10 Top Cybersecurity Trends To Watch For At RSA Conference 2019
As RSA Conference 2019 kicks off, CRN sat down with executives from eight prominent cybersecurity vendors to see what trends they expect to be front and center at this year's event.
What To Watch For At RSA Conference 2019
Over the past 27 years, the RSA Conference has become the world's leading form for enterprise and technical information security professionals, with more than 42,000 people gathering to discuss the latest innovations in cybersecurity data, innovation and thought leadership.
More than 600 companies pack two floors at San Francisco's Moscone Center to show off their latest products, while more than 550 educational sessions cover topics ranging from blockchain and cloud security to machine learning and infrastructure and operations.
As we head into RSA Conference 2019 this week, CRN sat down with executives from eight prominent cybersecurity vendors exhibiting at the show to see what they expect to be the major areas of focus at this year's event.
From cloud migration and security orchestration to data protection and threats against the supply chain, here's what some of the top security minds are watching for at this year's show.
Supply Chain In Crosshairs Of Nation-States
Virtually all of the recent high-profile disruptions to the supply chain can be traced back to nation-states rather than hacking groups operating completely on their own, according to BitSight President and CEO Tom Turner.
Supply chain risk management was historically the domain of the financial services industry, who typically had established practices in the area, he said. But activity nowadays is more and more about targeting a nation rather than targeting a vertical, Turner said, and companies are realizing that their supply chain or vendor network is often the easiest entry point for a hacker regardless of industry focus.
A sovereign ratings platform allows government officials and national security agencies to better monitor crticial infrastructure for risk exposure, Turner said. The nation-state embrace of supply chain attacks means that countries need to be more focused on protecting their power suppliers, civil capabilities, and important businesses, according to Turner.
Adversaries Follow The Money With Highly-Targeted Attacks
Adversaries have over the past year morphed from conducting high-volume attacks against consumers and businesses of all sizes to carrying out more hands-on, sophisticated attacks, said Sophos Chief Product Officer Dan Schiappa. Schiappa said a threat actor could get into a local hospital via remote desktop protocol, do a recon of the environment, bounce laterally, and then ransom information.
Defenses have caught up and made volume-based attacks less voluminous, but Schiappa said it's still pretty easy to find high-value targets with weak entry points and then disable backups so that the victims can't restore from backup. And by combining the monetization of ransomware with APT-type skillsets, adversaries have created something that can be licensed to others that wish to inflict damage.
"It's clear they [adversaries] are doing tremendous amounts of research in terms of how ransomware attacks are blocked, and they're building that knowledge into their payloads," Schiappa said.
SOAR No Longer Stands On Its Own
Businesses are thrilled by the idea of SOAR (security orchestration, automation and response), which allows them to address all of the alerts they're receiving without manual action, according to Stu Solomon, chief strategy and development officer at Recorded Future.
As customers increasing expect the alerts generated by a vendor's product to the actionable, Solomon said suppliers have either gone the route of Splunk and Palo Alto Networks and acquired leading standalone SOAR providers or organically developed SOAR-type capabilities on their own embedded it into their own tools like Symantec or Exabeam.
SOAR providers are increasingly showing that they don't operate in isolation, and can attach and be part of a broader ecosystem, Solomon said. And from a pricing perspective, Solomon said SOAR providers are evolving beyond an expense model that makes sense for a large enterprise to make their capabilities more accessible.
Companies Want To Get More From Existing Security Tools
For nearly the past decade, the approach emphasized at RSA has been all about adopting best-of-breed products, according to Phil Quade, Fortinet's Chief Information Security Officer. But that strategy has bitten the industry in the behind, Quade said, and businesses now want to be able to integrate products so that they work better together as a team.
Enterprises are no longer buying huge volumes of security products, Quade said, and have instead invested their time and energy into ensuring the core products in their ecosystem work really well together. Products must be designed from the beginning to integrate and work together well, Quade said, and orchestration cannot just be attached later on as an afterthought.
Cloud Migration Presents Visibility Challenges
As workloads migrate to the cloud, so too must security, which can be easily added each time a user adds a workload, according to Caleb Barlow, IBM Security's vice president of threat intelligence. But cloud doesn't offer the same visibility as a traditional on-premise environment, Barlow said, lacking both a perimeter as well as access to the same fidelity of network data as in a traditional infrastructure.
As recently as a half-decade ago, Barlow said security was expected to be the last thing to move to the cloud, but that has changed as cloud workloads have become more and more accepted. As a result, Barlow said vendors have been focused on moving existing security offerings to the cloud as well as building cloud-native security offerings.
Since cloud security tools often aren't sitting in a traditional network, Barlow said visibility for organizations typically becomes restricted to applications and the endpoint. Companies are additionally dependent on the cloud vendor to provide hooks for ancillary security tools, according to Barlow.
CASB And Data Protection Providers Team Up
CASBs (cloud access security brokers) and data protection vendors are partnering through standard APIs to deliver best-of-breed identity protection and fraud detection, according to Mo Rosen, president and CEO of Digital Guardian.
Customers want to extend the end-to-end protection and governance they have across traditional endpoint, hybrid cloud and the public cloud to include data as well, Rosen said. Organizations already have large existing investments in CASB, DLP (data loss prevention) and next-generation endpoint protection tools, Rosen said, and they expect the products to play well with one another.
Platform vendors trying to check the box around every single technology include data security don't provide as high a level of protection as best-of-breed suppliers, Rosen said.
Companies Want To Figure Out Which Automation, ML Tools Live Up To Hype
Humans have become overwhelmed attempting to manually respond to attacks, which has resulted in massive attention being given to automation and machine learning tools, according to Ken Xie, Fortinet's founder, chairman and CEO. Automation and machine learning could work well in certain verticals and for certain applications, but Xie said the environment is very dynamic and changing.
Once threat actors figure out how the machines react, Xie said they will likely change their tactics in response, meaning that organizations must maintain a combination of human and machine involvement. And as more and more good actors adopting artificial intelligence and machine learning, Xie said bad actors will follow in their footsteps.
Businesses looking to adopt more automation and machine learning need to move beyond the marketing message and see how the tools actually perform in tests and evaluations, Xie said. Customers aren't typically able to do this type of testing themselves, Xie said, so the industry needs to have third-party agencies that can help with testing the efficacy of these tools.
Speed Of Automation Can Leave Security Teams Spinning
In an automated, code-based world, new objects and systems can be created as quickly as a new line of code is entered into the system, according to Scott Whitehouse, CyberArk's vice president of channels and alliances. But the increased speed enabled by automation makes it difficult for security teams to wrap their arms around everything out there, Whitehouse said.
It takes a lot of security technology, knowledge and build processes to capture scaling out as it occurs, Whitehouse said. Otherwise, Whitehouse said it becomes very difficult for security teams to discover everything out there.
As new technologies are deployed and deployed, there must be a security presence on the development side of the operation, which Whitehouse said is too often lacking today. If the infusion of security into the build lifecycle is make easier, Whitehouse said the developers are less likely to rail against what the security experts want them to do.
Vendors Gradually Stop Seeing Technology Partners As Competitive Threat
Technology vendors are looking to band more closely together to shrink the time gap between detection and full-blown response, better serve the mission of customers, and make their technologies more useful, according to Dino DiMarino, Mimecast's senior vice president of North American sales and channels.
Some of the barriers to tighter integration are technical, DiMarino said, since on-premise platforms are based on physical or virtual machine stacks and are challenged in how rapidly they can preset information. People tend to trust the cloud more as it relates to processing valuable information, according to DiMarino.
Security vendors also struggle with competing priorities, DiMarino said, particularly if they're looking to expand their product set into new technology areas. Although suppliers are reluctant to invest in technology partners today who could be competitors tomorrow, DiMarino said partnerships are key to boosting value and providing customers with choice and flexibility.
Industry Hampered By Lack Of Education, Experts
Although many in the security industry see education of the end user as a lost cause, it's the most effective way to prevent users from clicking on suspect hyperlinks that could contain malware, according to Greg Cobb, Digital Guardian's vice president of worldwide channel sales.
And even with the increase in automation, Cobb said MSPs will continue to be challenge by the lack of qualified security professionals in the industry. Businesses continue to rely on security experts for things like threat intelligence, threat hunting and real-time response, as well as for management of the security component of their infrastructure.