Macro-thoughts on #RSA2016: A Cambrian Explosion of Security Analytics

As I walked the floor of RSA this year, the first thought that hit me (and I am sure it hit anyone who ventured into Moscone North & South) was: We have achieved security startup saturation. There are 5, 10, 20+ startups in each of the Endpoint Protection, Insider Threat Management, ThrRSAConference2016eat Intelligence, Security Analytics and other segments of the security landscape. It’s pretty clear that customers and the market are searching for a new paradigm to supercede the traditional Firewall + SIEM + Anti-Virus model that has existed for the last couple of decades.

This explosion in vendors and startups has been viewed negatively by many industry observers given the current funding environment but I view it differently. I think this is a healthy cambrian explosion of new security technologies, methodologies and models – it creates a broad array of choices for customers who are searching for solutions to their very real cybersecurity problems. In the grand American (and Silicon Valley) tradition, the market is going to decide which approaches matter the most. Unfortunately this will likely result in a grand consolidation of the market – I predict that half of the startup vendors presenting on the floor this year will not be here in 2 years from now either due to being consolidated into larger platforms or inability to capture customers’ wallets.

For customers who are fighting their way through this plethora of options, they should not only identify the best technology that will help them solve their security problems, but also look to vendors who:

  • Deliver the solutions promised in the marketing: Not only validate that the technology is real but that the vendors are able to implement it in a professional and wholistic way that is integrated into the customer’s overall security infrastructure. Also make sure that the vendor is financially viable to be around for the long haul with minimal disruption from the current (and future) venture funding environment volatility.
  • Have an architectural approach that is “integratable” into other Security Systems of Record (SSoRs): What is the vendor using for a data layer? Hadoop? ELK? Proprietary stack? Is it designed with Restful APIs throughout? Vendors using common architectural approaches will be easier to consume and integrate into a modern security architectur. Do vendors have integrations with the popular current and future tools in the market? How responsive are they willing to be in developing an integration for that obscure vendor you have your system?

Another consideration that many customers will have to make as they plan and build out their next-generation analytical infrastructure is choosing which 2-3 platforms will be their foundational analytic and remediation platforms. Most of the solutions I saw at RSA are leveraging data from many different systems and performing some kind of analytics on it. Customers will have to decide which analytic platform makes the most sense as their “central repository” and make sure their other vendors port unique and valuable data into that platform. Thinking about which systems can be the central Panes of Glass is critical for building out a wholistic cybersecurity analytics platfom.

The last observation I have about the RSA Conference this year is that Cloud Security is growing in importance. It’s pretty clear that securing cloud computing at an industrial level is a new frontier that needs to figured out quickly. Microservices Architecture (MSA) is an area that appears to be bubbling up quickly based on some large, early adopter customer commentary.

It will be interesting to watch the Security market sort itself out, which will happen sooner rather than later given the current venture market funding dynamics. Many vendors will be acquired over the next 24 months but some will find that they have the right solution for the market and grow their way into prominence. Good luck to everyone in the market.

Leave a Reply

Your email address will not be published. Required fields are marked *