Last week’s RSA Conference in San Francisco was one of the busiest ever, drawing tens of thousands of information security professionals, law enforcement and academics from around the world. RSA is always a great barometer of how the cybersecurity market is evolving at a global level, and this year was no exception. Back at base in Barcelona, the Blueliv team has been taking stock of some of the themes that stood out for us from this year’s conference.
Movement towards a risk-based approach
“There was a lot of talk of risk and actionable TI this year,” observed Trevor Crompton, WW VP Sales. In fact, we’ve been observing this wave growing in importance as security teams in more sectors realize the value of accessing highly actionable, relevant information. “It was interesting that many of the traditional perimeter-based technologies were trying reframe to a risk-based approach – it was almost an acknowledgement that their defenses were flawed,” continued Trevor. Indeed, when it comes to cyberattacks, it is not a matter of if you get breached, but when. An acknowledgement that a certain number of breaches is inevitable means that organizations prioritize around digital risk rather than continuously adding more defenses.
This reframing means that CISOs and other budget-holders are able to rationalize their security spend based on digital risk – why purchase a one-size-fits-all solution when you can buy only what you need? We discuss this topic in our Buyer’s Guide to Threat Intelligence, available to download here. We also noted plenty of new innovations that quantify risk on a continual basis. This in turn helps executives make better business decisions based on relevant, dynamic threat intelligence, rather than static data.
Certain trends ebb and flow in importance each year, from the latest research into targeted threats, to new disruptive technologies helping organizations protect themselves. For the first time in a few years we felt that a single, unified, overarching theme didn’t emerge – but certain topics like Zero Trust, IoT security, skepticism around AI, and third-party vendor risk were frequently mentioned. There was also a considerable amount of buzz around Chronicle and Microsoft’s SIEM in Azure, both of which appear to be collaborating with vendors already.
Despite this ebb and flow, threat intelligence as a trending topic has more or less been a constant in recent years. TI appears to have become pretty much mandatory for larger companies holding sensitive data, according to one of our engineers. But it is clear that threat intelligence is still a relatively nascent market, and there is still a lot of noise and confusion – even between Threat Intel 1.0 and 2.0 – noted our COO Gerard Cervelló.
Liv Rowley, threat intelligence analyst, agreed: “We had people approaching the booth who had heard of threat intel but didn’t know what solutions were right for them.” This educational piece will likely be a key theme over the next few years at RSA. More on definitions and threat intel for various industries in our dedicated blog section here.
Cybersecurity strengthened by collaboration
In comparison to previous years, many more vendors were legitimately looking for ways to collaborate – both with researchers and with each other. Building solutions around new collaborative models has long been a concern of Daniel Solís, CEO and founder, and last year we highlighted a vanguard of professionals taking this approach. We were pleasantly surprised that this year at RSA, vendors were visiting other booths for constructive conversations around collaboration, rather than on the hunt for a giveaways.
Trevor commented that an event like RSA gathers so many different overlapping propositions together in one place – you find a unique view of the marketplace with different vendors jostling for position (literally at the fairground). The consolidation of the market in this way reinforces the view that 2019 will be a year of mergers and acquisitions as more companies recognize the value of professional collaboration.
This is becoming a commonly held view among analysts we spoke to, and we are likely to see even greater consolidation before next year’s RSA. This is great news for resellers and distributors in the channel. More and more partnerships are being created, to the benefit of the end-customers too, who can access integrations and platforms to meet a diverse section of cybersecurity needs.
Our friends at CSO note that there were a lot of services-for-hire to meet increasing demand in a perpetually evolving marketplace. While the technology itself is crucial, the humans behind the product are just as important and are likely to become even more so. The implication here is that collaboration at the human level must also be a priority. Blueliv hosts the Threat Exchange Network – a community of security and law enforcement professionals, academics and others concerned with the fight against cybercrime – exactly for this reason. A hivemind of professionals is infinitely better than siloing ourselves, and you can join for free today.