Threat Detection and Response

RSA in Review 2019

Author
Tim Roddy
Vice President, Product Strategy

I think it’s safe to say that we’re collectively taking a big breath and recovering from another monstrous RSA. This year we saw the theme ‘Better’ take over the show – encouraging us all to consider how cybersecurity can improve and how organizations can better their own security outcomes. But isn’t ‘better’ the underlying theme of every RSA? And of every cybersecurity event for that matter…because fundamentally, we are continuously striving to stay one step ahead and secure our organizations against the unknown.

For this blog article though, I’m going to outline what aspects of cybersecurity many of the professionals we spoke to identified as key areas that require ‘betterment’.

Here are the top 3:

1. Reduce risk, not breaches

Trust was a huge theme this year – Rohit Ghai, president of RSA Security outlined the potential for a future in which trust does not exist and impedes human progress. He stressed that in his view, organizations must manage risk in order to define a level of trust and stop trying to eliminate the risk, but instead learn to manage it.

A risk-centric approach to security is what threat detection and response comes down to, in my opinion. A threat somehow, somewhere is capable of breaching your network – it’s how you manage the risk of the breach that defines the extent of impact and an organization’s ability to continue business as usual, or progress as usual. We’ve actually translated this approach to security in our own Terrain-Based Cyber Defense approach. By understanding terrain, you can calculate your risk – or vulnerable attack surface. By manipulating the perception of that terrain to an intruder you can manage that risk. Want to find out more? Check out this blog from our Chief Data Scientist, Dr. Abdul Rahman.

2. Security tech needs to be more integrated

Throughout the course of the show, the call for integration was rallied once again and the CISOs we spoke to often cited this as a fundamental challenge. The sheer number of point products and solutions that organizations have presents an issue in that they do not integrate well with each other and this results in blind spots, and vulnerabilities. Organizations are struggling to understand how many solutions are of value, and how to whittle them down to a simplified, manageable stack without jeopardizing security.

3. Improving M&A security

During RSA we participated in a CISO Executive Network Breakfast, with numerous CISOs from enterprise organizations across the globe, and found the session extremely insightful. Together they agreed that M&A security was presenting a real challenge. The Marriott breach in December is an unfortunate example of what vulnerabilities can be inherited in an acquisition. Organizations are often struggling to gain holistic visibility across acquired environments. In these instances it’s important to take stock of new environments by profiling and classifying IT assets and services including enterprise IoT, legacy systems and shadow IT – from there, vulnerable assets should be identified and threat detection and response strategies put in place to mitigate the risk associate with the acquisition.

In conclusion, there are too many challenges to list – but I think these topics define extremely important themes in security. We must be flexible as vendors and consumers to recognize when change is needed, cybersecurity vendors must embrace integration and collaboration, both within our product offerings, and beyond in order to deliver the most secure, and most efficient solutions to our customers. And as security vendors, we should always be aware that it is our obligation to support, not impede the business growth of our customers.

‘Better’ is a theme in cybersecurity that transcends RSA. We are in an industry where constant innovation is not required but demanded – it is what defines a successful vendor, from one that isn’t. We must religiously listen to our customers to understand the challenges they face, so that we may work tirelessly to prioritize and ‘better’ what truly impacts cybersecurity success.

If you missed us at RSA, you can find found out more about our latest announcements here:

Browse our blog