Article

Guarantees, Endpoints and K & R: What I learned at RSA 2017

After staring at my suitcase in the corner for several days, I decided to unpack my luggage as well as my thoughts from a week at the 2017 RSA Conference. Spending time with 43,000 of my closest friends – a record setting number of attendees – I was once again struck by how slowly things change in a fast-paced world.  My takeaways, in no particular order:

We’re still talking about… Here’s where you can fill in the topic of your choice. If you talked about it in 2016, we were still talking about it at RSA 2017. Very few, if any, cybersecurity issues have been solved in the past 12 months. There is one significant year-over-year difference: a deeper sense of frustration and a greater sense of urgency that “something” must change in 2017 due to the ever increasing number and severity of cyberattacks. What that “something” is is TBD.

Lessons from Kidnappers. There was an odd buzz around RSA regarding the growth of ransomware and how to defeat the data-nappers. Holding data hostage is becoming a cottage industry (more like a McMansion industry) just as Kidnapping & Ransom (K & R) is in certain countries. A number of cyber experts speaking on the topic at RSA 2017 believe there are lessons to be learned from K & R pros, ranging from insurance to defensive measures.

Show me the money! Where there are start-ups and emerging tech, there are investors. The trend this year seemed to follow a key customer trend: Simple is better. Tech that is easy to install and use that reduces complexity for security teams got plenty of attention from everyone. Complex, performance degrading solutions didn’t.

End of the road. What also didn’t get plenty of attention was endpoint protection. With more than 200 endpoint security vendors, investors and customers alike grumbled that there were too many vendors who offered too many “me too” products. More than one speaker predicted in a Game of Thrones-like manner that “Consolidation is coming.”

Show me the money, Part II. Cybersecurity guru Jeremiah Grossman continued his crusade to improve security outcomes by challenging RSA attendees to ask vendors if they offer a product guarantee. Grossman has identified that six companies have now answered the call. (Full disclosure – Waratek launched our $10,000 No False Positives Guarantee at RSA.)

Best of Show. UnifyID, which bills itself as the first holistic implicit authentication platform designed for online and offline use, won the RSA 2017 Innovation Sandbox Award.

Best of Show, Part II. In a sea of vendor exhibits with elaborate multi-story structures, see-through television screens and open bars, one small company stood out for the simplicity and appropriateness of their tchotchke: a tinfoil hat.


Author:

James E. Lee is Executive Vice President of US-based Waratek Inc. He spent the week at RSA 2017 so you didn’t have to go.  Contact James to learn more about Waratek’s No False Positives Guarantee at [email protected]

Related resources

Ready to scale Security with modern software development?

Work with us to accelerate your adoption of Security-as-Code to deliver application security at scale.