With the RSA 2015 Security Conference Behind Us, What do I do Now?

Observations

Before long, RSA will be a distant memory. This was the year that people started to realize that spending additional dollars on yesterday’s solutions to address today’s new security problems isn’t a winning strategy. Several keynote addresses (that seemed somewhat controversial) reflected this reality. Some of the larger vendors at RSA that have been hyping evolutionary advances on top of traditional technologies actually took to the stage to tell everyone else that security mindsets have to change. Some on panels said that not having enough good people on staff is the problem but didn’t really address where these new skills professionals would come from.

A few attendees continue to adopted a strategy of moving around the edges of the exhibit halls where the “rents are lower” looking for the new emerging solutions to current security problems. These attendees were rewarded with views of solutions built on new ideas addressing today’s hard problems.

There were a number of new solutions at the exhibit show floor that monitor for anomalous behaviors. Intentionally, none of these new solutions start with known attacker behaviors. The newer network and endpoint solutions place more emphasis on unknown attacks. The word “prevention” is slowly being scrubbed out of product literature and out of the minds of security professionals. No one is talking about preventing attacks. The goals have changed to reducing time to detection or time to containment of a threat. Finally, user interfaces have begun to change from the traditional dashboards and massive visualizations that fight for attention to simpler more Facebook-like consumer-based interfaces that prioritize what’s important.

What does all this mean? The Security Mindset has Started to Change

To the extent it can be, the perimeter is dealt with, and, at the same time no longer as relevant as it once was. Most organizations have deployed technologies and developed processes around information from initial compromise detection solutions (IPS, Firewalls and AV). Security information and event management systems (SIEMs) correlate data from these sources with asset data and vulnerability data to reduce the number of false positives. However, BYOD and increasing connections through the perimeter for business partner access have turned the perimeter into Swiss cheese.

The effectiveness of solutions built on constructs from ten to fifteen years ago and the processes built around them are being seriously called into question. Security pros we spoke with were looking for solutions that address organization’s security not as a single isolated entity but as a connected ecosystem of partners, servers, applications and mobile devices on-prem and in the cloud. Access and credentials are what connect all these systems and credentials are increasingly what attackers want and get.

The behavior-based solutions were the products on the trade show floor that seemed to get the most buzz. They that use machine learning to understand what’s normal so it can be peeled back to reveal behaviors that are divergent. The other thing they told us is that a solution can’t be another “noise maker.” It needs to provide SecOps efficiencies. Solutions that can prove effective in both detection and generate efficiencies will get purchased. It’s safe to say that security teams are open to new solutions they can build new processes around because what they have now won’t make them successful.