Since it was established in the 1990s, the RSA Conference has been one of the key events in the security world, and the 2017 event was once again a massive event. Early reports are stating that more than 43,000 attendees spent the week at San Francisco’s Moscone Center last week to discuss security, cyber threats, and related solutions. As we explored the exhibit hall floor and attended conference events, a few trends became very clear:
- Visibility is key: Vendors continue to find better ways to provide insight into the activity of attackers. Solutions go far beyond simple network monitoring, but rather attempt to provide insight into high-level dynamic network topology, user authentication trends, web-service interaction, and so much more. As security solutions get better at alerting analysts to malicious activity, the challenge becomes to corroborate and flesh out the story of the event that caused the alert using an unprecedented variety of tools at their disposal. However, this comes with an increased need for more ways to tap into that information flow, whether that be client agents, network devices, or cloud services integrated into SAAS solutions. Vendors are eager to provide those.
- Machine learning: Whether people call it machine learning, user behavior analysis, or simply analytics, solution providers are betting on automated learning and analysis to identify and prevent threats in customer environments. Vendors seem especially focused on authentication, networking, and log analysis to identify actors attempting to breach or navigate corporate environments. An interesting variant was highlighted by classic EDR vendors. They are leveraging their insight into processes to identify malware and are now at a point that anti-virus programs might just be ready to be replaced by something more powerful. Customers seem excited about the concept of taking all the data visibility provided by vendors and having something help them find that “needle in a haystack.”
- Comprehensive security suites: The security product landscape is vast, but many larger and some medium-sized players are focusing on producing one-stop solutions to appeal to customers interested in a more streamlined experience. While this goes against the “best-of-breed” approach long favored by many, some companies have found that avenue comes with high overhead. Given the difficulty of finding experts in various tools, some companies have found it better to utilize a security suite from a vendor with simpler management and consistent usability. It will be interesting to see how this tradeoff of simplicity over security works for enterprises.
These trends and others make it an exciting time to be building security solutions. As Code42 delivers greater capabilities to help enterprises understand the risks associated with user data, it will be instructive to look back a year from now at RSA Conference 2018 and see how these trends have developed over time. Code42 allows for greater visibility to enterprise data risks such as insider threat in conjunction with our ability to help customers recover from data-loss incidents. We expect the importance of these capabilities to complement each other, and the overall industry trends strongly over the next year, but only time will tell!
Forrester’s Mitigating Insider Threats: The Security Playbook