What’s Old Is New Again In Information Security

For many years, the RSA Conference was all about the new new thing. New threats, new compliance mandates, new technologies, etc. At the same time, the industry intelligentsia dismissed staple security technologies like endpoint security and firewalls as boring commodities. Judging by the buzz at RSA 2013, what’s old is new again. Firewall and anti-malware chatter was pervasive throughout the Moscone Center for a number of reasons:1. The old stuff ain’t enough. Network firewalls are essential but no longer adequate alone. In today’s threat landscape and complex internal/external IT architecture, you really do need “contextual awareness” (note: yet another ambiguous industry term) so you can enforce security policies based upon a number of inputs like user, application, device type, etc. As for endpoint security, standard antivirus software also need a booster shot to better detect and block targeted attacks and advanced malware. Lots of enterprises are also looking for some cursory endpoint forensic data collection as well.2. Success breeds new investment. Kudos to Palo Alto Networks for uncovering a new firewall requirement, delivering an innovative solution, and executing in the field. Similar accolades for Fire Eye, a company running 120 MPH in the Advanced Malware Detection/Prevention (AMD/P) space. Given this success, venture capital money flowed back into the cybersecurity world as VCs funded new startups to jump into the market. Think Bromium, Damballa, Invincea, Malwarebytes, Stonesoft, etc. 3. Market share leaders were forced to play defense and react. I estimate that about .60 to .70 cents of every security dollar is spent on either endpoint or network security. These are multi-billion dollar markets where incumbent players have grown phat and a bit complacent. All of a sudden Palo Alto and FireEye success disrupted their comfy oligopoly forcing market leaders to react quickly. On the firewall side, Barracuda, Check Point, Cisco, Dell (SonicWall), Fortinet, Juniper, and Sourcefire now offer their own “next-generation firewall.” Endpoint security vendors remain behind so I expect to see a wave of integrated solutions, new product announcements and M&A activity soon.While vendors scramble to establish positions or defend customer bases, users benefit from a much-needed wave of information security innovation and architectural integration. For example, McAfee introduced “sandboxing” technology to compete with FireEye but also integrated its AMD/P functionality with existing web security, email security, and endpoint security. On the networking side, Check Point, Fortinet, Juniper, and Sourcefire discussed device/software and cloud intelligence integration for next-generation network security. As for pioneers FireEye and Palo Alto, they face stiffer competition but neither is standing still. Both companies are leveraging their momentum to establish partnerships while engineering teams dig into security research and new security controls across the network.In my humble opinion, there is a lesson to be learned here. Unlike other areas of IT, cybersecurity is not about speeds-and-feeds alone. New threats and user requirements will always open doors for innovators to improve upon the status quo and reignite a “commodity” market. Clearly FireEye and Palo Alto’s impact is having this effect as evidenced at the RSA Conference.