26 Apr Top 3 Surprises from RSA 2018
By Tom Young, Executive Vice President of Worldwide Sales
Like most of the Security world, we’re fighting off the post-RSA backlog, with a renewed enthusiasm for protecting the world’s information as well as the continuing growth of our platform. To say RSA has outgrown itself to become so much more than a conference is an understatement. How many meetings and activities took place outside of RSA this year? And while RSA held true to expectations for many, 3 unexpected themes caught us by surprise.
“SOAR is the hottest acronym at RSA this year.” While every firm believes their niche is the most important, this was an actual quote from a firm we met with at the AGC RSA Conference. Security Orchestration, Automation & Response (SOAR), as Gartner has dubbed it, is a top priority for almost every enterprise. But the reason behind this priority is the actual surprise. The cyber security product and services industry has come to realize the primary pain we’ve created for customers over the last 20 years and is finally taking steps to self-heal itself. It’s not enough for security vendors to alarm on bad stuff anymore, we need to help customers respond appropriately to those alarms according to their level of risk. Customers need to coordinate their response across a myriad of interoperable tools. Just ask any solution provider about their roadmap and chances are they’re beefing up their API framework and certifying partners. Just look at the “platform” players, like Splunk’s AR, McAfee DXL, Symantec’s ICDX, CrowdStrike’s API enhancements and the list goes on and you’ll see the push for more integrations. Security vendors are finally enabling customers to achieve these outcomes collectively across a unique mix of tools from different vendors.
2. Disrupting the Disrupters
“Only the Paranoid Survive.” Few of today’s young cyber whiz kids may have read this landmark book by former Intel CEO, Andy Grove, though they’d do well to heed a few of the book’s pearls of wisdom. Cannibalizing your cash cow before someone else does, seems to be particularly valuable advice in today’s times. For example, firms like Splunk, who’ve already disrupted multiple markets — like BI, SIEM and Data Analytics — in a relatively short period of time, are now facing swift competition from newcomers like Elastic and start-ups like Gravwell, who are nipping at their heels. The latter in particular is using proprietary tech to maximize utility and speed at hyper-scale. The pace of innovation, fueled by the competition for funding is driving these emerging companies to attack large, existing multi-billion dollar markets vs. attempting to convince investors they’ve invented the next one. That’s a risk to these newly-minted market leaders as they struggle with transitioning from growth to profits. While enterprises have traditionally been risk-adverse, investing only a smaller portion of their security budgets in “tools” or small start-ups, the economics and pace of adversary innovation are driving security executives to expand their focus to emerging technologies in order to more quickly combat the threats.
3. Conference Beyond the Conference
Many have speculated over the years that the number of Full Conference RSA passes purchased by Enterprise customers has been dwarfed by the army of vendors, service providers, financiers and supporting cast members (marketing, accounting, etc.). We’ve also heard it pondered that the meetings taking place outside the conference are what’s actually driving more value for enterprises, product and service firms. While I’m sure RSA will quote registration stats to debunk this claim, it seems like the RSA Conference hit a tipping point this year, where the majority of value derived from the event was obtained outside the exhibitor floor or in sessions at Moscone Center. Ask any provider how they measure success and exhibitors will often quote contacts scanned, foot traffic and 1:1 executive meetings in the booth conference room. Beyond these vanity marketing metrics lies the real value derived from this year’s event – executive discussions with strategic customers, partners, investors and candidates in suites at the various hotels around Moscone and the intimate, private evening events across San Francisco.
So, as the haze lifts, the follow-up emails fly and the backlog gets chopped down, do you agree with these three surprises? Are there other takeaways that you were excited about? Let us know in the comments below or join the post-RSA discussion on any of Syncurity’s social media channels.
Syncurity’s award-winning IR Flow Security Operations and Incident Response Platform
IR Flow Product Overview Datasheet (pdf)
Stop Drowning In Security Alerts Ebook
Addressing Analyst Fatigue In The SOC Whitepaper