ESG Blogs

In this video blog, ESG’s new principal analyst, Christina Richmond, and I preview what we expect to see at RSA Conference 2019. The scope and scale of RSA Conference continues to grow with adjunct events held by industry organizations such as the Cloud Security Alliance, vendors, and ESG with our own breakfast event. A few of the topics we expect to be front and center at this year’s RSA Conference include:

IBM’s Think 2019 event was made to do just that – make you think. Unlike many vendors, whose events can be like giant market stalls, Think was more more like a visit to your old college; and that's  not a pejorative, it’s a compliment.

Sure, it could get a tad calculated or even over-earnest at times, but overall it was a refreshing take – stopping and thinking...though in San Francisco last week it was advisable to undertake your contemplations inside the Moscone Center, as it poured with rain on the main mid-week days! Weather aside, the move from Vegas to San Francisco was a good one.

When I first entered the cybersecurity market in 2003, I’d already been working in the IT industry for about 16 years in storage, networking, and telecommunications previously. By the early 2000s, all three sectors had moved on from bits and bytes to focusing on how each technology could help organizations meet their business goals. Oh sure, we still talked speeds-and-feeds, but we led with things like business agility, productivity, and cost cutting. The technology was a means to an end rather than an end in itself.

When I got to the cybersecurity industry, I was surprised by what I saw. Unlike other areas of IT, cybersecurity was still deep in the weeds, focused on things like IP packets, application protocols, and malicious code. In other words, cybersecurity remained a “bottom-up” discipline as the cybersecurity team viewed the world from networks and devices “up the stack” to applications and the business.

I just got back from attending IBM Think in San Francisco. Though it was a quick trip across the country, I was inundated with IBM’s vision, covering topics from A (i.e., artificial intelligence) to Z (i.e., System Z) and everything in between. 

Despite the wide-ranging discussion, IBM’s main focus was on three areas: 1) Hybrid cloud, 2) Advanced analytics, and 3) Security. For example, IBM’s hybrid cloud discussion centered on digital transformation and leaned heavily on its Red Hat acquisition, while advanced analytics included artificial intelligence, cognitive computing (Watson), neural networks, etc. To demonstrate its capabilities in these areas, IBM paraded out customers like Geico, Hyundai Credit Corporation, and Santander Bank, who are betting on IBM for game-changing digital transformation projects.

Cloud data protection player Carbonite just agreed to acquire cloud endpoint security player Webroot for $618M in cash.

My first immediate concern is that I’ve seen this before. Symantec bought Veritas – same logic: marry endpoint security with data protection – because that makes sense – except it didn’t work. It failed spectacularly.

Having said that, times are different, so I won’t immediately write it off. But I do have big concerns.

A few years ago, cybersecurity professionals often lamented that executives didn’t want good security, they wanted “good enough” security. This axiom reflected that many CEOs equated cybersecurity with regulatory compliance. If the CISO could check all the right PCI, HIPAA, or SOX boxes, cybersecurity concerns were taken care of.

The “good enough” security attitude was an aversion for the cybersecurity crowd. CISOs who wanted to adequately protect corporate assets longed for a time when business executives would truly appreciate cyber risk and would be willing to participate and fund cyber risk management efforts adequately.

Cybersecurity services are at an inflection point, where they are no longer "nice to have" but "must have" for security teams. Migration to digital and cloud-driven architectures, continued lack of resources, and rapid growth of breaches escalate the need for an objective service partner. Admittedly, I’m a services wonk, and see all markets through the lens of services, but it’s obvious that complexity and overwhelm abound as a myriad of new security solutions confuse the market annually at conferences. (Speculation about this year’s RSA “theme” is rife on LinkedIn.) Security teams are challenged to manage security effectively, and to negotiate business against risk. The evolution of this market necessitates services that drive assessment and rationalization of existing security programs rather than adoption of new technologies. It also demands preparedness.

At most enterprise organizations, cybersecurity infrastructure grew organically over time. The security team implemented each security control in response to a particular threat, such as if antivirus software appeared on desktops, gateways were added to the network, sandboxes were deployed to detect malicious files, etc. 

At the end of each year, ESG conducts a wide-ranging global survey of IT professionals, asking them about challenges, purchasing plans, strategies, etc.  As part of this survey, respondents were asked to identify areas where their organization has a problematic shortage of skills.

In 2018-2019, cybersecurity skills topped the list – 53% of survey respondents reported a problematic shortage of cybersecurity skills at their organization.  IT architecture/planning skills came in second at 38%.

Security information and event management (SIEM) systems first appeared around 2000 from vendors like Intellitactics, NetForensics, and eSecurity. The original functionality centered around event correlation from perimeter security devices like IDS/IPS and firewalls. 

The SIEM market evolved over the past 19 years, with different vendors, functionality, and use cases. SIEM has also grown into a $2.5 billion-dollar market, dominated by vendors like Splunk, IBM, LogRhythm, and AT&T (AlienVault).

Despite the SIEM evolution, today’s products can be seen as super-sized versions of those of yesteryear. In fact, the original design of SIEM seemed like a knockoff of network and systems management tools CA Unicenter, HP OpenView, and IBM Tivoli. SIEM products were based upon a tiered architecture of distributed data collectors/indexers/processors, and a central database used for data analytics, visualization, and reporting.