I attended the RSA Conference 2020 last month. I wanted to understand the security market better, due to my work at Google.
The conference was large, spread across all of Moscone Center. Many of the vendors had really high-end displays on the floor.
I attended some talks, but the Expo itself dominated the event. It gave a great picture of where vendors think security dollars are going to be spent.
Threat detection and Security Analytics
The largest segment present. Lots of flash, dashboards and demos. Examples included Exabeam, Splunk, Solarwinds, Google Chronicle, Corelight, Farsight, D3Security, Lastline, Securonix, Anomali.
By the end of the week all these companies blurred into one another, though I must say the Chronicle demo was pretty compelling. Most demos have an element of smoke-and-mirrors, but Chronicle was pretty good.
Lots of vendors in this space too, though I didn’t speak with many of them. “Zero-trust” was the key marketing phrase.
Lots of vendors too. The challenge of securing all those devices attached to the network is clearly an issue, and there are lots of products offering to manage these devices for the CISO.
Governance and Compliance
These software vendors were also present. I was also surprised at the number of DLP vendors hawking their wares.
Not as numerous as I expected, but all the usual suspects were there. Splunk had a very large stand, as had Solarwinds and Sumo Logic. Sysdig were present, and are making an explicit play in the security space.
Another interesting Log Analytics company was Humio, who claim to have really fast search times, due to the way they compress their data. Elastic had not one but two stands, at either end of the Expo, with Kibana dashboards everywhere to see.
Overall there wasn’t a huge emphasis on data collection systems, most of the vendors assumed you had access to your data already, and wanted to show all the cool things they could tell you about it.
I also came across an interesting new security knowledge base called MITRE ATT&CK. It’s like CVE on steroids. Most Threat Detection systems (including Elastic) had an integration story about it.
Finally, the talks I did attend weren’t bad, but were not brilliant either. I think the sheer size of the conference meant that speakers knew a wide range of folks could be at any one talk, so most never seemed to get super-specific, or give me actionable insights. Many were panel discussions.