RSA Bound: Thoughts from a First Timer and Industry Newbie, Part 4

That’s A Wrap

RSA was quite the experience. But now, I’m back to reality. I can’t be sure if overwhelming is the right word to describe my experiences at RSA, but I was certainly busy.

RSA Keynote Themes

Overall, besides from endless lines, I heard several reoccurring themes from the keynote sessions. First, as an industry, we needing to do a better job of working together in collaboration to fight cyber criminals. According to many speakers, simply having an API doesn’t cut it anymore. Second, and not surprisingly, threat actors are becoming more sophisticated and have more resources than ever at their disposal. Finally, the Internet of Things (IoT) is going to make everything harder, while the Cloud is predicted to make everything easier.

Track Session Themes

The various track sessions I attended built on the keynote subjects. Specifically, I got a lot out of the sessions that discussed the massive amounts of data being generated in today’s IT landscape, and the challenges associated. These challenges range from the collection and interpretation of the data, how to protect and manage the data, and how to obtain valuable and usable data from the data itself. In any case, just like the keynotes, it’s clear that there is a need for further collaboration between companies and the government to ensure a manageable, if not consistent, strategy is applied in the face of increasingly motivated threat actors.

Which brings me to another point: Many of the track sessions commented that malicious actors in the space are now coming in many forms. Attackers may be a foreign actor hoping to gain IP or influence policy via highly advanced and customized campaigns. Or attackers could be a domestic group motivated by financial gain who are using inexpensive, off-the-shelf services to conduct cybercrime-as-a-service. Either way, the proliferation of devices, users, and the general intertwining of our personal and business lives have left individuals and organizations at more risk.

What the RSA Show Floor Was Buzzing About

The show floor was packed with big, niche, and small vendors alike. The niche players seemed to be focusing on technologies such as User and Entity Behavioral Analytics (UEBA), or security orchestration, automation, and response (SOAR). I anticipate that most of these groups probably have a limited shelf-life, but they are doing cool things nonetheless in their respective fields. That said, after scoping the competition, LogRhythm maintains a strong position in both of these markets, with our newly updated User Threat Detection Module and our Case Management functionality.

AI and machine learning (ML) were other hot topics. However, I found that if I pressed a SIEM vendor on this subject, most were unable to provide details into how they were actually applying the topics. As I mentioned in my previous blog, buyer beware. If a vendor is using AI and ML, make sure you understand what the actual offering is beyond the marketing hype.

In a nutshell, RSA was great. It was wonderful to hear where the industry, our competitors, and cyber criminals are headed. It’s also encouraging to affirm that LogRhythm and our strategic partners are aligned with the industry and our customers from a tactical and strategic perspective.

For those of you that plan to go to RSA next year or another major conference, here are a couple points of advice:

  • Make sure you have a plan.
  • Understand that you’ll deviate from your plan by the end of day 1.
  • Don’t try to make it to every booth, session, keynote, or party.
  • Have fun!

Will I return in 2018 or make an appearance at BlackHat? Stay tuned…