What To Watch at RSA

Next week is the the RSA Conference in San Francisco, one of the most important cybersecurity conferences -- which will bring together nearly 50,000 people in the industry.

Fortunately, I’ve avoided bankruptcy by securing an affordable AirBNB rather than one of the overpriced, average-quality hotels that are running at $600/night or more.

RSA has a curious history. It was founded by Jim Bidzos, who in 1986 took over a struggling company known as RSA Data Security Inc. and transformed it into one of the world’s most powerful cybersecurity companies. The key was developing an encryption toolkit that brought basic encryption techniques to the masses. One of RSA’s first clients was the company that developed Lotus Notes, which later became the goliath communications tool acquired by IBM.

Bidzos founded the RSA Conference in 1991 to bring together the cybersecurity community. RSA, the company, was acquired by EMC in 2006, which was then subsumed by Dell Technologies in 2016. RSA in 2020 was divested and taken private. Bidzos went on to become CEO of public company Verisign.

Yet, the conference remains alive and well. For some reason, this conference leaves big memories. I have some particularly fond memories of meeting folks up on the hill when it was held at the Fairmont Hotel. President Bill Clinton made a keynote one year. Later, it moved to the massive Moscone Convention Center, which in the great irony of San Francisco is positioned amongst the tent cities for homeless people and skycrapers housing multibillion-dollar tech startups.

In 2020, I exited the Moscone media lounge to see a crew dressed in hazmat suits, spraying down the walls of the convention center with disinfectant. The arrival of COVID. I did not return to the show for a third day, instead electing to fly home with a mask. This is my first year back!

What We’ll See

Prior to COVID, RSA peaked at 42,000 and 650 vendor exhibitors in 2019. COVID moved the show to a virtual platform in 2021. Last year the show returned as a full-in person event, with 36,000 attendees. The recent trend has been for in-person technology events to be back to record levels, such as the recent Mobile World Congress in Barcelona with 90,000 attendees!

At RSA, you’ll be greeted with an onslaught of cybersecurity acronyms. While we keep hearing about the slowdown in venture capital, the cybersecurity industry has been a large beneficiary of private equity’s largesse – drawing $18.5 billion in 2022, down from $30.3 billion. But I can assure you there is still a lot of money sloshing around, as cybersecurity technology has represented a consistent, rising share of IT spending.

Some of the big themes in acronyms you will hear include, with the vendors to watch:

Application Programming Interface (API) security and shift-left security. Shift left is a term used by IT staff, developers, and DevOps professionals to describe the shift of testing, security, and configuration automation into the development cycle, to address the needs of continuous integration/continuous deployment (CI/CD). Because many modern applications are driven by Application Programming Interfaces (API), there is also an important need to assess and monitor the threats posed in code with APIs. This is a hot emerging area we will be watching.

Vendors to watch: Akamai, Noname Security, Neosec, Orca Security, Salt Security, Wib.

Secure Access Service Edge (SASE) vs. Secure Service Edge (SSE): There is a religious war brewing for networking security at the edge. The idea of blending security functions with SD-WAN eventually merged into SASE, a concept created by the research gods at Gartner. But apparently some vendors objected, leading Gartner to invent yet another category – SSE. The funny thing is? It’s all the same -- it's just a matter of how it's implemented. Both SASE and SSE describe ways to integrate key security functions and acronyms into the network, at the application layer. Typical SASE and SSE functions include advanced threat protection (ATP), cloud access security broker (CASB), secure web gateway (SWG), data loss prevention (DLP), firewall-as-a-service (FWaaS), and intrusion detection system/intrusion prevention system (IDS/IPS).

The differentiation between SASE and SSE comes down to how many functions are included, as well as the architecture -- whether the function is delivered on premises or in the cloud. SSE proponents say most of it can happen in the cloud, while some SASE proponents advocating a hybrid architecture with on-premises hardware and software for deploying these services. Expect to see more of this battle unfold at RSA.

Vendors to watch: Aryaka Networks, Cato Networks, Cisco, Fortinet, HPE (Aruba), Juniper Networks, Palo Alto Networks, Versa Networks, VMware, and Zscaler.

Cloud Security Posture Management (CSPM). The busy cybersecurity acronym bees are at it again. What will they think of next? This relatively new acronym refers to ways to observe, record, and analyze the security of cloud applications and services. The key function is to identify and automatically remediate cybersecurity risks in cloud infrastructure.

Vendors to watch: Aqua Security, Crowdstrike, Microsoft, Orca Security, Trend Micro, Zscaler.

Cloud Access Service Broker (CASB). CASBs are evolving rapidly as they are combined with SASE, and in some cases, CSPM. The functionality typically operates by sending cloud traffic through a proxy to insure it’s safe. It can also be combined with other functions into larger SASE and cloud security platforms. As both SASE and SSE functionality is rapidly increasing and often includes CASB functionality, it will be interesting to see how CASB-focused vendors evolve their strategies.

Vendors to watch: Cato Networks, Forcepoint (Bitglass), Microsoft, Netskope, Palo Alto Networks, Symantec.

Extended Detection and Responses (XDR). The marketing folks in the cybersecurity industry might have gotten bored with Endpoint Detection and Response (EDR), so they came up with XDR, which extended the functionality of scanning for viruses and malicious activity. Typically XDR platforms function by ingesting large amounts of data and use AI/ML to match with risks and threats in many environments – including endpoint devices, cloud workloads, and email. Again, this is an evolution story, as XDR gets merged with cloud security.

Vendors to watch: Cisco, Crowdstrike, McAfee, Rapid7, SentinelOne, Stellar Cyber, Symantec, TrendMicro, VMware (Carbon Black).

Because our security coverage is often geared to the network and cloud side, we’ll be tracking the networking security story – especially because it applies to many of the areas above.

Integration to Play a Larger Role

One of the big questions I have going into RSA is – why are there so many niches? As we look at many of these areas such as API security, XDR, SASE, and CSPM, the story is about integration. The most common challenge I encounter in the cybersecurity industry is that practitioners are complaining about tool and alert overload – they want more integration and automation, not just more things.

People and applications are far more distributed these days. Applications have shifted to a cloud consumption model. Progress in Internet connectivity technology has made more applications accessible using the Internet. Hybrid work means more people working in different locations.

All of this means that application traffic has shifted away from private WANs and toward thecloud and Internet. In addition, major themes such as digital transformation of the workplaceand work from home (WFH) accelerated during the COVID-19 pandemic. They show no signs of dissipating and they have taken deeper hold in corporate IT departments.

This means that more security needs to be baked in more places than ever. And we’ll see a lot of it at the RSA conference next week.