Written By Logan Gilbert And Presented By Chuck Leaver
After investing a couple of days with the Ziften group at the 2018 RSA Conference, my technology observation was: more of the same, the usual suspects and the normal buzzwords. Buzz words like – “AI”, “machine learning”, “predictive” were incredibly worn out. Lots of attention paid to prevention, everybody’s favorite attack vector – email, and everyone’s preferred vulnerability – ransomware.
The only surprise I encountered was seeing a smattering of NetFlow analysis companies – great deals of smaller sized businesses aiming to make their mark utilizing a really rich, however tough to work with, data set. Extremely cool stuff! Find the little cubicles and you’ll discover lots of innovation. Now, to be fair to the bigger suppliers I know there are some genuinely cool technologies therein, but RSA barely lends itself to cutting through the buzzwords to actual worth.
I might have a biased view since Ziften has been partnering with Microsoft for the last 6+ months, however Microsoft appeared to play a much more popular leading function at RSA this year. Initially, on Monday, Microsoft announced it’s all new Intelligent Security Association combining their security partnerships “to concentrate on protecting customers in a world of increased threats”, and more significantly – strengthening that protection through shared security intelligence across this ecosystem of partners. Ziften is obviously proud to be a founding member in the Intelligent Security Association.
Furthermore, on Tuesday, Microsoft announced a ground-breaking collaboration with numerous players in the cyber security industry called the “Cybersecurity Tech Accord.” This accord calls for a “digital Geneva Convention” that sets standards of habits for cyberspace just as the Geneva Conventions set rules for the conduct of war in the physical world.
A real point of interest to me though was the makeup of the expo attendees. As I was likewise an exhibitor at RSA, I noted that of my visitors, I saw more “suits” and less t-shirts.
Ok, perhaps not suits per se, but more security Supervisors, Directors, VPs, CISOs, and security leaders than I remember seeing in the past. I was encouraged to see what I think are business decision makers having a look at security businesses first hand, rather than delegating that job to their security team. From this audience I often heard the very same overtones:
– This is frustrating.
– I cannot discriminate between one technology and another.
What I saw less of were “technology trolls”. What, you may ask, are technology trolls? Well, as a supplier and security engineer, these are the individuals (constantly men) that show up five minutes before the close of the day and drag you into a technical due diligence exercise for an hour, or at least till the happy hour celebrations start. Their goal – absolutely nothing useful to either party – and here I’m presuming that the troll actually works for a business, so absolutely nothing beneficial for the company that really paid countless dollars for their presence. The only thing acquired is the troll’s self-affirmation that they are able to “beat down the vendor” with their technical expertise. I’m being harsh, however I’ve known the trolls from both sides of the fence, both as a seller, and as a buyer – and back at the office no one is basing purchasing choices based on troll suggestions. I can only assume that companies send tech trolls to RSA and similar events because they don’t want them in their office.
Discussions about Holistic Security
Which makes me return to the type of individuals I did see a lot of at RSA: security savvy (not just tech savvy) security leaders, who understand the corporate argument and choices behind security innovations. Not just are they influencers but in many cases business owners of security for their particular companies. Now, aside from the aforementioned concerns, these security leaders seemed less focused on an innovation or specific use case, but rather a focus on a desire for “holistic” security. As we know, good security requires a collection of technologies, practice and policy. Security smart customers wanted to know how our innovation fitted into their holistic solution, which is a rejuvenating modification of dialog. As such, the kinds of questions I would hear:
– How does your innovation partner with other solutions I already utilize?
– More significantly: Does your business truly buy into that collaboration?
That last question is crucial, basically asking if our partnerships are simply fodder for a website, or, if we truly have a recognition with our partner that the whole is greater than the parts.
The latter is exactly what security experts are searching for and require.
Overall, RSA 2018 was excellent from my point of view. After you get past the jargon, much of the buzz centered on things that matter to consumers, our market, and us as individuals – things like security partner communities that include worth, more holistic security through real partnership and significant integrations, and face to face discussions with company security leaders, not innovation trolls.