9 Security Trends To Watch For At RSA 2018

What To Expect At RSA 2018

The annual RSA Conference has grown over the past quarter-century from a small cryptography conference to one of the largest cybersecurity events in the world, with more than 43,000 attendees last year.

More than 550 companies pack two expo floors at San Francisco's Moscone Center to show off their latest advancement and innovations, with seed-funded startups and decades-old platform security behemoths all looking to make an impact.

As we head into the 2018 RSA Conference next week, CRN sat down with executives from five prominent cybersecurity vendors exhibiting at the show to see what trends they're expecting to hear more about at this year's event.

From threat intelligence and security orchestration to DevOps and the capitalistic hacker, here's what some of the leading security minds are watching out for at this year's show.

No More Islands Of Security

Emerging vendors often talk about solving specific problems in specific environments such as cloud, mobile or the Internet of Things, according to Adam Bosnian, CyberArk's executive vice president of global business development.

Thanks to the 2,500 security startups that have been funded in its past four years, Bosnian said businesses now find themselves stuck managing more than 80 enterprise security vendors. This has been increasingly painful for customers, Bosnian said, stretching their attention and bandwidth to the limit.

As a result, Bosnian said customers are opting to move away from islands of security and toward vendors capable of solving a problem in a multitude of environments.

Defense Is No Longer Enough

Organizations are looking to evolve their cybersecurity strategy beyond defense to address issues such as remediation and business continuity, according to Julian Martin, vice president of global channel and operations for Mimecast.

Customers are wishing to move away from the "arms race" mentality where they put new anti-virus or anti-spam protections in place, and bad actors just find a way around it, according to Martin.

Instead, Martin said resiliency has taken center stage, with businesses opting for products that mitigate the risks from business disruption as well as the growing skills gap in the market today.

Security Orchestration Takes Center Stage

The security orchestration space is generating lots of buzz and acquisition activity thanks to the time-saving potential it possesses, according to David Sauer, Recorded Future's director of global channels.

Orchestration will appeal to businesses that want to do more with security than keep their company's name off the front page of The Wall Street Journal, Sauer said. Parts of the organization that value saving time and getting quality data such as the Security Operations Center (SOC), incident response, and vulnerability management teams will put a premium on orchestration, according to Sauer.

For solution providers, orchestration presents a strong professional services play, Sauer said, with opportunities to integrate and streamline offerings from different vendors together.

Inserting Security Into The DevOps Equation

DevOps methodology has increasingly gained traction among customers since it allows programmers to produce software more quickly, which in turn makes it possible for organizations to see their first dollar of revenue much sooner, according to Scott Whitehouse, vice president of channels and alliances for CyberArk.

But with developers taking the straightest and quickest path to completing a project, Whitehouse said security folks often end up not being involved as they should be.

It's important for vendors and solution providers alike to address the risks surrounding speedy DevOps production and ensure that programming models are more secure, according to Whitehouse.

Vulnerability Management Rises Again

Businesses that are constantly reacting to security threats will end up digging themselves deep into a hole, according to Scott Todaro, Recorded Future's vice president of marketing.

Fortunately, Todaro said the tools related to vulnerability management are getting better, allowing people to get a better understanding of the techniques that bad actors are most frequently looking to exploit. What's old has become new again as far as vulnerability management is concerned, Todaro said, with companies exploring the best practices and latest technologies.

As a result, Todaro said companies are investing more in items like machine learning and natural language processing so that analysts and Security Operations Center (SOC) operators can see more data that's relevant to them, which in turn enables them to be more responsive.

Moving From Prevention To Detection

There is a growing realization among enterprise that they need to have a plan for when their walls get breached, according to Israel Barak, Cybereason's chief information security officer.

Until now, Barak said most organizations have oriented their security strategy around building preventative capabilities to deny the adversary access to the network. But as the risk of bypass becomes more residual, Barak said businesses are now realizing there needs to be a plan to invest in resiliency and deep protection.

Barak said solution providers therefore need to move beyond compliance and find the subject matter expertise needed to have a conversation with customers around how to manage risk.

All told, Barak said the industry has shifted its focus from attempting to prevent threats to allowing users to detect a threat as early as possible, and then roll out a proper response program.

The Rise Of The Capitalistic Hacker

The rise of hacking tools means that bad actors no longer have to be super-technical to enjoy success, according to Dan Schiappa, senior vice president and general manager of Sophos' end-user and network security group.

Items such as the Shadow Brokers hacker tools taken from the NSA have been leveraged and monetized to create cloud-based, Ransomware-as-a-Service offerings, Schiappa said. As a result, Schiappa said anyone with money and bad intentions can now wreak havoc.

"They're criminals," Schiappa said. "They just want to make money."

The productization of hacking tools has been vital in the rise of the capitalistic hacker, Schiappa said. That's a big change from a half-decade ago, Schiappa said, when organizations were more concerned about hacktivist activity from groups like Anonymous.

Securing Automated Tasks

More and more traditionally human-centric tasks have been automated thanks to applications doing administrative tasks and advancements about robotic process automation, according to CyberArk CEO Udi Mokady.

But these automated tasks are just as vulnerable as a human would have been in the traditional world, Mokady said. As a result, Mokady said bad actors are increasingly going after automated applications and tasks that would have required privileged access if a human were doing them.

As customers start fresh with running applications in new and modern infrastructures such as the cloud, Mokady said vendors are increasingly been asked to secure management of the applications from the get-go.

Using Threat Intelligence To Identify Security Priorities

The good guys are stuck defending systems that can be old, complex, highly diverse, and spread all over the world, while the bad guys just need to find a single hole, according to Recorded Future CEO Christopher Ahlberg.

Companies often have a lot of older technology in their ecosystem, and Ahlberg said it can be quite challenge to apply modern techniques such as real-time updates in those enterprises.

Businesses are therefore looking for technology that allows them to automate and prioritize how they defend themselves based on intelligence, Ahlberg said.

Intelligence can help businesses determine which updates really need to get done. This is important, he said, since efforts to update everything at once will result in systems getting out of sync, which will create major headaches.