RSA Conference: It's like the Wild West out there
With the number of vendors in the cybersecurity space increasing at an unprecedented rate, what should the channel be on the look out for this year?
Cybersecurity crept into the mainstream media in the US a number of years ago, in light of high-profile attacks on the likes of Home Depot, Target and Sony.
More recently, Yahoo saw one billion of its accounts hacked, and a DDoS attack on the internet itself last year took down the likes of Twitter and Netflix.
It was the TalkTalk hack back in 2015, and the months of fallout that followed, that caught the eye of the UK and since then the government has become more and more vocal when addressing the cyber threat.
Last November Chancellor of the Exchequer Philip Hammond crashed Microsoft's Future Decoded event to launch the government's £1.9bn cyber defence scheme and in February the Queen opened the new National Cyber Security Centre.
The rise of the cyber hacker has led to a swell in the number of cybersecurity start-ups coming out of Israel and Silicon Valley - making the industry-leading RSA Conference in San Francisco last month the biggest yet.
The 2017 instalment saw a record 43,000 attendees and around 1,500 vendors on show.
But while the mainstream attention that cybersecurity is getting has been effective in raising the profile of the industry, it has led to mass VC investment and an unprecedented wave of start-ups saturating the market.
"It's like the wild west," said Sean Remnant CSO at UK distributor Ignition Technology. "There is a lot of noise, there is a lot of marketing, and a lot big stands which seem not be substantiated by the amount of revenue some of those vendors are actually generating. It was very interesting.
"There is so much fuss that I guess it's why you need the UK channel to be able to filter out the noise. The amount of vendors is just ridiculous and I think we'll see a bit of a shake out over the next year or two because I don't think that can be sustained."
So when you strip back all the hype and marketing, what were the key themes from this year's event?
Endpoint Security
Vendors in the endpoint security space continue to kick up the most fuss. According to Dave Polton,director of innovation at NTT Security, endpoint security vendors were out in force in San Francisco, making it increasingly difficult to separate the weak from the strong.
"There was a lot there still going on and what concerns me about all these areas is they are not really a step change; they're all just slightly better than what was going on before.
"What I was looking for was people to challenge me and show me a step change, but this is all just a slightly better option that might appeal to a smaller subset of the market."
The endpoint security market undoubtedly stole the headlines at RSA, with testing house NSS Labs releasing its controversial endpoint protection testing report at the event - much to the disgust of Crowdstrike which failed to obtain an injunction in US court stopping the publication.
Crowdstrike claimed that NSS Labs had unlawfully gained access to its products for the test and accused it of having "unethical" testing methods, which NSS Labs denied.
The results of the testing process saw Crowdstrike score significantly lower than a number of its competitors - both emerging vendors and traditional vendors - but the argument over the validity of testing methods means that the channel is none the wiser as to who is the market leader in the space.
"I had conversations directly with Crowdstrike and the NSS Labs people and they simply disagree about the facts; and I don't know how to reconcile that and how the consumer would reconcile that either," said Herjavec Group VP Matt Anthony.
"On the floor it was more than ever a complete cacophony of vendors telling everybody that they've solved the endpoint problem.
"It was all about the endpoint, people were talking endlessly and there were so many differing views about how to solve that that it creates a lot of confusion for users."
CASB
While endpoint security continues to be the superstar of the security splace, one area seems to be making an unexpected comeback.
Cloud access security broker (CASB) vendors were popping up all over the place a couple of years ago, only to be snapped up and bolted on to larger players.
In 2014 Imperva acquired startup Skyfence; in 2015 Microsoft acquired Adallom and Blue Coat acquired Elastica; and in September last year Oracle acquired Palerra.
More recently, Forcepoint acquired CASB vendor Skyfence, and newcomer Bitglass launched in the UK and was profiled in CRN's Emerging Technology Hub.
Bitglass also won a Cybersecurity Excellence Award at RSA, in the category for start-ups with between 50 and 100 people.
"Cloud is still massive," Polton said.
"We've seen loads of CASB vendors come out over the last couple of years, but there are still new CASB vendors popping up which is really bizarre. I would have thought it's getting to a point where it is much more of a feature.
"Skyhigh [Networks] are still there, they had a massive stand, but it's amazing to see how many CASB vendors are still popping up."
Deception
Deception was also picked out as being a prominent theme at the event by both Remnant and Polton. Deception techniques set a number traps and decoys around the network that will trigger an alert when tripped by an attacker.
Polton said that Deception's presence at RSA was bigger this year, but that it could be tricky for new entrants to gain traction quickly.
"Deception was another one that was quite big and there are loads that have come out like Illusive Networks and TrapX," he said. "[But] deception is a bizarre market.
"While the technology and the idea is fantastic the take up in the market is pretty slow, so I think anyone in that space is going to struggle a little bit."
Remnant however said that deception is becoming an increasingly popular option for enterprises who are struggling to deal with the amount of data generated from the numerous security solutions at their disposable.
Ignition is Illusive Networks' sole distributor in the UK.
"Deception as a space is getting hot," Remnant said. "One of the key themes is, and this is what I was looking for at RSA, people are looking to reduce the signal-to-noise ratio.
"What I mean by that is in realistic terms the noise is all the events and logs that all this security equipment generates and enterprises find it hard to sift through it, so I think there is a push towards more automation in that area and smarter solutions that return a quicker time to value for the customers.
"CSOs that have been buying all this equipment for so long are still realising that it's not really working so there is going to be a shift in approach I think."
Mobile and IoT
As the term ‘Internet of Things' becomes more recognised, more and more vendors are starting to think about how to secure the growing number of devices connected to the network.
Herjavec's Anthony said that, while IoT security was a key theme at RSA, no vendor has really hit the nail on the head yet.
"The line at the conference, it's not mine but I heard it a couple of times, was ‘The letter S in IoT stands for security'.
"People are still talking about last year's DDoS attack [that took down the likes of Twitter, Paypal and eBay using IoT devices] and using that as the bogeyman to talk about the future and I think we're going to see more of those attacks.
"There's a lot of talk about IoT but security just isn't in the equation for a lot of people producing the devices. Retrofitting security on top of that is a micro-segmentation exercise which is still beyond the ability of most enterprises, let alone small businesses.
"That sector is going to get a lot more complicated before it gets simpler."
Time standing still
While RSA was full to the brim with shiny new start-up vendors, it seems the saturation in the market is making it difficult to pick out clear leaders in sector.
In years gone by a select few vendors would have taken centre stage and blown the RSA conference away with a ground-breaking new approaches to cyber security, but this year was very much a case of building on what is already out there.
"To be honest from the show floor and vendor presentations if you'd blindfolded me and taken me back in time to 2016 RSA I wouldn't have noticed the difference," he said. "2016 and 2017 on that level were hauntingly familiar," Anthony said.
"The issues of dealing with malware and ransomware, those technologies are there but there needs to be a lot of consolidation around those technologies and clear market leaders need to be established.
"I don't ever want to say 'I want to kill innovation and that all the start-ups with a better idea shouldn't flourish', but it certainly is a wide field for people to sort their way through."