Government Action, Threat Deception and Diversity: Our Biggest RSAC Takeaways
Carolyn Crandall, Chief Marketing Officer
All eyes were on the RSA Conference last week and the industry buzz following the event has yet to slow down. The Attivo Networks team was there showcasing our Threat Deception “Hall of Mirrors” exhibit, which drew much interest and intrigue. We met with some of the best and brightest in security and met with many customers and prospects to discuss the increasing value of threat deception technology and provide insights into how organizations are using this technology to improve their active defense strategy. So, straight from the halls of the Moscone Center, here are a few highlights from this year’s RSAC:
The Call-Out for Government Action
One of the most talked about keynotes of the conference came from RSAC President Rohit Ghai, who shared his positive outlook on the security industry and detailed the growing importance of prevention. Contradicting Ghai’s outlook however, US Secretary of Homeland Security Kirstjen Nielsen expressed her belief that the future of cybersecurity looks rather dim. Nielsen urged attendees to view cybersecurity as a national imperative, as threat actors become more sophisticated and “sinister” than ever before.
While Ghai and Nielsen have conflicting outlooks on the industry, they did align on one thing: the increased need for government action and policy. This echoes our own sentiments, most recently discussed in an article in SC Magazine on the Active Cyber Defense Certainty Act (ACDC). In short, before individuals and organizations are given the green light to “hack back”, government policies and regulations should be considered.
At RSAC, it was clear that the greater cybersecurity industry agrees that increased government action is needed. Due in large part to organizations’ collective reaction to the absence of proactive and effective government policy, more than 30 companies signed the Cybersecurity Tech Accord, a pledge to protect users from cyberattacks.
The Focus and Investment Continues to Shift to Threat Detection; Big Tech Joins in
Also making noise at the show, technology leaders Intel, IBM and Trend Micro, launched or expanded their threat detection offerings. The emergence of these big players within the detection market shows that, as a whole, companies have been too focused on keeping threats out instead of working to minimize the impact once bad actors are in the network. Oh, how the tides are shifting!
As threat detection continues to gain traction, it’s more important than ever for organizations to understand the different types of solutions available and why some stand out among the pack. Unlike other offerings that are retro-fitted to include threat detection, Attivo’s technology is purpose-built to provide the most-easy to deploy, accurate and comprehensive deception for early threat detection and the integrations to accelerate incident response. Based on customer adoption, Attivo is proving to be one of the most versatile options for active defense, with a wide range of organizations from the mid-market up to the Fortune 10 embracing the technology.
I was also pleased to see deception again be recognized in the Innovation Sandbox, which recognizes top 10 companies and their innovations each year. Attivo Networks sales are too high to qualify for this award, however we are still thrilled to see the technology being recognized for the impact it is making to cybersecurity.
Diversity in the Workforce – and at RSAC
Diversity in the workplace was a hot button issue at RSAC. The lack of diversity in this year’s keynote lineup, prompted a collective sigh and disapproval marked by the creation of OurSA, a pop-up conference that highlighted women and minorities in security. The topic of gender diversity in the tech industry and the conversation around this is nothing new, but clearly at this year’s RSAC, the disappointing reality came under the microscope. In addition to OurSA, the conversation around diversity was reignited when Cisco’s John Stewart came out and stated that the industry would benefit from equal representation in its ranks.
Along with the lack of diversity in the workforce, we noticed that deception technologies and other new innovations were not broadly showcased at RSAC this year. Despite over 100 program curators, the organizers put too much focus on the well-known topics of GDPR, AI, machine learning, data security and staffing. It is not that these are not critical topics, they are. Unfortunately, though, overemphasis on these and other known security issues snuffed out the ability for new innovation to score a spot on the agenda. Although the Innovation Center had some impact in highlighting emerging technologies, several deception technology sessions were rejected for the past two years and only one made the cut in 2018. And it was a sponsored session. That said, we’re pleased to hear that the industry’s other “must-attend” cybersecurity event, Black Hat, will have several deception technology and Active Defense sessions this year.
At RSAC, we were encouraged that the industry came together to discuss important security matters like the need for government action, the importance of threat detection, architecting data security, and diversity in the workforce. What were some of the big trends and themes you noticed and what do you expect for to see at RSAC 2019 (March 4-8)?