Heading home from RSA 2018, my main reaction seems to be “wow!” What an incredible display of innovation and brainpower. There were so many startling solutions on display. Also, I really liked the vibe of the show. I’ve been to many enterprise technology conferences over the years and most of them have a hard-sell, “Coffee is for closers” tone. They’re about getting the big accounts to pony up the big money.
Of course, there’s nothing wrong with that. Security is a business, too, and there was plenty of selling going on at RSA. However, the subtext was different. Cyberattacks are a challenge, a national threat, even. People in the security industry are bound together by a sense of responsibility. There’s a shared feeling that it is up to us, to this industry, to protect the United States and other countries, industries, institutions and so forth, from cyber harm.
There’s also a sense of humility. Security people seldom pretend to have all the answers. Instead, coffee is for problem solvers, so to speak. Alec Baldwin would hate it at RSA. That’s okay. We have problems to solve.
RSA 2018 Highlights
I will be writing separately about the many fascinating companies I met at RSA. A few highlights stand out. Conversations with E&Y and PWC revealed that boards are growing far more comfortable with cyber security compared to even just a few years ago. Organizations are prepared to allocate more resources to security now that the risks to business strategies are better understood.
Several early-stage ventures from Israel shared impressive countermeasures. These include an automated, continuous red and blue team simulation, AI-based network monitoring and security solutions for connected cars. Another Israeli company is introducing a highly sophisticated user monitoring solution that can set rules and alerts for specific behaviors.
Trends on Display
The use of artificial intelligence and machine learning emerged as one of the most significant trends at the show. This is not new, though the application of the technology seems to be gaining ground faster than ever. It’s at risk of becoming a bit of a fad, a “me too” phenomenon, but it is striking nonetheless. Everyone seems to recognize that there are simply too many data points to track when monitoring security. There must be machine-aided processes to help mitigate risks.
The role of insurance carriers also arose in several discussions at RSA. Though most agree it is early in the life cycle of cyber insurance, the feeling is that insurance companies will start to exert major influence on security policies and practices in the near future.