Here is a recap of the RSA event from a vendor perspective while offering practical advice for future conferences.
Whether you are a veteran or brand new to RSA, there were plenty of security sessions and time to search for new technologies to make your life easier. Being a veteran exhibitor at these conferences, it shouldn’t surprise me that there was a lot of misinformation throughout the expo floor, but it still does!
Having attended RSA conference for the past 5 years, I noticed a common theme, vendors can be very convincing that they are the best security solution. Unless, you industry expert or armed with the latest information or statistics, you can be easily fooled.
With so many sessions and activities, you can easily meander around and not really accomplish anything. However, several attendees that I talked to at the conference expressed their desire to look for the next killer solution or wanting to see an innovative approach to solving their security problems. This is a worthy objective, but you must map out a strategy before accomplishing this goal. This year, in my humble opinion, I didn't see that next killer product. However, I saw a lot of references to the next-generation endpoint and advance/active threat intelligence. Many of the security vendors were promoting the aggregation of information. Whether the device is sitting at the endpoint, network, or cloud, all the information is consolidated into a single pane of glass and proactively remediating threats or providing information to the security administrator. I heard similar concepts discussed 15 years ago, but I have yet to see a successful delivery of an effective, automated solution.
The sandbox innovation competition was fairly entertaining and provided a glimpse to how start-up companies were addressing the security issue. If you missed the event, it is worth watching some of the videos. Though it was a high-level introduction to a solution, it provided some understanding of how start-up companies are addressing attacks to help security administrator become more efficient. A common theme is that most companies have a limited number of resources and money to spend on proactively eliminating threats, so these systems are supposed to automate tasks.
Internet of Things (IoT) was another hot topic with multiple sessions and tutorials. There are many different definitions, but Bitdefender’s general definition is everything that connects to the Internet. Still in the infancy stage of maturity, some developers that create software or hardware may lack the security expertise to reduce attacks. Though the lack of standards or framework is still being addressed through the Online Trust Alliance (OTA), it should help reduce future security and privacy issues. Read more about the initiatives proposed by OTA.
At RSA, I am often asked some basic questions about the company, product, and competition. Since most people think antimalware technology is a commodity, they rarely know the differences between companies or technologies. Of course the vendor will provide the reasons why they are the best, but I suggest there are a few rules to apply when evaluating any security technology. Always check third party reviews, talk to co-workers, and get validation from others in the industry. There is a lot of marketing hype at these shows, so cross examine the information like an attorney.
I didn't find the Next Big Thing! However, if you are willing to be social and seek a lot of information, then the best thing is to take time to make a plan, gather information, enjoy the demonstrations, talk with peers, and research the security solution from the comfort of your office.