10 Security Trends To Watch For At RSA 2017
What To Expect At RSA 2017
The annual RSA Conference in San Francisco is hands down the biggest platform of the year for security startups and legacy vendors alike. With more than 30,000 attendees last year, and this year projected to be even larger, the conference attracts companies from the very first stages of funding all the way up to the biggest multibillion-dollar vendors. As we head into the 2017 RSA Conference next week, CRN sat down with three top cybersecurity venture capital executives to see what trends they are on the lookout for at this year's event. From artificial intelligence to the Internet of Things to security automation and orchestration, there's plenty to watch out for at this year's show – take a look.
Artificial Intelligence
RSA events of years past have seen user behavior analytics, anomaly detection and next-generation endpoint security take center stage. However, as we head into RSA 2017, Rick Grinnell, founder and managing partner of Glasswing Ventures, said he expects to see growing emphasis on artificial intelligence solutions. Trident Capital Cybersecurity Managing Director Sean Cunningham agreed, saying that the buzz around artificial intelligence seems to be gaining steam over predecessor offerings in the user behavior analytics and machine-learning markets. Helping drive that shift to artificial intelligence-based offerings is a growing talent shortage in cybersecurity, Grinnell said, which is pushing companies to embrace offerings that can lessen the need for human analysts.
Security Consolidation
Over the past year, there has been a wave of security market consolidation, driven in large part by the larger vendors. One notable example of that was Symantec's two blockbuster acquisitions of Blue Coat Systems and LifeLock last year, as well as IBM's acquisition of Resilient Systems. Glasswing Ventures' Grinnell said he expected to see those big-name vendors – especially Symantec – touting their acquisitions at the show. 1011 Ventures' founder and General Partner Mark Hatfield said he also expects to see the midsize companies that have received significant venture capital funding, such as Cylance and Crowdstrike, have acquisition rumors swirling around them at the show.
"This is a great opportunity for tuck-ins for the next wave of companies. I expect you will see take-outs that are not huge," Hatfield said. "I think the next wave of companies … will all be active in acquisitions in terms of technology and talent to augment their existing product lines."
Analytics Become Mainstream
At last year's RSA, startups in the user behavior analytics space were some of the hottest companies on the show floor. Glasswing Ventures' Grinnell said he still expects to see analytics as a topic this year, but that stand-alone, broad-based analytics solutions have plateaued. He said he expects to see analytics offerings be either extremely focused on a single use case, or integrated into a broader platform, such as security incident and event management (SIEM).
Talent Shortage
A shortage of talent is an ongoing challenge in the security industry, and venture capital executives said they expect that trend would once again be a top topic of conversation at RSA. Glasswing Ventures' Grinnell said he expected it to drive discussions around security professional training and cause technologies like automation, artificial intelligence, orchestration and managed security services to take a front-row seat at the show.
Security Automation And Orchestration
Security automation and orchestration are going to be a "big space" at RSA 2017, 1011 Ventures' Hatfield said. Big companies have recently bought into the market, most notably IBM with its acquisition of Resilient Systems and FireEye with its acquisition of Invotas. Glasswing Ventures' Grinnell said he expected to also see SIEM vendors jumping further into the space, including IBM and Splunk. However, startups in that space have also gained traction, including companies such as Phantom, Demisto and Hexadite, Hatfield said.
"This market has been maturing," Hatfield said. "That whole space has evolved."
Third-Party Risk
1011 Ventures' Hatfield said third-party risk assessment vendors might not be the "sexiest" security topic on the show floor, but it is a market that is gaining some traction. He said companies such as Security Scorecard and BitSight Technologies are gaining traction as businesses realize the weakest link in their security ecosystem might be their third-party vendors and suppliers. A notable example of this was the Target mega breach, where hackers were able to steal millions of shoppers' credit card data through the company's HVAC vendor.
Internet Of Things
The Internet of Things always has a lot of buzz headed into RSA as a new threat vector, but venture capitalists said 2017 could be the year that the technologies start to gain serious traction. Driving that, in particular, is the Dyn DDoS attack last fall, where the Mirai botnet leveraged unprotected IoT devices to cause widespread internet outages across the East Coast. 1011 Ventures' Hatfield said venture capital money continues to flow into IoT security startups and predicted the market will soon come to a head.
"It's a huge market and it is still in its early days. It's coming. You can see it coming, but it wasn't there last year. … This year may be a tipping point," Hatfield said.
Rise Of MSPs
1011 Ventures' Hatfield said he expected to see a lot of attention being paid to managed security services at RSA this year. Trident Capital Cybersecurity's Cunningham agreed that MSSPs will be one of the big focuses of the year. He said he sees companies of all sizes, from the smallest to the largest, more sophisticated ones, looking to leverage managed services for security. Driving that is a growing talent shortage in security, he said.
"If companies can't hire that talent, then they are looking to leverage best-of-breed by someone who can. We're seeing an increase in that type of offering to even the largest organizations," Hatfield said.
Endpoint Market Maturity
The pendulum swung in the security market over the past few years to the endpoint security market, prompting the formation of a new wave of security startups and breathing life into some of the legacy vendors. Going into RSA this year, Trident Capital Cybersecurity's Cunningham said this year will see the endpoint security market maturing, with incremental venture capital financing and the beginning of consolidation in the space as companies realize endpoint security alone won't fill the security gap in their organizations.
Mobile Security
The venture capitalists agreed that mobile security is a market that hasn't really hit its stride yet, but one that they would be watching closely for innovation going into RSA 2017. 1011 Ventures' Hatfield said he expects to see the "spotlight back on mobile"this year. He said his firm has not yet done an investment in a mobile security company, but he said it is an important area as the market continues to evolve. Trident Capital Cybersecurity's Cunningham agreed that traction in the space has been slow, but he said a high-profile breach around mobile is inevitable.
"We feel like mobile is a matter of when, not if. It is very probable that 2017 is going to be that year. You are seeing more money going into that space," Cunningham said.