That's a Wrap! RSA Conference 2017 Thoughts and Observations, Continued (Video)

In this second of a two-part video blog series, my colleague Jon Oltsik and I discuss some of the themes and takeaways from RSA Conference 2017.

Closing the cloud security readiness gap with platforms: Many vendors at RSA were offering cloud security solutions to help organization close the gap between the use of the cloud services within their company and their readiness to secure that use. These solutions spanned the gamut of “from,” “in,” and “to” cloud security with respect to security from the cloud (i.e., security-as-a-service\SECaaS), infrastructure security (workloads, APIs), and cloud app security (i.e., CASB), respectively. Compounding the readiness gap is good old heterogeneity -- most orgs use many cloud apps and multiple IaaS providers. In fact, ESG research reveals that 75% of organizations consuming IaaS services today do so from more than one CSP. These adoption dynamics create the need for cross app and cross cloud coverage which is why major players such as Cisco, Trend Micro, and Symantec are highly focused on the breadth of their cloud security portfolios while cloud security specialists such as CloudPassage, Netskope, Illumio, vArmour, Threat Stack, and others are also helping companies close the gap with offerings that continue to offer both breadth across cloud services and depth of functionality.  

Topics: Cybersecurity RSA Conference

That's a Wrap! RSA Conference 2017 Thoughts and Observations, Part 1 (Video)

RSA Conference 2017 is now a wrap and blogs such as these that attempt to summarize such a content rich event are challenged to do so in any sort of brevity, but, alas, I will try. Colleague Jon Oltsik, who fought being placed on the injured reserve list the week before RSA and missed the event for the first time in over a dozen years, and I offer a review of just some of the news from the show in this first of two video blogs. Here are some of the threads we pull on. 

Topics: Cybersecurity RSA Conference SOAPA

RSA 2017: Anticipating Network Security Chatter

Earlier this week, I posted a blog about my expectations for endpoint security at the upcoming RSA Conference.  Similarly, here’s what I anticipate hearing about network security:

Topics: Cybersecurity RSA Conference

Scratching the Surface on What to Expect at RSA 2017 (Video)

With what is expected to be the largest RSA Conference to date just around the corner, my colleague Jon Oltsik and I share some thoughts on what we are expecting at this year’s seminal cybersecurity event in this video. We discuss the broad-based nature of ransomware, with commentary on how “rearview mirror ransomware protection” will address certain tiers of ransomware while new blended ransomware attacks, as well as those that target back-end infrastructure, will require additional controls and techniques. One such technique being applied in many cybersecurity products is machine learning, for which we frame its role in the context of a layered defense. We also consider how the rapid evolution of the cloud security product category, driven by the broad adoption of cloud service, could be an area of functional convergence and note the need for a security operations and analytic platform architecture (SOAPA) for hybrid cloud environments. On the topic of cloud, we also note the compelling benefits of cloud-delivered security solutions (security-as-a-service) for operational efficiency at cloud scale.

Topics: Cybersecurity RSA Conference SOAPA

ESG On Location: Impressions from RSA 2016

As our final act of RSA Conference 2016 coverage, I wanted to share the video that my colleague Jon Oltsik and I recorded to wrap up our thoughts from San Francisco:

Topics: Cybersecurity RSA Conference

Before Moving on From RSA…

It’s been a week since my last meetings at RSA and I’m already thinking about travel plans and agendas for Infosec Europe and Black Hat. Before closing the book on RSA 2016, however, I have a few final thoughts about the industry and cybersecurity professional community.

Topics: Cybersecurity RSA Conference

RSA Conference Blue Suede Shoes

My feet have almost recovered from the many miles walked at RSA last week, bouncing between meetings and sessions. Given my penchant for referencing songs and musicians in my blogs, “Feets Don’t Fail Me Now” and “Many a Mile to Freedom” come to mind.

RSA is a long week that also seems to go by quickly, a paradox of busy-ness. With the meta-changes in the scope of what to secure expanding exponentially (immutable infrastructure, knowledge worker mobility, and the world of connecting things), the moving target of attacker methods, and a myriad of protection solutions, there is much to process at RSA. Having let the input settle over the weekend, here are a few of my takeaways from RSA Conference 2016.

Topics: Cybersecurity RSA Conference

Many Thoughts about RSA 2016

RSA 2016 was a whirlwind of meetings, discussions, and cocktail parties. Now that I’m back home and have had a weekend to reflect on the conference, here are a few words to describe my impressions of this year’s show:

Topics: Cybersecurity RSA Conference

Thoughts from the dark side

I’m lucky. After doing this for 17 years and having brilliant people that actually know what they speak of, I've been able to opt out of the big conference world. This year I opted in to RSA. Why? Because this industry is fascinating to me. We are at a rare point in time: most revolutionary/evolutionary tech industry explosions happen when one primary catalyst (an event, a technology, a company) creates net new value and the VCs then fund a ton of wannabes to try to eat the scraps left behind. During that period, we have a ton of companies who all sound the same. They all look the same. They are all positioning themselves as having a better mousetrap.

This is true at RSA — in spades.

Topics: RSA Conference

RSA Conference, Day Two (with photos)

One of the great things about these conferences is that I get to meet a variety of end-customers (CISOs), essentially security consultants who are in-house practitioners. I had the pleasure of having dinner and lunch with some of them yesterday. One thing that’s apparent from talking to them, is the cybersecurity skills shortage, which Senior Principal Analyst Jon Oltsik recently described in an ESG Brief (login required). There is a quandary: one needs to train people and invest in their skills, and at the same time, it makes them ever more valuable to be poached by other firms. Can automated systems help, and what really requires human insight?

Topics: Internet of Things Networking RSA Conference