RSA Conference 2014 — The Year of ???
Once again, I made the pilgrimage to San Francisco for the RSA Conference (Feb 24-28). In many ways, the 2014 edition was the same as others in recent years: a bit of a spectacle at times (ForeScout had a boxing ring with a staged fight against some type of cyberthreat), tons of tchotchke on the Expo floor, a great opportunity to network with colleagues and peers, and – if you weren’t careful – a chance to learn a thing or two about the forces shaping our industry, how others are defending their computing environments, and the latest/greatest countermeasures available in the market.
That said, I also found this year’s conference different in two major ways. To begin with, this is the first time I’ve ever seen the North Hall also being used to house the Expo. That’s right; vendor booth’s galore – with some featuring more floor space than many of my past dwellings, and the North Hall Expo larger, by itself, than the show flow at any other security conference I can recall. All hail a healthy info sec industry!
The second difference that struck me was the lack of a clearly dominant theme or technology. Last year, big data and security analytics were all the rage. In previous years, advanced malware, mobile security, security information and event management, and (way back when) even PKI have bubbled to the surface as leading topics. This year, however, nothing seemed to stand above the fray – not even Snowden and the insider threat problem – though there were definitely some folks capitalizing on that storyline.
With no one solution standing out above the others, here are some other observations worth mentioning:
- Identity, identity, and more identity. There must have been at least two-dozen different strong authentication solutions on display. Add this to the several dozen privileged identity management, provisioning, and cloud identity offerings on hand and “identity,” in its various forms, was easily the most prevalent technology on the show floor.
- Crypto comeback? Maybe it’s just me, but there also seemed to be an unusually high number of crypto-focused vendors in attendance. I guess with that cloud thingy taking off, there’s a whole new opportunity for key management, DRM, and the like.
- Advanced threat X. There was also no shortage of solutions focusing on advanced malware and targeted attacks. An interesting twist, however, was a fair number of folks basically admitting that prevention is imperfect and instead looking to deliver solutions capable of quickly identifying the scope of a breach and then helping to remediate it.
- Endpoint resurgence? In addition to endpoints being singled out as an important source of threat/attack intelligence, I noticed several vendors intent on disrupting the traditional AV market with innovative endpoint-based threat detection and prevention technology.
For more information on any of these observations – or for help making sure your security solution is able to “rise above the fray” – give us a call.