Written By Logan Gilbert And Presented By Charles Leaver
After spending a few days with the Ziften group at the 2018 RSA Conference, my technology point of view was: more of the same, the typical suspects and the normal buzzwords. Buzz words like – “AI”, “machine learning”, “predictive” were wonderfully worn out. Great deals of attention paid to avoidance, everybody’s preferred attack vector – email, and everybody’s favorite exploit – ransomware.
About the only surprise to me was seeing a small number of NetFlow analysis businesses – great deals of smaller businesses aiming to make their mark using an extremely abundant, but tough to work with, data set. Extremely cool stuff! Find the small cubicles and you’ll discover lots of innovation. Now, in fairness to the bigger suppliers I understand there are some truly cool technologies in there, but RSA barely positions itself to cutting through the buzzwords to actual value.
I may have a biased view considering that Ziften has actually been partnering with Microsoft for the last six plus months, but Microsoft seemed to play a far more popular leadership role at RSA this year. First, on Monday, Microsoft revealed it’s all brand-new Intelligent Security Association bringing together their security collaborations “to concentrate on defending customers in a world of increased hazards”, and more notably – enhancing that protection through shared security intelligence throughout this environment of partners. Ziften is of course proud to be a founding member in the Intelligent Security Association.
In addition, on Tuesday, Microsoft announced a ground-breaking collaboration with numerous players in the cyber security industry named the “Cybersecurity Tech Accord.” This accord requires a “digital Geneva Convention” that sets standards of behavior for the online world just as the Geneva Conventions set guidelines for the conduct of war in the physical world.
People who Attended the RSA
A real point of interest to me though was the makeup of the expo audience itself. As I was also an exhibitor at RSA, I noted that of my visitors, I saw more “suits” and less tee shirts.
Ok, maybe not suits as such, but more security Supervisors, Directors, VPs, CISOs, and security leaders than I recall seeing in the past. I was motivated to see what I think are the business decision makers having a look at security businesses first hand, as opposed to delegating that job to their security team. From this audience I often heard the very same overtones:
– This is overwhelming.
– I can’t discriminate in between one technology and another.
Those who were Absent from RSA
What I saw less of were “technology trolls”. What, you might ask, are technology trolls? Well, as a supplier and security engineer, these are the people (constantly guys) that show up five minutes prior to the close of the day and drag you into a technical due diligence workout for an hour, or at least until the happy hour celebrations start. Their objective – absolutely nothing helpful to anyone – and here I’m presuming that the troll actually works for a company, so nothing useful for the business that really paid thousands of dollars for their participation. The only thing acquired is the troll’s self affirmation that they are able to “beat down the supplier” with their technical prowess. I’m being harsh, however I’ve known the trolls from both sides, both as a vendor, and as a purchaser – and back at the office nobody is basing buying choices based upon troll suggestions. I can only assume that companies send tech trolls to RSA and similar expos because they don’t desire them in their office.
Discussions about Holistic Security
Which makes me return to the kind of people I did see a great deal of at RSA: security savvy (not simply tech savvy) security leaders, who understand the business argument and choices behind security innovations. Not only are they influencers but in most cases the business owners of security for their respective organizations. Now, aside from the previously mentioned concerns, these security leaders appeared less focused on a technology or specific usage case, but rather a focus on a desire for “holistic” security. As we know, great security requires a collection of technologies, practice and policy. Security smart consumers wanted to know how our technology fitted into their holistic service, which is a refreshing change of dialog. As such, the kinds of questions I would hear:
– How does your innovation partner with other solutions I already utilize?
– More importantly: Does your company actually buy into that partnership?
That last concern is vital, basically asking if our partnerships are merely fodder for a site, or, if we truly have a recognition with our partner that the sum is greater than the parts.
The latter is what security specialists are searching for and need.
In general, RSA 2018 was fantastic from my point of view. After you go beyond the lingo, much of the buzz focussed on things that matter to customers, our market, and us as people – things like security partner ecosystems that add worth, more holistic security through genuine partnership and meaningful integrations, and face to face conversations with business security leaders, not technology trolls.