For cybersecurity software vendors, the RSA Conference is the perfect place to see the latest innovations while hands-on testing the value proposition of your solutions. You'll also gain valuable insights to enhance your short- and long-term roadmaps. To help vendors in this analysis process, here are my five key observations from RSAC. Each observation is accompanied by a recommendation that product managers can implement in their roadmaps.
Observation 1: The SASE revolution is full speed ahead
In 2024, the frenzy of SASE-related Security Services Edge (SSE) and SD-WAN partnerships has been replaced by a new frenzy of acquisitions, mergers and internal investments as vendors move to single-vendor SASE. As a result, at this year's RSAC, the number of single-vendor SASE providers in the industry increased from a handful to more than a dozen.
Additionally, a walk around the show floor revealed an evolving set of vendor types entering SASE. The latest notable moves are from content delivery network (CDN) providers (including the CDN divisions of the cloud computing giants) as well as specialists in multi-cloud networking (MCN), network as a service (NaaS), zero trust/ZT network access (ZTNA), and private 5G/WWAN. These new entrants bring new tools to the SASE toolbox, leading us to conclude that the breadth of SASE capabilities continues to expand beyond analysts' prescribed lists of SASE “must-have” capabilities.
In response, some SASE vendors have showcased enhanced capabilities such as email security, enterprise browsers, digital experience management (DEM), and extended threat detection and response (XDR).So far, however, other key systems such as identity and access management (IAM), endpoint protection, cloud workload protection, security information and event management (SIEM), and security orchestration, automation, and response (SOAR) have remained largely standalone.
Recommendation: First of all, all vendors, SASE or not, need a SASE strategy, said Mauricio Sanchez, senior director of enterprise security and networking at Dell'Oro. “SASE is not a trend. It's the future of enterprise connectivity and security.” [1]
With this in mind, they will either need to compete within the SASE space, fine-tune a valuable complementary role that allows them to coexist successfully with the major SASE platforms, or get acquired by them.
And for SASE vendors, as more types of vendors enter the space, it's useful to consider verticalization options and whether it makes sense to add new capabilities or partner with those vendors. For startups with SASE ambitions, these considerations are especially important, as is a realistic strategy for assembling a competitive global backbone of regional PoPs.
Observation 2: Security thinking is still too human-centric
Even though we all know how much of our network and security interactions are machine-to-machine (i.e. software-based) and the explosion of connected IoT/IIoT devices, the messaging at the RSAC booth was still surprisingly human-centric—perhaps because humans are the weakest link in cybersecurity, but maybe it's just that they're putting humans at the forefront because they're human.
For example, at RSAC 2017, Google announced its BeyondCorp zero trust initiative, with the mission to enable all Google employees to work successfully without a VPN, on any network in the world. As Heather Adkins likes to put it: “We're trying to run Google in Starbucks”. [2] So how did this impactful transformation begin? It started with extensive research into users – human users.
RSAC 2024 saw a broader focus than last year in the form of cyber-physical systems (IoT and IIoT devices), APIs, generative AI tools, etc. However, understanding, certification, approval and support remain. human Most conversations are still framed.
Why is this human-centrism important? Because we humans are already a minority of IT users, the growth of non-human users is on a hockey stick trajectory, and AI in particular is poised to take over many of the low-level human-computer interactions.
Recommendation: Vendors that haven’t done so already should make addressing nonhuman connectivity and security needs a key focus of their roadmap. One way to delve into nonhuman thinking is to: “Zero Trust” Terminology: Stephen Paul Marsh's 1994 doctoral thesis on trust systems for AI planning agents. [3]
Marsh's goal was to formalize trust so that it could be implemented mathematically, in software. Thinking about trust in this context is invaluable in breaking away from an overly human-centric way of thinking and better preparing the roadmap for the day when connectivity and security are dominated by AI agents that cooperate with each other to accomplish IT tasks. This also helps us think about the contextual and non-binary concept of trust that modern Zero Trust solutions should adhere to.
Observation 3: GenAI is the new BYOD gone wild
Another AI-related observation is that employees are liberally using GenAI tools and many are ignorant about AI quality and security issues. This observation was derived from conversations with conference participants about their own use of GenAI tools and their colleagues' use (supplemented by continuing conversations with friends and family after the conference).
These conversations have revealed that people of all backgrounds are experimenting with GenAI tools for both personal and professional purposes, including experimenting with use cases that the EU has deemed high-risk. And even within the tech industry, there is limited awareness of GenAI’s core autocomplete functionality and issues such as hallucinations, copyright and data leakage concerns, model collapse, and GIGO amplifying the impact of bad data.
The good news is that many vendors have used RSAC to release new security tools for GenAI tools, LLMs, and AI models in general, even if quality and reliability issues may require collaboration across cybersecurity disciplines.
Recommendation: Vendors that have not yet formed AI quality and security task teams should do so immediately to manage the integration of AI into their platforms as well as understand the scale and nature of AI use in their target markets. CISOs really need industry help to address the rapid adoption of AI tools by employees and contractors.
Observation 4: Deep Packet Inspection is in high demand
RSAC saw an increased demand for Deep Packet Inspection (DPI). This isn't a new technology, so why the sudden interest?
First, as Mauricio Sanchez of Dell'Oro said, SASE is the future of enterprise connectivity and security, with SASE platforms running all traffic (or nearly all traffic depending on edge configuration) through regional PoP gateways that decrypt and inspect it.
This is a security imperative given that the traditional network perimeter no longer exists and that the “network” as traditionally understood has shrunk, further reducing traditional monitoring opportunities. Zero Trust principles also mandate continuous monitoring and trust assessment. For these needs, no other monitoring and inspection methodology can match the granularity, depth, and accuracy of DPI performed on clear traffic.
Recommendation: Whatever your product, you need to collect and correlate traffic insights from as many sources as possible to ensure maximum security and observability and to support your AI/ML initiatives. And if you have a product that currently uses in-house, open source, or regular commercial DPI, now is a good time to benchmark performance and scaling against leading commercial products. If you want to compete and win in today's platform market, you need a DPI engine that can perform in harsh environments and deliver the deep insights needed to support continuous product innovation.
Observation 5: Threat detection and response is in high demand
We were also impressed with the number of AI-enhanced XDR innovations introduced this year and the interest from vendors who haven't traditionally built XDR capabilities into their solutions but are looking to enhance their threat detection, including Observability, SIEM/SOAR, and SASE vendors, the latter looking to extend their basic IDS capabilities.
Recommendation: If you haven't yet considered integrating XDR into your solution, now is a good time to do so. For many types of solutions, this is a natural way to strengthen their value proposition while better meeting the demands of Zero Trust. And, if you have a platform that doesn't yet include XDR, now is a good time to conduct an analysis of your internal and external developments in single-pass packet inspection strategies for DPI and threat detection.
I hope you find these RSAC lessons useful, and feel free to reach out if you'd like to exchange information about these topics or other aspects of your RSAC experience.
For more details on key announcements and updates from the recently concluded RSA Conference 2024, click here.
References
[1] www.delloro.com/news/sase-market-to-skyrocket-to-over-16-billion-by-2028/
[2] From youtube.com/watch?v=d90Ov6QM1jE
[3] Source:
