Unity, diversity, and GDPR – my takeaways from RSA 2018

Last week we attended RSA, where industry leaders from across the globe convened to share their thoughts on the state of cyber-security. As always, the show was big, flashy and very noisy – and, it turns out, swag is still in fashion.

As always, the show was a good opportunity not just to see the cool new offerings from the big players but also to see the many innovations that new start-ups are bringing to the security table. And it’s, of course, a great opportunity to catch-up with familiar faces and connect with new ones to get a real feel for the current state of play and new trends of thought within our industry. Here’s a round-up of my key takeaways from the conference.

It’s time for consolidation

This year a quite a few companies were focusing on solutions for Endpoint Detection and Response (EDR), threat hunting and analytics, with many interesting technologies attacking this issue from a variety of different directions. However, working out what’s needed will be further complicated if organizations may already have sensors in the network or agents on the end-points. I don’t envy the CISO who has to make sense of it all, or even actually start deploying multiple technologies, in addition to the many existing ones they already have in place.

I came away from the conference feeling that there are simply too many point solutions available, and believing that what customers actually need is some consolidation, or at least tight integrations. In other words – EDRs and threat hunters of the world – Unite!

Established players diversify

Another key interesting trend was that the large, established firewall companies are beginning to expand into additional fields to become wider security solution companies. Check Point for instance showcased its Infinity Architecture which provides protection across the network, endpoint, mobile devices and cloud infrastructures while Palo Alto Networks revealed its new application that provides threat intelligence based on Microsoft Graph entities.

While this is of course a very important step towards further growth and remaining relevant, it is also a sign that the market is responding to the evolving threats that organizations are now facing. Perimeter is not dead, but it’s definitely not the only security measure.

Cutting through the GDPR noise

Perhaps unsurprisingly, there was a lot of noise about GDPR – the EU General Data Protection Regulation (GDPR) that comes into force in May 2018. It applies to any business with operations, customers, suppliers or partners within the EU and seeks to protect the personally identifiable information of EU citizens.

It’s clearly a significant piece of legislation not least because it gives regulators the power to fine organizations, up to €20m or 4% of a firm’s annual turnover, if they fail to adequately safeguard customer data against a breach or fail to report it to the supervisory authority within 72 hours. So understandably many vendors are seeking to provide solutions that help businesses avoid falling foul of the regulation.

However, while I understand that some companies can actually help us get ready and be compliant, I got a bit tired of seeing many companies wave that 4-letter acronym around with nothing much behind it. As such it’s clear that organizations need to be very careful about selecting a ‘GDPR solution’ and ensure that the vendor has a practical solution rather than simply looking to ride the wave without really doing much to help.

Customers are king

Last but certainly not least, it was great meeting some of our customers and prospects, and discussing some advanced uses of our technology. It’s always inspiring talking with the people who actually face security management challenges on a day to day basis, hearing how our solution helps them, and finding out what we could do to further improve our solution.

Looking forward to seeing you at RSAC ’19!