This year’s RSA Conference (RSAC) was bigger than ever – and I don’t mean that in the rote sense of “more exciting! Action packed! Full of more interesting things to see and learn!” I mean it literally – the physical space used by the conference that promises to showcase new innovative security tools covered more square mileage, and what was there was more densely packed. Good thing I brought my walking shoes.
So, does more equal better? Feedback from our customers and peers points towards the negative.
Simply put, the security solution space is overcrowded. It makes sense – protecting your business, data, and assets from online threats is more of a concern now than it’s ever been. And certainly the market has reacted as one would expect, by growing exponentially. Standing shoulder to shoulder, vendors clamor for your attention, nearly every one guaranteeing they’ve got innovative security tools that will provide the assurance you’re seeking.
Our team is uniquely positioned in this market. Our role is not to make empty promises to customers, standing between them and cybercriminals with a cape and tights. On the contrary, our customers depend on us to separate the wheat from the chaff, as it were. Customers expect us to point them to the practices and technologies that can materially improve the maturity of their security program. It requires a trained eye, to be sure, to identify these innovative security tools.
So what does CBTS look for in an enormous expo hall like RSAC’s? How do we pick our winners?
Execution is critical. More than what you say you can do, I want to hear success stories from your customers. What did their deployment look like? What other solutions did it displace or complement? What kind of staff does it take to admin and use? What kind of risk did it mitigate, and how? What threats did it stop or detect that couldn’t have been found otherwise?
Following standards is a personal big-ticket item for me. I was quite pleased to see how many vendors have adopted the MITRE ATT&CK Framework as a taxonomy to describe the kinds of threat tactics and techniques they can impact. If a vendor starts off the conversation by telling me the CIS Top 20 control category in which they fit, or the NIST 800-53 requirements they satisfy, I’ll be smiling ear to ear.
The vendor that under-promises and over-delivers is valuable in my book. Claims that a product can solve all my security problems, or detect and stop every zero day exploit forever, will make me roll my eyes and move on. I want technology that solves very specific problems, tells me what it can do and what it cannot, and doesn’t try to boil the ocean. No product – no vendor alone, even – can satisfy every security need we have. Realism does the customer and the market a lot of good.
Finally, innovation is at the top of my list. I look for technology used in truly new and interesting ways, and occasionally, I’ll find something new under the sun. Today anyone can cook up a fancy dashboard and an attractive, flashy UI. However, most of them are sitting atop the same approach as their conference floor neighbor. If I walk away from your booth and think, “huh, I’ve never seen anything like that before, and I think it could actually work!” that’s a healthy sign.
The SIEM space is a great example of a market segment where we’re starting to see more innovation. Here are three high-profile new offerings we saw announced around RSA:
Most interesting, though, were the licensing models for these three products:
So the next time you’re elbowing through a mass of people in a conference hall with the swag flying left and right, keep these criteria in mind.
And remember, CBTS has been helping customers leverage innovative security tools since 2005. Please contact us and let us know how we can help your organization.