For cybersecurity software vendors, RSA Conference is terrific for checking out the latest innovations while ground-testing your solution’s value props. It can also yield valuable insights to strengthen short- and long-term roadmaps. To support this analytical process for vendors, below are my 5 top observations from RSAC, each accompanied by recommendations that product managers can implement in their roadmaps.
Observation 1: The SASE revolution charges full speed ahead
In 2024, the frenzy of SASE-related Security Service Edges (SSE) and SD-WAN partnerships ceded way to a new frenzy of acquisitions, mergers, and internal investments as vendors made the leap to single-vendor SASE. As a result, at this year’s RSAC, we saw the industry’s tiny number of single-vendor SASE providers swell by more than a dozen vendors.
In addition, a stroll of the exhibit floor showed that the types of vendors throwing their hats into the SASE ring has evolved. The latest high-profile moves are coming from Content Delivery Network (CDN) providers - including the CDN arms of the cloud computing giants - as well as forays by Multi-Cloud Networking (MCN), Network-as-a-Service (NaaS), Zero Trust/ZT Network Access (ZTNA), and Private 5G/WWAN specialists. These new entrants bring new tools to the SASE toolbox, which leads to a corollary observation: the breadth of SASE functions keeps expanding beyond analysts’ prescriptive lists of SASE ‘must-have’ capabilities.
Accordingly, some SASE vendors showcased extended functions like Email Security, Enterprise Browsers, Digital Experience Management (DEM), and Extended Threat Detection and Response (XDR). To date though, other major systems like Identity & Access Management (IAM), Endpoint Protection, Cloud Workload Protection, Security Information and Event Management (SIEM), and Security Orchestration, Automation, and Response (SOAR) have remained largely separate.
Recommendations: First and foremost, every vendor needs a SASE strategy, whether they are SASE or not. As Mauricio Sanchez, Senior Director, Enterprise Security and Networking, at Dell’Oro said: “SASE is not a trend; it’s the future of enterprise connectivity and security.” [1]
Keeping this in mind, one needs either to compete within the SASE space, or fine-tune a high-value, complementary role that will allow you to happily co-exist with the big SASE platforms - or be acquired by them.
And if you are a SASE vendor, as more types of vendors enter the space, it can be useful to reflect on verticalization options, and on how far it makes sense to go in adding new capabilities versus partnering for them. As for start-ups with SASE ambitions, these reflections are especially important, as is a realistic strategy for assembling a competitive global backbone of regional PoPs.
Observation 2: Security thinking is still too human-centric
Even though everyone is aware of how much of network and security interactions are machine-to-machine (i.e., software-based) and how explosive the growth has been in connected IoT/IIoT devices, booth-side messaging at RSAC was still strikingly human-centric. Perhaps this is because humans are the weakest link in cybersecurity, but it may be that we foreground humans simply because we’re human.
For example, at RSAC 2017, Google presented its BeyondCorp zero-trust initiative, which set as its mission to enable every Google employee to work successfully without a VPN on any network in the world, or as Heather Adkins liked to phrase it, ‘to see if we could run Google out of a Starbucks’. [2] And how did that influential transformation begin? By conducting an exhaustive inventory of users – human users.
At RSAC 2024, there was a wider focus than last year on non-human users in the form of cyber-physical systems (IoT and IIoT devices), APIs, Generative AI tools and the like. But understanding, authenticating, authorizing, supporting humans still framed most conversations.
Why does this human-centricity matter? Because we humans are already the minority IT users, and the growth in non-human users has a hockey stick trajectory, especially with AI poised to take over a lot of low-level human-computer interactions.
Recommendations: Vendors not already doing so should make attending to non-human connectivity and security needs an important roadmap focus. One way to dive into non-human thinking is to peruse the origin document for the “zero trust” term: a 1994 PhD dissertation by Stephen Paul Marsh on trust systems for AI planning agents. [3]
Marsh’s goal was to formalize trust so it could be implemented mathematically, and hence in software. Thinking about trust in this context can be very beneficial in breaking through overly human-centric thinking, and better preparing roadmaps for the day when connectivity and security are dominated by AI agents collaborating with each other to accomplish IT tasks. It is also useful for reflecting on the contextual and non-binary conception of trust to which contemporary Zero Trust solutions should adhere.
Observation 3: GenAI is the new runaway BYOD
Another observation also related to AI is that employees are running wild with Generative AI tools, and most are naïve about AI quality and security issues. This observation is one drawn from conversations with conference attendees about their own use of GenAI tools and that of their co-workers (and supplemented post-conference by continuing the conversation with friends and family).
The results of these conversations were that people of all backgrounds are experimenting with GenAI tools for both personal and work purposes - including experimentation in use cases the EU has deemed high risk. And even within the IT industry, there is limited awareness of GenAI’s core auto-complete nature and issues like hallucination, copyright and data leakage issues, model collapse, GIGO amplification of bad data impacts, etc.
Encouragingly, however, a number of vendors used RSAC to launch new security tools for GenAI tools and LLMs and AI models in general, even if some quality and reliability issues require collaboration beyond the cybersecurity arena.
Recommendations: Any vendors that have not done so need to form AI quality and security task teams ASAP to manage their own integrations of AI in their platforms as well as understanding the scale and nature of AI use in their target markets. CISOs really need the industry’s help in addressing the exponential adoption of AI tools by employees and contractors.
Observation 4: Demand for deep packet inspection is high
Deep packet inspection (DPI) was in high demand at RSAC. It’s not a new technology, so why the sudden increased interest?
For one, as Dell’Oro’s Mauricio Sanchez stated, SASE is the future of enterprise connectivity and security, and SASE platforms run all traffic through regional PoP gateways for decryption and inspection (or nearly all traffic depending on edge configuration).
This is a security necessity given the absence of traditional network perimeters, and the fact that ‘networks’ as traditionally understood are shrinking, further reducing opportunities for conventional monitoring. Zero trust principles also mandate continuous monitoring and trust evaluation. For these needs, no alternative monitoring and inspection methods can match the granularity, depth and accuracy of DPI run on clear traffic.
Recommendations: No matter what your product, for maximum security and observability – and to support AI/ML initiatives, you should gather and correlate traffic insights from as many sources as possible. And if you have a product that currently uses in-house, open source, or regular commercial DPI, now is a good time to perform performance and scaling benchmarking against a top tier commercial product. If you want to compete successfully in today’s platform market, you must have a DPI engine that can thrive in extreme environments and provide the deep insights needed to support continuous product innovation.
Observation 5: Demand for threat detection and response is high
I was also struck this year by the number of impressive, AI-enhanced XDR innovations showcased, and the interest shown by vendors that have not traditionally included XDR capabilities in their solutions but are now looking at enhancing threat detection. These included Observability, SIEM/SOAR, and SASE vendors (the latter wanting to extend basic IDS capabilities).
Recommendations: If you haven’t yet explored integrating XDR into your solution, now is a good time to do so. For many types of solutions, it is a natural way to enhance your value proposition while better meeting zero trust demands. And if you have a platform that does not yet include XDR, it’s a good time to conduct an analysis of in-house versus sourced development of a single-pass packet inspection strategy for DPI and threat detection.
I hope you have found these RSAC takeaways helpful. If you want to exchange notes on these topics or others from your RSAC experience, feel free to reach out to me.
Read more about key announcements and updates from the recently-concluded RSA Conference 2024 here.
References
[1] www.delloro.com/news/sase-market-to-skyrocket-to-over-16-billion-by-2028/
[2] www.youtube.com/watch?v=d90Ov6QM1jE
[3] www.cs.stir.ac.uk/~kjt/techreps/pdf/TR133.pdf
