With a total of 42,000 attendees and a record number of exhibitors (600+) at the recently concluded annual RSA conference in San Francisco, it certainly was a big show. While there were 17 keynotes and more than 550 sessions on various topics related to cybersecurity, a few themes seemed to bubble up to the top when looking at product announcements and roaming the expo halls.
Orchestration, Integrated workflows, and SOC Efficiency
Many vendors realize that siloed tools and products are frustrating the heck out of their customers who are often left struggling with managing different dashboards and correlating data from different tools as they try to respond to incidents. To help solve some of these challenges, they are making a concentrated effort to improve orchestration capabilities, build partnerships and integrate their offerings.
We saw more vendors integrate IT and security workflows by partnering with the likes of ServiceNow. IBM announced improvements to its Resilient Incident Response Platform including more intelligent orchestration to improve incident response procedures. Infoblox announced integration with McAfee Web Gateway for broader protection and visibility the week before RSA.
AI/ML and Behavioral Analytics
If you haven’t heard the term AI/ML yet, you are probably living under a rock. I first heard the term artificial intelligence back in the late nineties and it is making a big comeback. Often coupled with machine learning, the general concept is that machines are provided access to data that enable them to learn to carry out certain tasks (even complicated tasks like driving) and get better at them as time progresses.
As the security industry matures and threats get more complex, it’s only natural that vendors start leveraging AI/ML and behavioral analytics to improve their protection and incidence response capabilities. But just saying we do AI/ML or behavioral analytics is like saying I drive around in my car. What are you trying to achieve? Where are you trying to go? What the security vendor is trying to achieve by leveraging AI/ML seemed to be missing in many of the booth signages. I definitely think these new capabilities add a lot of value as we can no longer rely only on reputation or signature feeds, especially when the bad guys keep changing their methods and attack infrastructure.
Extending Security to Containers
Securing containers, which have been around for five years now, is becoming the next frontier in cybersecurity as the technology becomes more mainstream. VMware announced that it is extending its AppDefense application security technology to protect workloads running on container runtime platforms. GuardiCore, a small security start-up that provides security for software-defined data centers, also announced new capabilities to help secure container deployments.
Other topics of discussion included IoT security, data privacy including GDPR and deception based defense.
Infoblox @ RSA
Infoblox had a lot of exciting things to talk about and demo at RSA including:
- The integration between ActiveTrust Cloud and McAfee Web Gateway for broader protection
- Exchange of DNS, DHCP and IPAM data and threat intelligence with the broader security ecosystem for faster threat response and better protection
- Using DNS as a control point for blocking malware and data exfiltration
McAfee and Infoblox showcased the joint partnership with presentations and demos at both Infoblox and McAfee booths.
Our very own in-house Chief DNS Architect, Cricket Liu, was in the booth signing the new DNS Security for Dummies book, which flew off the shelves pretty quickly. The two Infoblox speaking sessions on Friday, April 20: the first one on turning DNS into a security tool by Cricket Liu and the second one on fighting malware with graph analytics by Mayana Pereira, our in-house data scientist, were packed with 250+ people attending them.
Pondering what’s next
As another RSA comes to a close, you may be left wondering: is there anything new I learned? Where is this industry headed? What should I be doing so that I am not the next big data breach victim? The short answer is; know your risk profile, find your gaps, and figure out if you can improve security with what you already own before making that next big investment in yet another security tool.
And speaking of data breaches, the 2018 RSA Conference Mobile App ended up actually leaking some attendee information through a flaw in the app. So even the world’s biggest cybersecurity conference is not immune to hacking.