Hot Topics at the RSA Conference

It’s the calm before the storm and I’m not talking about the unusual winter weather.  Just a few days before the 2014 RSA Security Conference at the Moscone Center in San Francisco.

In spite of this year’s controversy over the relationship between the NSA and RSA Security (the company), I expect a tremendous turnout that will likely shatter the attendance records of last year.  Cybersecurity issues are just too big to ignore so there will likely be a fair number of first-time attendees. 

So which areas will be hottest at this year’s event?  Well, RSA is really a cybersecurity vendor event so discussions will center on a handful of technology categories.  Additionally, much of the buzz will be similar to last year.  Here’s what I’m expecting to hear about throughout the week in San Francisco (in no particular order):

1. Advanced malware prevention and detection.  Bromium was the Hollywood startup last year, and everyone was anticipating the FireEye IPO.  If anything, FireEye’s success and recent acquisition of Mandiant will only fuel this fire.  Cylance’s math-based malware detection/prevention will likely get lots of attention as will Bit9’s recent acquisition of Carbon Black.  I also foresee a fair amount of “antivirus is dead” hyperbole (which I don’t buy into), as well as advanced malware detection/protection innovation from the old guard (Kaspersky Lab, McAfee, Symantec, Trend Micro, etc.) and assorted newbies (Lumension, Malwarebytes, Triumfant, etc.).

2. Mobile computing security.  This theme may be a tad muted since RSA falls at the same time as Mobile World Conference in Barcelona.  Nevertheless, mobile computing security remains extremely relevant.  According to ESG research, 62% of security professionals working at enterprise organizations (i.e. more than 1,000 employees) say that mobile computing has made security management and operations “much more difficult” or “somewhat more difficult.”  This is likely due to issues around mobile computing scale, the presence of consumer devices, and managing/securing cloud services like games and on-line file synch/sharing.  I look forward to meeting mobile management and security vendors like Good Technology and MobileIron, but it will also be interesting how everyone else weaves mobile computing into their value proposition.

3. Security analytics.  Last year, “big data security analytics” was part of the show floor lexicon but few vendors other than IBM, LogRhythm, RSA, and Splunk had much to talk about.  I anticipate a “coming out” party at this year’s event as a plethora of real vendors most security professionals have never heard of like 21CT, Click Security, Cybereason, Hexis Cyber Solutions, Leidos, Narus, and ISC8 have real products to demonstrate.  Security professionals interested in this burgeoning area should cast a wide net at RSA and take advantage of all of this cybersecurity mathematics, machine learning, and statistical brain power in one place.

4. Next-generation network security.  Everyone was gaga over Palo Alto Networks in 2012 and FireEye in 2013.  The question now is how these technologies become the foundation of an integrated end-to-end network security architecture that spans physical, virtual, and cloud-based networks with firewall, IDS/IPS, segmentation, and content security services.  Okay, this may be a bit heady for an event more akin to products and cocktail parties, but if you listen closely, you are bound to hear Check Point, Cisco, Fortinet, McAfee, IBM, and Juniper crafting a similar story.  This is especially true because of developments like VMware’s NSX, Cisco ACI, and Software-defined networking in general. 

5. Cloud security.  This was probably the marquis topic at RSA 2011 and it hasn’t lost steam.  I look forward to hearing what Amazon and the CSA has to say and yacking with a few intriguing startups like CloudPassage, HyTrust, and SkyHigh Networks. 

Okay, so this is my list of “hot topics” for RSA 2014.  I’ll blog “cold topics” tomorrow.  As a preview, these “cold topics” are the cybersecurity issues that should get more attention at RSA, but probably won’t.