Written By Logan Gilbert And Presented By Chuck Leaver
After spending a couple of days with the Ziften team at the 2018 RSA Conference, my innovation viewpoint was: more of the very same, the typical suspects and the typical buzzwords. Buzz words like – “AI”, “machine learning”, “predictive” were wonderfully worn-out. Lots of attention paid to avoidance, everyone’s favorite attack vector – e-mail, and everyone’s preferred vulnerability – ransomware.
The one surprise to me was seeing a smattering of NetFlow analysis companies – great deals of smaller businesses attempting to make their mark using a very abundant, however tough to deal with, data set. Extremely cool stuff! Discover the small cubicles and you’ll find lots of innovation. Now, to be fair to the larger suppliers I know there are some genuinely cool innovations therein, but RSA hardly lends itself to seeing through the buzzwords to real value.
The Buzz at RSA
I might have a biased view because Ziften has actually been partnering with Microsoft for the last 6+ months, however Microsoft seemed to play a much more prominent leadership role at RSA this year. Initially, on Monday, Microsoft revealed it’s all new Intelligent Security Association combining their security partnerships “to concentrate on defending customers in a world of increased risks”, and more importantly – reinforcing that defense through the sharing of security intelligence throughout this ecosystem of partners. Ziften is naturally proud to be a founding member in the Intelligent Security Association.
In addition, on Tuesday, Microsoft announced a ground breaking partnership with many in the cybersecurity market called the “Cybersecurity Tech Accord.” This accord requires a “digital Geneva Convention” that sets norms of habits for cyberspace just as the Geneva Conventions set guidelines for the conduct of war in the physical world.
People who Attended the RSA
A true interesting point to me though was the makeup of the exhibition attendees. As I was also an exhibitor at RSA, I kept in mind that of my visitors, I saw more “suits” and less t-shirts.
Ok, perhaps not suits as such, but more security Managers, Directors, VPs, CISOs, and security leaders than I remember seeing in the past. I was encouraged to see exactly what I believe are business decision makers taking a look at security companies in the flesh, as opposed to doling that job to their security group. From this audience I frequently heard the same overtones:
– This is overwhelming.
– I can’t discriminate between one technology and another.
What I saw less of were “technology trolls”. What, you might ask, are technology trolls? Well, as a vendor and security engineer, these are the people (constantly guys) that show up five minutes before the close of the day and drag you into a technical due diligence exercise for an hour, or a minimum of till the happy hour celebrations begin. Their objective – definitely nothing useful to anyone – and here I’m assuming that the troll in fact works for a company, so absolutely nothing useful for the company that in fact paid countless dollars for their attendance. The only thing gained is the troll’s self affirmation that they are able to “beat down the vendor” with their technical expertise. I’m being extreme, but I’ve experienced the trolls from both sides, both as a seller, and as a buyer – and back at the home office nobody is basing buying decisions based on troll suggestions. I can just assume that businesses send tech trolls to RSA and comparable expos due to the fact that they don’t desire them in their office.
Holistic Security Conversations
Which brings me back to the kind of individuals I did see a lot of at RSA: security savvy (not simply tech savvy) security leaders, who understand the corporate argument and decisions behind security technologies. Not only are they influencers but in a lot of cases business owners of security for their respective organizations. Now, apart from the previously mentioned concerns, these security leaders appeared less concentrated on a technology or particular usage case, however rather a focus on a desire for “holistic” security. As we understand, excellent security requires a collection of technologies, policy and practice. Security smart consumers would like to know how our technology fitted into their holistic solution, which is a refreshing change of dialog. As such, the types of concerns I would hear:
– How does your innovation partner with other products I already use?
– More importantly: Does your company actually buy into that collaboration?
That last concern is critical, basically asking if our collaborations are just fodder for a site, or, if we really have an acknowledgment with our partner that the whole is greater than the parts.
The latter is what security experts are searching for and require.
Overall, RSA 2018 was terrific from my perspective. After you get past the lingo, much of the buzz focussed on things that matter to consumers, our market, and us as people – things like security partner communities that add worth, more holistic security through genuine partnership and significant integrations, and face to face discussions with company security leaders, not innovation trolls.