearly 670 security vendors were offering this year, I noticed several trends that seemed to be in vogue.
Cloud Security: Secure Access Service Edge (SASE) Solutions
Cloud security was everywhere, as you might expect, with some vendors now claiming to offer a Secure Access Service Edge (SASE) solution. SASE has been proposed as a new security category, focused on providing users with globally available secure connectivity to enterprise resources and applications from any device. This is done by providing a global network of POPs, or points-of-presence, fortified by comprehensive security features delivered locally from the service edge.
The benefit is consolidation of network and security resources along with the promised elimination of related technologies such as VPNs and MPLS. Not surprisingly, it's fairly easy to find a SASE solution, so long as you're willing to accept a particular vendor's interpretation of the definition.
Another trend is container security. Containers, or OS-level virtualization, have gained serious traction with developers as an easy, flexible, and scalable way to produce and deploy enterprise applications either on-premises or in the cloud. Containers bring their own list of unique security challenges and the security industry has responded with a flurry of startups and promises. Several security vendors have emerged as leaders in the field and recent high profile acquisitions have cemented the importance and longevity of the trend.
NDR: Stronger Security With No Performance Impacts
Lastly, NDR has recently emerged from the more staid network performance management field, showing how real-time wire and packet data, when combined with machine learning, can be used to rapidly sniff out and alert on threats or unusual activity. NDR can also provide a detailed trail of breadcrumbs to follow post-attack to discover and close related security gaps or conduct forensic analysis.
What makes this technology compelling is that it does not interfere with network performance or operations, and when combined with SIEM and EDR technologies, NDR completes the SOC Visibility Triad to form a comprehensive enterprise security solution.
Hope to see you at the next RSA Conference!