Last week marked the ever-expanding annual RSA Conference in San Francisco. Over 40,000 cybersecurity professionals came together to share stories and learn about the latest technology to stop hackers and cyber-criminals from getting their hands on an organizations’ crown jewels. From deception solutions to cloud security, the 2017 conference lived up to the hype. We even introduced our next generation automation and orchestration platform, with machine learning intelligence.
Here are three key takeaways from the 2017 RSA Conference.
Takeaway 1: The cybersecurity skills shortage struggle is real…
You’ve all heard the news of the impending cybersecurity skills shortage to the tune of 1.8 million open positions by 2022 and you may have thought it was just sensationalizing or an exaggeration, but you’d be wrong. Time and again we spoke with security professionals at our booth about how they don’t have the resources to be truly effective. A couple people mentioned the volume of incidents in their SOC are increasing as was their concern about not wanting to be the next headline-making organization because they missed an indication of breach or malware taking hold.
Many of the attendees we talked with who stopped by our booth wanted to learn about security automation and orchestration as a practical alternative to the cybersecurity skills shortage. Given the advancements in machine learning technology and growing acceptance of human-augmented decision support (or a human in the loop), cybersecurity incident response automation is emerging as a viable option for SOC teams at both enterprises and MSSPs.
Takeaway 2: An extensible cybersecurity platform is a must-have…
One of the most interesting themes from attendees we talked with was about needing an extensible platform. Gone are the days of a security product simply having the capability to work with other security tools and systems. Now, security professionals – from the top down to the end-users – need a platform that is fully integrated with the multiple, disparate tools leveraged to defend their organization against attacks from malware, ransomware, antivirus, malicious outsiders/insiders, endpoint protection, and the list goes on.
Attendees simply expected any platform on the market today to be integration ready out-of-the-box. Further, with the proliferation of cloud applications and organizations building in-house applications, the platform’s APIs should enable custom extensibility.
Takeaway 3: Semi-automated workflows are in high demand…
The concept of automated incident response is not new in the cybersecurity space. When the first generation security automation tools made it to market 20+ years ago, the maturity level of the technology was at a minimum. Horror stories abound of the inability of the then “state-of-the-art” technology to effectively decipher between legitimate alerts and false positives. Instead, every alert was deemed a real threat. The added inability to selectively shutdown infrastructure components involved in an incident only exacerbated the situation, dooming early hopes that security automation was viable. As you can imagine, or maybe even experienced first-hand, chaos ensued and the technology was abandoned.
Fast-forward to the 2017 RSA Conference and, having learned from past mistakes, a new chapter on security automation has begun. The automated cybersecurity incident response conversations at our booth focused on semi-automated workflow capabilities, where a human is in the loop (read: in control) at all times making decisions. Given the aforementioned cybersecurity skills shortage, semi-automation frees up significant time from dealing with increasing volumes of manual, error-prone tasks and helps to greatly reduce (and even possibly eliminate) false positives, allowing the operations team to focus on true security threats.
All in all, the 2017 RSA Conference lived up to the hype as the most talked about and most attended security conference of the year. We’re already making plans for the 2018 conference and can’t wait to talk cybersecurity incident response automation and orchestration throughout the coming year.
Follow us on Twitter and LinkedIn for the latest news and updates on other events we will be attending and/or presenting at. And, to learn more about the benefits of automating cybersecurity incident response, check out our free eBook below.