All Things Cybersecurity on Display and in Discussion at RSA 2019

March 12, 2019 Todd Thiemann

Cybersecurity insiders and dilettantes alike came from near and far to San Francisco last week to RSA Conference 2019 to smarten up their security knowledge and visit with vendors touting their latest goodies. And if you were playing buzzword bingo, I think #AI, #CloudSecurity, #DevSecOps, and #zerotrust won the contest for the most abused security buzzwords.

Here are the highlights that caught my eye:

DevSecOps and Kubernetes: Buzz Ahead of Mid-Market Reality

Plenty of vendors talked about container security and microservices. Kubernetes and the concept of microservices are taking the development world by storm, with all major cloud players now moving towards some sort of managed Kubernetes environment. The security corollary in DevSecOps of moving security upstream in the application lifecycle was a persistent theme at RSA, particularly in light of application vulnerabilities like the unpatched Apache Struts vulnerability that led to the now-infamous Equifax breach. While larger enterprise companies find this to be a pressing need, the mid-market customers I spoke with had more basic security hygiene concerns and were not focused on the latest Silicon Valley security buzzwords.

Threat Hunting and Backstory

A few threat-hunting startups talked about using AI and machine learning to improve threat detection. Something I’m quite familiar with, as Arctic Wolf ingests over 25 billion observations per day and uses human-assisted machine learning and threat intelligence to locate bad stuff. Chronicle Security, an Alphabet (Google) company, announced Chronicle Backstory at RSA Conference. After watching their demo and speaking to industry analysts, Backstory seems like a way for large enterprises to create a security data lake rather than doing a skunkworks big data project with Hadoop or facing a big Splunk bill (in fact, Splunk stock price dropped 5% on the announcement).

SIEM in Flux

The security information and Event Management (SIEM) space is seeing some churn with acquisitions (bye bye AlienVault) and new entrants (hello Microsoft Azure Sentinel). Azure Sentinel is a cloud SIEM that is currently in “preview” (the Microsoft equivalent of beta) and there’s no word yet on pricing or general availability. The existing SIEM crowd is probably sweating. The continued challenge, however, still revolves around retaining good talent (the cybersecurity skills shortage) and finding true threats amongst all the noise. Azure Sentinel may prove a better SIEM mousetrap to replace existing SIEMs, but the ability to locate bad stuff and find/retain skilled staff continue to be the more pressing problems.

Staffing Shortages Persist

Speaking of cybersecurity staffing problems, ISACA grabbed some headlines by publishing their State of Cybersecurity report. More than half of information security folks surveyed had unfilled cybersecurity positions in their organization, and 60% of enterprises are waiting at least three months to hire new cybersecurity staff. For those of you looking to combine law enforcement and cybersecurity, the FBI had a large recruiting booth at RSA Conference. If you have problems locating good staff, consider a SOC-as-a-service to solve the problem.

And speaking of SOC-as-a-service, if you stopped by the Arctic Wolf booth at RSA Conference 2019, we hope you enjoyed the conversation and the tchotchkes (we have the best swag!). I hope to see you at RSA Conference 2020!

Learn more about SOC-as-a-service by downloading the Definitive Guide to SOC-as-a-Service!

 

About the Author

Todd Thiemann

Todd Thiemann is a Product Marketing leader at Arctic Wolf Networks. He writes and engages in thought leadership on behalf of Arctic Wolf because, as he describes, Arctic Wolf is an innovative security startup that is radically changing how enterprises perform managed detection and response.

You might also be interested in...
Previous Article
How to Stay Ahead of Hackers Targeting Healthcare ePHI
How to Stay Ahead of Hackers Targeting Healthcare ePHI

Networked medical devices impact healthcare security not just because they're becoming widespread. They exp...

Next Article
Debunking Cybersecurity Myths: Part VI—The Dangers of Relying on a Managed Security Service Provider
Debunking Cybersecurity Myths: Part VI—The Dangers of Relying on a Managed Security Service Provider

MSSPs typically have a menu of service options to maintain security infrastructure. Their focus is remote m...

×

Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Company
!
Thanks for subscribing!
Error - something went wrong!