Every year the cybersecurity community gathers to share its collective wisdom on the threats we face and the innovative ways that we’re trying to get ahead of them. RSA Conference is an intense experience but – just like with endpoint security – once you analyse all the unfiltered data coming at you, you get a great insight into where security is headed and what your priorities as a network defender should be. So now that we’re coming down off the high of spending five days with 40,000 people who live and breathe security, what were the key themes and what should we be expecting over the next 12 months?
First is an observation about the way the sector is maturing. Back in the early days, and for a long time after that, security people were paid to not take risks. They were expected to operate as cautiously possible. That’s just not feasible any more. The pace of change in attack types, vectors, and volumes, plus the demands of users, means that if we’re going to have any chance of success, we need to start acting more like our adversaries and being more aggressive in our posture.
This was reflected in the approach of vendors on the conference floor as they showcased the latest technology to detect and mitigate attacks. They were getting a good reception from defenders who realise that they need to start moving at the same pace as their foes – no more signatures sitting on endpoints but instead far more dynamic real time threat handling and analysis. Much of this is enabled through the way we’re using the cloud, but bear in mind that our opponents are using cloud too. We have seen a “generational advance” in the scale and sophistication of the attacks we’re facing; at this year’s conference it felt as though we were finally beginning to adapt to this new normal.
Speaking Of The New Normal: Next-Generation AV
Often, when you STOP hearing about something at RSA Conference, that’s because people have finished talking about it and started doing it. This was the case this year with NGAV. The discussion is over, organisations are getting down to deploying and fine-tuning NGAV to protect their business. My bet is that next year it’ll be cloud-native security that has passed the RSA Conference test and is firmly on the deployment schedule.
GDPR: Readiness Depends On Who You Are
The pendulum of the security industry has a tendency to swing back and forth between security and compliance. For the past couple of years, with cyberattacks grabbing the headlines, it has been the security side that has been in the ascendant. However, the big beast of GDPR is making its presence felt and we heard a lot of talk about the challenges of compliance and companies offering their solutions. The overall feel was that larger companies – who let’s face it have more at stake from regulatory fines – are getting their internal processes in order, but smaller companies don’t really know what’s coming.
All About Cloud
It’s not surprising that one of the key themes of this year’s conference was the cloud, how changes in architecture as we move towards infrastructure as a service will impact security and how we need to plan for that. There were a lot of companies talking about their offerings, and Carbon Black was among them with our Predictive Security Cloud, which leverages the power of the cloud to collect and analyse all of the data coming off endpoints to predict and protect from malicious activity, even if it’s an attack strategy that has not been seen before.
Machine Learning & AI
Machine learning and AI were another big theme and there was a lot of discussion looking at how this has the potential to change the way that we look at security and exploring how advanced algorithms and mathematics are impacting security as we know it.
Linked to this is security orchestration automation and response (SOAR). This is evolving in response to the recognition that we have a skills gap in the industry. It’s hard to get the skills we need to fill all the positions we’d like in our teams, so we’ve got to get better at allowing machines to shoulder some of the work. Organisations are starting to do some serious research into how they can use automation to lift some of the burden and achieve more.
International Cybersecurity: We’re All In It Together
At the conference we heard that the US government is constantly battling nation state attacks. This was echoed on this side of the pond in the recent speech by Director of GCHQ Jeremy Fleming, who told the CyberUK Conference: “hostile nation states are rapidly building and enhancing their cybertools to stay ahead in the global race.” That speech was followed by an unprecedented joint announcement from the FBI and GCHQ confirming that Russia was preparing to launch attacks against critical network infrastructure in both countries. That joint announcement underlined that we need to work collaboratively to counter the level of threat we face.
To that end, Microsoft announced its “Tech Accord,” of which Carbon Black is a part. This is an initiative that calls for a “Digital Geneva Accord” to protect customers and users from cyberattacks. It subsequently calls for greater partnerships within the industry as a whole. Carbon Black has signed up for this initiative and it emphasises something that veteran analyst Mike Rothman, of Securosis, said in a recent webinar: “The bad guys are talking to each other all the time, so should we be. As a SecOps professional you’ve got a million guys out there trying to break you – you don’t want to be facing them on your own.”
That’s my biggest takeaway from RSA this year: it’s good to talk. However strongly our organisations might compete in the commercial world, we’re all up against a threat that we can’t handle individually. It’s only by sharing intelligence, strategy and technology that we’ll stand any chance whatsoever of winning this fight.