RSAC 2019: Trustworthiness, SIEM, CISO Survival
Each year I, along with tens of thousands of others, have converged for the RSA Conference – this year in the on Moscone Convention Center. The conference offers collaboration, inspiration and the opportunity to gain a better understanding into the latest trends and solutions in security. It is vital for executives like me to continually learn about recent security updates that have a bearing on our daily efforts to stem the tide of threats in the current landscape.
There has been much to see and take in, but at least three critical themes have emerged:
- The importance of trustworthiness
- SIEM (is not dead)
- CISO survival
Each topic bears relevance for our clients who are concerned about the security of their organizations, whether on-prem or in the cloud.
The Importance of Trustworthiness
Zero Trust had been the moniker of choice at last year's event - 'never trust but always verify.' However, according to RSA Chief Rohit Ghai, Zero Trust, while a noble aim, has proven to impede the fight to defend against the proliferation of malicious actors. He proposed new models of trustworthiness based on reputation and a better pairing of machines with humans for better decisions.
Machines have no moral compass and require humans to provide context for better decisions to mitigate threats and build a trust-enabled world. Similarly, the Crypto Panel echoed the theme of trust inherent in advancements in the field of cryptography towards a trust-enabled world.
SIEM (is not dead)
My visit to the expo floor revealed that SIEM is not dead. For example, Alert Logic who postitions SIEM as an ability to allow them to complete analytics and the complex work, so the client is free to focus on their priorities is a great example of how SIEM is evolving. In addition, the big three cloud providers have also formally entered the SIEM fray . A collective of rebranded, next-generation solution providers tout cloud-ready capabilities that include accelerated incident response, user and entity behavioral analysis (UEBA), zero trust principles, and security data lakes.
Add cloud security and access brokers (CASB) to this list, and it becomes clear that SIEMs are not dead, as vendors continue to innovate in this space. SIEMs, for better or worse, remain the focus of vendors and upstarts to help end users manage exponential surges in attacks and alert fatigue.
The challenges that CISOs face continues to mount, leading a former colleague and I to conclude, "Solutions are better, but the work to defend is harder." SIEMs and tooling abound on the expo floor, but the sheer volume of vendors has not translated into CISOs success. This year's conference is replete with aids, boot camps and collateral to help CISOs survive. The messaging of RSAC 2019 to CISOs seems clear: we understand your pain and this year's programming reflects this sentiment.
We witnessed the intersection of policy and cybersecurity at this year's event on several levels. One of note involved Adi Shamir, co-founder of RSA and the 'S' in RSA, who was denied entrance into the US due to VISA issues tied to current immigration policies, decried by all in attendance. Professor Shamir's video sentiments regarding his plight served as a sobering reminder that the advancement of our field cannot be fought in silos and requires our collective work (technology, policy, education) to succeed.