It is almost always eye opening to roam the aisles of the RSA Conference Expo halls, and 2023 was no exception. And as always, we see the shifts in the messaging and themes of what cybersecurity technology companies are selling. Here are my top impressions:
Managed Detection and Response: Threat detection and response continues to be very important to enterprises, but how it is sold has seen a dramatic shift. Up until last year, we saw a number of companies selling Endpoint Detection and Response (EDR), Cloud Detection and Response and Extended Detection and Response (XDR). Last year at the RSAC Expo, it was all about XDR. This year it feels like enterprises have given up on doing this themselves and are now ready to have a MSSP (Managed Security Service Provider) provide them a service to do this, called Managed Detection and Response (MDR). Perhaps this is due to the fatigue of responding to myriad alerts and reports that an XDR might generate, or perhaps it’s more cost effective to do this as an outsourced service.
Data Security Posture Management: The first steps to securing your organization are to understand where your data is and what static rules that allow data access, and to document and report the remediations required to address compliance of any obvious issues with your current access standards. Although in previous years I’ve seen people exhibit similar things, this year the terminology for this process settled as “DSPM,” and its prominence at RSA is a sign that this is a maturing area of activity.
Devices are the Achilles Heel of Zero-Trust: A number of companies were touting endpoint (or device) security solutions as “zero-trust security” solutions. The device is a critical part of a user’s access posture, and zero-trust is all about dynamically asserting the appropriate access posture in order to provide access to specific resources. You can have the most sophisticated MFA and passwordless authentication solution there, but if attackers can compromise the device they can subvert any authentication. It seems like a natural evolution for organizations posturing towards zero-trust to emphasize solving for zero-trust for device security.
API Security is Growing In Importance: API security has always been an area of interest at RSA, but up until this year, I do not remember the overwhelming presence of vendors focusing on this aspect of security. These products provide API discovery (by analyzing traffic to your online properties, they can tell where your APIs are), analyze security properties (figure out what kind of security the APIs use and remediate or suggest changes) and thwart attacks (by analyzing access patterns and blocking suspicious ones). I found it interesting that most vendors touted they can thwart “low and slow” attacks that do not have an obvious bursty attack signature.
Errors and Omissions: I may have failed to notice if any were being displayed, but last year’s big theme of “Cloud Infrastructure Entitlement Management” (CIEM), was nonexistent this year - perhaps it was rolled up into DSPM or lost in hard-to-understand messaging like “zero-trust VPN.”
All in all, it was a great expo, complete with attractive, big budget booths and parlor tricks. I loved the energy and the many formal and informal meetings I was able to have with a diverse set of folks - entrepreneurs, large vendors, large users of technology, seasoned consultants and fellow technologists.
SGNL is looking forward to participating in RSA festivities again in 2024!