Written By Logan Gilbert And Presented By Chuck Leaver
After spending a few days with the Ziften team at the 2018 RSA Conference, my technology observation was: more of the very same, the normal suspects and the usual buzzwords. Buzz words like – “AI”, “machine learning”, “predictive” were wonderfully worn out. Lots of attention paid to prevention, everyone’s preferred attack vector – email, and everybody’s favorite vulnerability – ransomware.
The only surprise I encountered was seeing a smattering of NetFlow analysis businesses – great deals of smaller sized companies trying to make their mark using a really abundant, however hard to work with, data set. Really cool stuff! Find the small booths and you’ll discover lots of innovation. Now, in fairness to the bigger suppliers I know there are some really cool innovations therein, but RSA barely positions itself to seeing through the buzzwords to real worth.
The Buzz at RSA
I may have a prejudiced view given that Ziften has actually been partnering with Microsoft for the last six plus months, however Microsoft appeared to play a lot more popular leading role at RSA this year. First, on Monday, Microsoft revealed it’s all new Intelligent Security Association bringing together their security collaborations “to concentrate on defending customers in a world of increased threats”, and more significantly – reinforcing that defense through shared security intelligence throughout this environment of partners. Ziften is of course proud to be an establishing member in the Intelligent Security Association.
Furthermore, on Tuesday, Microsoft revealed a ground breaking partnership with many in the cybersecurity market named the “Cybersecurity Tech Accord.” This accord calls for a “digital Geneva Convention” that sets standards of habits for cyberspace just as the Geneva Conventions set rules for the conduct of war in the physical world.
A true interesting point to me though was the makeup of the expo audience itself. As I was likewise an exhibitor at RSA, I noted that of my visitors, I saw more “suits” and less t-shirts.
Ok, maybe not suits per se, but more security Supervisors, Directors, VPs, CISOs, and security leaders than I recall seeing in the past. I was motivated to see what I think are business decision makers having a look at security businesses first hand, as opposed to delegating that task to their security team. From this audience I often heard the same themes:
– This is overwhelming.
– I can’t discriminate in between one innovation and another.
There were certainly less “technology trolls”. What, you might ask, are technology trolls? Well, as a supplier and security engineer, these are the guys (always males) that show up five minutes before the close of the day and drag you into a technical due-diligence workout for an hour, or at least up until the happy hour parties start. Their objective – definitely nothing beneficial to anyone – and here I’m presuming that the troll actually works for a company, so absolutely nothing useful for the business that actually paid thousands of dollars for their attendance. The only thing acquired is the troll’s self-affirmation that they are able to “beat down the vendor” with their technical expertise. I’m being extreme, however I’ve experienced the trolls from both sides, both as a vendor, and as a buyer – and back at the home office no one is basing buying choices based upon troll recommendations. I can just presume that businesses send out tech trolls to RSA and similar expos because they do not want them in their workplace.
Discussions about Holistic Security
Which brings me back to the kind of people I did see a lot of at RSA: security savvy (not just tech savvy) security leaders, who comprehend the business argument and decisions behind security technologies. Not just are they influencers but oftentimes the business owners of security for their respective companies. Now, apart from the above mentioned concerns, these security leaders seemed less concentrated on an innovation or specific usage case, but rather a focus on a desire for “holistic” security. As we understand, great security needs a collection of innovations, policy and practice. Security savvy customers wanted to know how our innovation fitted into their holistic service, which is a refreshing modification of dialog. As such, the types of concerns I would hear:
– How does your technology partner with other solutions I currently use?
– More notably: Does your business really buy into that collaboration?
That last concern is important, basically asking if our collaborations are just fodder for a site, or, if we really have an acknowledgment with our partner that the sum is greater than the parts.
The latter is what security experts are searching for and need.
In general, RSA 2018 was terrific from my viewpoint. After you go beyond the jargon, much of the buzz centered on things that matter to clients, our industry, and us as people – things like security partner communities that add worth, more holistic security through genuine partnership and significant integrations, and face to face conversations with business security leaders, not technology trolls.