Takeaways from RSA 2015: The stars of the show

As expected, the 2015 RSA Conference was bigger than ever – more attendees, presentations, exhibitors, etc. Since I live in the cybersecurity space, there were few surprises, but there were a few major highlights to this year’s show:

1. Visibility. As the old management adage goes, “you can’t manage what you can’t measure.” Cybersecurity professionals are taking this saying to heart with a focus on gaining better visibility of everything on the network at all times. This includes endpoint profiling (ForeScout, Great Bay Software, Promisec, Tanium), endpoint forensics (Carbon Black, Guidance Software, RSA ECAT), and network forensics (Blue Coat/Solera, Click Security, FireEye, WildPackets). In some cases, it’s all of the above with tools from IBM, Intel Security, LogRhythm, Splunk, or Symantec. Users are now telling me that they are postponing security technology purchases until they can collect, process, and analyze the right data in real-time in order to accelerate and improve their cybersecurity decisions. In my humble opinion, this is a prudent decision – especially as enterprise organizations increase their use of cloud computing, mobile devices, and IoT.
2. Data center security. The data center security buzz really concentrated on cloud/virtual data center security, and this makes sense. Virtual workloads are moving across private and public clouds and this activity is antithetical to traditional network security controls. There is a lot of innovation in this area as well. Cisco is trumpeting the marriage of ACI and network security while VMware NSX gains traction in the market with support from partners like Check Point and Palo Alto Networks. Meanwhile, startups like Illumio and vArmour pitch a software-defined approach for the whole heterogeneous cloud computing enchilada while Tufin had a similar message around network security automation and orchestration. In the meantime, Juniper flexed some hardware muscle by introducing a 2tbps version of its SRX firewall. With all of the software-defined rhetoric, hardware remains important – the winning formula here is bridging the old physical network security with the new virtual security to deliver security efficacy and operational efficiency.
3. Two-factor authentication. If the RSA Conference was the Emmy Awards, multi-factor authentication would have been quietly nominated for a best supporting actor award. Why the secondary role? Security veterans remain skeptical after an annual prediction, declaring it “the year of two-factor authentication and PKI.” Nevertheless, there is finally a reason to be optimistic. Between the Apple iPhone and FIDO specification, biometrics and two-factor authentication are moving toward commodity status. RSA jumped on this trend with the introduction of its Via identity solutions while a Nok Nok Labs panel (hosted by yours truly) pointed toward a future of identity consumerization. The IT and cybersecurity industries were caught off guard by the tidal wave of mobile device proliferation. These same groups will likely be equally blindsided when new employees want to eschew passwords and use biometrics on their smartphone to log onto corporate applications. 
4. Services, services, services. While cybersecurity products (endpoint security, ATP, etc.) grabbed the spotlight at RSA, security services are actually more successful in the market – ESG (and other analysts) believe that organizations are spending $2 on cybersecurity services for every $1 of cybersecurity products they purchase (disclosure: I am an employee at ESG). This trend was evident in many of my RSA meetings. Dell SecureWorks business is growing like a weed. FireEye incident response services have assumed the role of first responder after a breach. HP anchors its cybersecurity business with professional and managed services supplemented with infosec architectures, frameworks, products, and partners. Symantec managed services will act as a foundation for the company as it splits apart. Accuvant is also reaping services benefits along with the traditional big guys like Accenture, E&Y, and PWC. Finally, pure-play managed cybersecurity services vendors like Okta, Ping Identity, Proofpoint and Zscaler probably don’t mind playing second-fiddle at RSA since they continue to win in the market. The biggest obstacle to continued cybersecurity services success is the same across all of these players – recruiting, hiring, and training new services employees to keep up with market demand. 
5. Diversity. Finally, cybersecurity has finally come out of its geeky shell and attracted an assorted crowd of participants. DHS had its own booth at the show while the State of Maryland crowed about its cybersecurity education and public/private partnership. There was also an area of the show floor dedicated to Israeli cybersecurity innovation, ditto for Germany. 

Yes, it’s nice to see that our little industry has grown up, but let’s remember that the RSA Conference popularity is a function of just how dangerous the threat landscape has become. This reality should sober up the industry after its annual RSA party and subsequent hangover.