Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Training & Awareness

Security Trends From RSA Conference 2016 in San Francisco

RSA Conference 2016

The RSA Conference in San Francisco is the largest annual gathering of people working in, selling to, reporting on or analyzing the security industry. Each year there are general trends that come out of the show, although trends can be in the eye of the beholder.

RSA Conference 2016

The RSA Conference in San Francisco is the largest annual gathering of people working in, selling to, reporting on or analyzing the security industry. Each year there are general trends that come out of the show, although trends can be in the eye of the beholder.

Attended by roughly 40,000 people, there were more than 500 vendors and 700 sessions, so the observations below are one small perspective with an admitted bias towards Identity and Access Management since that’s where I focused most of my time. Here are some observations on security trends observed at the event that took place last week (Feb. 27 to Mar. 4) a the conference.

1. Apple is winning the hearts and minds of security professionals

The feds were represented well at the show with addresses from the likes of Attorney General Loretta Lynch and Director of the National Security Agency, Admiral Michael S. Rogers, among others. Their general message was to ask for cooperation from the industry for the good of national security. The reaction seemed chilly at best.

In his keynote speech, RSA President Amit Yoran made the case that, “Weakening encryption is solely for the ease and convenience of law enforcement when pursuing petty criminals. No credible terrorist or nation state actor would ever use technology that is knowingly weakened.”

2. Attacks from the inside are not necessarily perpetrated by insiders

When we think of the insider threat, traditionally we imagine the malicious or careless user bent on personal gain, exercising a grudge or unwittingly exposing the organization to vulnerabilities. While those threats are real, the type of insider attack that had most people worried is the outsider who has obtained the insider’s credentials through phishing, malware or social engineering.

This isn’t a new phenomenon, but many of the sessions at the event and a great number of vendors on the show floor were focused on this problem, marking it as a more mainstream concern than previous years. The issue is exacerbated by the fact that insiders (with the exception of privileged users) are not treated to the same level of scrutiny as outside attack vectors, particularly with executives having access to sensitive information.

Advertisement. Scroll to continue reading.

3. Analytics has entered the cliché zone

Pretty much everyone was talking about analytics. And each of them had a different definition of what it meant or how to deliver it. Analytics holds great promise in the struggle for staying ahead of attackers, but the industry needs to coalesce around the terminology and demonstrate results for detecting and disrupting attacks before much is spent on it by security teams.

4. Venture capital for security companies is slowing, which will drive vendor consolidation

Speaking with four analysts from different firms, this was a consistent point. One said, “there are a lot of security companies that are really just features.” The lack of additional funding means that smaller companies without positive cash flow are going to have to focus on an exit strategy, and most are looking to be acquired by larger companies.  This can be good for consumers of security technology, who face too many solution silos, but smaller vendors who don’t find a seat before the music stops will face difficult decisions.

5. What next?

Finally, there seems to be a lot of complaining that the RSA Conference has outgrown San Francisco. When one and two star hotels are going for upwards of $500 a night, perhaps the supply and demand for hotel rooms is out of balance. It will be interesting to see how Dell influences the future of the show, once the dust from that acquisition settles.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Training & Awareness

Google has announced a new training program for cybersecurity analysts and those who graduate will get a professional certificate from Google.

Management & Strategy

750 cyber specialists have participated in Defence Cyber Marvel 2 (DCM2), the biggest military cyberwarfare exercise in Western Europe.

Phishing

Security awareness training isn’t working to the level it needs to. Social engineering, however, is getting better. Why doesn’t awareness training work, and how...

Management & Strategy

Addressing the people problem with effective approaches and tools for users and security practitioners will enable us to work smarter, and force attackers into...

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...

Management & Strategy

Tips for making a presentation that will help improve the state of security programs and reflect favorably on the presenters and their companies

Management & Strategy

UK-based cybersecurity training solutions provider Immersive Labs announced on Wednesday that it has raised $66 million in new capital.