All Things Cybersecurity on Display and in Discussion at RSA 2019
Cybersecurity insiders and dilettantes alike came from near and far to San Francisco last week to RSA Conference 2019 to smarten up their security knowledge and visit with vendors touting their latest goodies. And if you were playing buzzword bingo, I think #AI, #CloudSecurity, #DevSecOps, and #zerotrust won the contest for the most abused security buzzwords.
Here are the highlights that caught my eye:
DevSecOps and Kubernetes: Buzz Ahead of Mid-Market Reality
Plenty of vendors talked about container security and microservices. Kubernetes and the concept of microservices are taking the development world by storm, with all major cloud players now moving towards some sort of managed Kubernetes environment. The security corollary in DevSecOps of moving security upstream in the application lifecycle was a persistent theme at RSA, particularly in light of application vulnerabilities like the unpatched Apache Struts vulnerability that led to the now-infamous Equifax breach. While larger enterprise companies find this to be a pressing need, the mid-market customers I spoke with had more basic security hygiene concerns and were not focused on the latest Silicon Valley security buzzwords.
Threat Hunting and Backstory
A few threat-hunting startups talked about using AI and machine learning to improve threat detection. Something I’m quite familiar with, as Arctic Wolf ingests over 25 billion observations per day and uses human-assisted machine learning and threat intelligence to locate bad stuff. Chronicle Security, an Alphabet (Google) company, announced Chronicle Backstory at RSA Conference. After watching their demo and speaking to industry analysts, Backstory seems like a way for large enterprises to create a security data lake rather than doing a skunkworks big data project with Hadoop or facing a big Splunk bill (in fact, Splunk stock price dropped 5% on the announcement).
SIEM in Flux
The security information and Event Management (SIEM) space is seeing some churn with acquisitions (bye bye AlienVault) and new entrants (hello Microsoft Azure Sentinel). Azure Sentinel is a cloud SIEM that is currently in “preview” (the Microsoft equivalent of beta) and there’s no word yet on pricing or general availability. The existing SIEM crowd is probably sweating. The continued challenge, however, still revolves around retaining good talent (the cybersecurity skills shortage) and finding true threats amongst all the noise. Azure Sentinel may prove a better SIEM mousetrap to replace existing SIEMs, but the ability to locate bad stuff and find/retain skilled staff continue to be the more pressing problems.
Staffing Shortages Persist
Speaking of cybersecurity staffing problems, ISACA grabbed some headlines by publishing their State of Cybersecurity report. More than half of information security folks surveyed had unfilled cybersecurity positions in their organization, and 60% of enterprises are waiting at least three months to hire new cybersecurity staff. For those of you looking to combine law enforcement and cybersecurity, the FBI had a large recruiting booth at RSA Conference. If you have problems locating good staff, consider a SOC-as-a-service to solve the problem.
And speaking of SOC-as-a-service, if you stopped by the Arctic Wolf booth at RSA, we hope you enjoyed the conversation and the tchotchkes (we have the best swag!). I hope to see you at RSA Conference 2020!
Learn more about SOC-as-a-service by downloading the Definitive Guide to SOC-as-a-Service!