This was originally published on on April 30, 2015.


With cybersecurity commanding national headlines on a daily basis, RSA Conference was bound to be a frenzied week of white-hot hyperbole and meetings with old friends, and it didn’t disappoint.  I found it an incredibly energizing week that clarified many trends we’ve been seeing in the market.  The high-quality conversations we had with customers, partners, analysts and journalists provided Invincea a unique view into where the market is going.

While there were enough presentations, demos, private briefings and parties to fill a month of posts, this recap covers five takeaways that we believe are essential to understanding the security industry today.

The Innovation Sandbox – Looking Ahead, Reflecting on the Past

Kicking off the week, the Innovation Sandbox offered a look at some of the hottest up & coming vendors.  Their technologies spanned a wide range from application security and physical identification to network security and user behavior analytics.

With 10 promising startups vying for attention, the judges ultimately found two most promising: Waratek and Ticto tied in the voting, with Irish firm Waratek eventually taking the crown – the first non-North American champion.  Waratek attempts to protect Java by embedding security in the run-time layer, as opposed to the app itself.  In many ways it is trying to fix Java, which is ironic since Java was first touted as a secure runtime environment based on use of a type-safe language.  In a completely different part of the security world, Ticto inspired the Innovation Sandbox crowd with their next-generation ID badges.  Ticto’s solution, which they call “visual crowd authentication”, visually identifies if the individuals in a given place are qualified and authorized to be there.  Think of use cases at construction sites, airports and medical facilities.

Monday also celebrated 10 years of RSAC’s Innovation Sandbox winners, with a reunion of past winners in the Gallery of Victors and this high-octane video.  Innovation Sandbox 2011 winner Invincea CEO Anup Ghosh participated with past winners, including Marty Roesch, CTO and Founder of Sourcefire, who won the first Innovation Sandbox competition in 2005.  In addition, both participated with Jason Chan (Netflix) in a panel discussion moderated by Rick Holland (Forrester Research) on buying vs. building security solutions.

“No More of the Same” – A Call to Action

The next morning, RSA President Amit Yoran laid out a multi-point plan to deal with the new security landscape.  “If I could come up with a theme for this year’s conference it would be: No More of the Same,” Yoran previewed in a Fortune interview. “Let’s do things differently; let’s think differently; let’s act differently. Because what the security industry has been doing has not worked.”

Starting his keynote with the observation that even advanced security solutions are not 100% effective, he recommended pursuing greater visibility of endpoints, the network and the cloud – core requirements of a modern security program.  He also called on enterprises to take a measured approach to intrusion response.  Rather than immediately eradicating an attack when it’s discovered, he urged audience members to carefully study it, so they can understand the full scope of the attack and better strengthen their overall security posture.  Yoran further highlighted identity and authentication, automated threat intelligence sharing, and asset management and prioritization as areas to focus on.

Public/Private Collaboration – A Critical but Bumpy Road

White House Cybersecurity Coordinator Michael Daniel in BeatTheBreach Town Hall

RSAC became the epicenter in the ongoing discussion of the roles of public and private sectors in cybersecurity.  Senior government officials left the power corridors of DC to venture west and engage with Silicon Valley movers and shakers – suits meets jeans and track jackets.

Nowhere was this more visible than at the BeatTheBreach Town Hall on Public-Private Threat Intelligence Sharing co-hosted by Invincea and CSM Passcode, with Dell as platinum sponsor.  This unique forum paired senior government cybersecurity leaders with private sector executives, interviewed by CSM Passcode journalists, Hardball style.  The Town Hall enabled the audience to participate in the discussion as well.  White House Cybersecurity Coordinator Michael Daniel sparred with RSA President Amit Yoran regarding incentives for sharing threat intelligence and encryption.  Likewise DHS Under Secretary for Cybersecurity Phyllis Schneck had a frank conversation with Symantec CTO Amit Mital on the private sector’s role in protecting critical infrastructure and what it means for DHS to be opening an office in Silicon Valley.  Aetna CISO Jim Routh jousted with Assistant Attorney General John Carlin on how the private sector has to defend itself against nation-state threats, while Mr. Carlin discussed the new ways the government is using prosecution to hold accountable individuals who attack US companies from abroad.

This topic – public-private discussion on cybersecurity issues – was not only a major theme throughout RSAC, but perhaps not surprisingly also spotlighted significant differences between the public sector who are creating policy and process in DC and the private sector on which it depends.

Overview of 2015 BeatTheBreach Event Hosted by Invincea & CSM Passcode

Internet of Things – Enormous Risks Ahead

IoT also came to the forefront throughout RSAC, with many fearing the train is far down the tracks without a conductor on board.

Gib Sorebo of Leidos framed the IoT security challenge well, stating we should assume that any connected device will be compromised at some point, and plan accordingly.  This is especially true in industries that don’t have decades of experience building connected devices and equipment, citing Amazon’s drone program as an example.  Of course, device manufacturers have a responsibility to engineer their products with possible attacks in mind, and can further limit risk by crafting those products in a purpose-built, locked-down way.  But Sorebo also called on end user organizations to define their policies regarding connected device use.  A defense-in-depth approach, blending the cyber and physical worlds, can further mitigate risk: “Physical overrides like the brakes in a car should be able to work independently of the network.”

Ed Skoudis, a SANS instructor, observed that even inexpensive devices such as locks, thermostats and toys are at risk.  Although a toy can’t let criminals into your house or turn off the heat, it could potentially harm a child.  Imagine if your own daughter or son were napping with a toy that was manipulated into generating excessive heat – a scary thought for many.

And then there’s IoT for DDoS.  (Buzzword bingo, indeed.)

The Pendulum Swings Back to the Endpoint

Last, it was impossible to miss the accelerating shift in focus back to the endpoint.  Just as the failure of traditional endpoint solutions to stop advanced attacks led to the rise of market-defining network solutions 5-7 years ago, now network solutions are showing their age.  CISOs are starting to view 2010-era network security offerings as somewhere between “useful but limited” and “unable to keep pace with current threats”.  At one private event I attended, 5 out of 5 CISOs said implementing advanced endpoint security solutions is a high priority in 2015.  With the prevalence of spear-phishing and other targeted attacks against users, not to mention the explosion of new threats like malvertising and crimeware-as-a-service, this renewed focus on endpoint is not surprising.

Two reasons enterprises are pivoting attention back to the endpoint is they’re simply tired of playing catch-up (think of FireEye’s often-quoted 205 days to breach detection) and their employees are highly mobile.  When business travelers are working from the airport, hotel or Starbucks, as they were at RSAC, their network security protection is blind to what they are doing online.  In contrast, next-generation endpoint solutions like Invincea are always protecting the user, and some are much more effective at actually blocking attacks than network products.

Although pessimism about being breached is extremely high across the industry, we’re also seeing more CISOs refuse to accept breaches as inevitable.  Instead, they’re looking at practical solutions to stop attacks at the moment of inception.  To help them, Invincea has laid out a strategy to turn the tide.

I would be remiss if I didn’t highlight our own new solution – Invincea Advanced Endpoint Protection 5 – as one of the driving forces in the next-generation endpoint protection market.  CSM Passcode explains how we’re combining the visibility and control of an endpoint solution with the intelligence of cloud analysis.

Finally, I want to close with thanks to my deeply talented marketing team, who organized a superb set of customer speaking engagements, executive presentations, and the highly regarded BeatTheBreach Town Hall.

We look forward to seeing you again next year in San Francisco!

Five Essential Takeaways from RSA Conference 2015

Leave a Reply

Your email address will not be published. Required fields are marked *