5 standout products from RSA 2020

The world’s largest security show, RSA, was held last week in San Francisco.  Over the week, tens of thousands of people flocked to the Moscone Center to check out the almost 800 vendors and hundreds of speakers to educate themselves on the latest and greatest in cybersecurity.

The theme of the show was “The Human Element” and that tag line could be seen on signage all over the Market Street area.  I thought it was a fitting message as most of what I saw from the vendor community was about making security technology easier to deploy and use.   

Five such examples are:

Cisco SecureX

Last year I wrote a blog post proclaiming endpoint detection and response (EDR) to be dead and replaced with XDR. My basic premise was that security technologies, such as EDR, can’t exist in isolation as they only see a small piece of the overall puzzle.  Fellow CSO blogger John Oltsik has a similar view of the world, although he calls it SOAPA. Whatever the name, the point product approach is overly complicated, has many blind spots, and leaves organizations open to breaches. Cisco’s SecureX addresses the human element by taking a platform approach to simplify operations. In my blog post, I called out endpoint, cloud, and network as the three pillars of XDR.  Cisco takes that a step further by adding in Talos threat intelligence and then uses machine learning to provide visibility and automate workflows across Cisco and third-party security tools. Security professionals understand that complexity is the enemy of security, and SecureX is intended to simplify operations.

Fortinet FortiAI

Similar to Cisco, Fortinet has taken a platform approach to security. At RSA, the company announced its FortiAI security appliance that can find and identify threats in real time. Fortinet’s differentiator is its Security Processing Unit (SPU), which is its own silicon, that brings feature consistency with better price / performance than off the shelf processors. FortiAI can be used as a standalone device to find threats but when used in conjunction with Fortinet technology such as FortiSandbox, FortiEDR and FortiSIEM, it can automate the response and perform security sweeps and can save engineers hours of time of manually intensive work.

OneLogin Vigilance AI

Multi-factor authentication (MFA) is the ultimate conundrum for businesses.  It’s an obvious “must have” technology as weak passwords remain a huge source of breaches.  I recently interviewed a well-known penetration tester and he told me he can breach 90% of the companies that hire him within an hour, typically with weak passwords.  Despite the need, users generally despise MFA because it’s complicated, requires SMS pushes or RSA tokens, and generally gets in the way.  OneLogin’s Vigilance AI Threat Engine uses a combination of user behavior, such as keyboard cadence and location information and combines that with other date to determine a “score” to make the process to make life easier for users. 

McAfee MVISION for cloud

Businesses are adopting cloud at a furious rate because it creates an unprecedented level of agility and simplifies IT.  There is a dark side to the cloud, though, and that is it opens up a wide range of new security threats. There are ways to secure the cloud but it’s difficult to do using traditional manual methods.  Humans just can’t work fast enough to keep up with the pace of change in the cloud. While I was at the McAfee booth, one of the presenters mentioned a Gartner data point that stated 99% of cloud security breaches are a result of misconfiguration.

McAfee is best known for being an endpoint security vendor and has extended those capabilities to the edge and cloud. The fact the 800-pound gorilla in EDR has increased its reach off premises fully supports my thesis that EDR is indeed dead — or at least evolving.  The technology used to power MVISION is from McAfee’s 2018 acquisition of cloud access security broker (CASB) vendor Skyhigh Networks. MVISION simplifies the process of creating policies from cloud to edge to device creating greater consistency of threat prevention.

Palo Alto Networks Cortex XSOAR

At RSA, shopaholic Palo Alto Networks announced Cortex XSOAR built on its half-a-billion dollar acquisition of Demisto.  Demisto was one of six acquisitions the company made in 2019, and XSOAR is a great example of how Palo Alto Networks is using its purchases to beef up its own security platform.  While there are many SOAR (security orchestration, automation and response) products on the market, Palo Alto brings in its threat intelligence feeds and displays it on the same console with data from the internal security system. The combination of external threat information with internal incidents enables security professionals to make faster and better response decisions.  Historically, the correlation of information was done manually or not at all. The integration of the curated threat intel and AI based analytics should give security teams greater confidence in the response decision they make.

While there was no new big thing at RSA this year, one could argue the big thing is enabling customers to finally get more value out of the security dollar already spent. Security vendors are waking up and realizing having the fastest or most technically advanced widget doesn’t matter if it can’t be deployed or it gets in the way.